Skip to content

Sync Snyk GitHub issues #277

Sync Snyk GitHub issues

Sync Snyk GitHub issues #277

name: Sync Snyk GitHub issues
on:
workflow_dispatch:
schedule:
- cron: '0 */4 * * *'
jobs:
sync:
if: github.repository == 'backstage/backstage' # prevent running on forks
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Use Node.js 20.x
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version: 20.x
registry-url: https://registry.npmjs.org/ # Needed for auth
- name: yarn install
uses: backstage/actions/yarn-install@25145dd4117d50e1da9330e9ed2893bc6b75373e # v0.6.15
with:
cache-prefix: ${{ runner.os }}-v20.x
- name: Create Snyk report
uses: snyk/actions/node@cdb760004ba9ea4d525f2e043745dfe85bb9077e # master
continue-on-error: true # Snyk CLI exits with error when vulnerabilities are found
with:
args: >
--yarn-workspaces
--org=backstage-dgh
--strict-out-of-sync=false
--json-file-output=snyk.json
--debug
json: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
NODE_OPTIONS: --max-old-space-size=7168
- name: Update Github issues
run: ./scripts/snyk-github-issue-sync.ts
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}