Snyk

ci: Workflow Updates #74

Workflow file for this run

	name: Snyk

	on:
	merge_group:
	# pull_request_target:
	pull_request: # TODO
	types:
	- opened
	- synchronize
	push:
	branches:
	- main
	schedule:
	- cron: "30 0 1,15 * *"

	permissions:
	contents: read

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

	jobs:
	# authorize: # TODO
	# name: Authorize
	# environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' \|\| 'internal' }}
	# runs-on: ubuntu-latest
	# steps:
	# - run: true

	configure:
	name: Configure
	# needs: [authorize] # TODO
	runs-on: ubuntu-latest

	outputs:
	matrix: ${{ steps.set-matrix.outputs.matrix }}

	steps:
	- uses: actions/checkout@v4
	# with:
	# ref: ${{ github.event.pull_request.merge_commit_sha \|\| github.ref }} # TODO

	- id: set-matrix
	run: echo "matrix=$(jq -c . < ./.github/workflows/matrix.json)" >> $GITHUB_OUTPUT

	check:
	needs: [configure]

	name: Check for Vulnerabilities
	runs-on: ubuntu-latest

	steps:
	- if: github.actor == 'dependabot[bot]' \|\| github.event_name == 'merge_group'
	run: exit 0

	- uses: actions/checkout@v4
	# with:
	# ref: ${{ github.event.pull_request.merge_commit_sha \|\| github.ref }} # TODO

	- uses: ./.github/actions/setup
	with:
	php: ${{ fromJson(needs.configure.outputs.matrix.include[0].php) }}

	- run: npm install snyk -g

	- if: github.ref == 'refs/heads/main'
	run: snyk monitor --file=composer.lock
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	continue-on-error: true

	- run: snyk test --file=composer.lock
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: Workflow Updates #74

Workflow file

ci: Workflow Updates #74

Jobs

Run details

Workflow file for this run