Skip to content

bump tj-actions/changed-files from 35 to 41 in /.github/workflows in the github_actions group across 1 directory #17

bump tj-actions/changed-files from 35 to 41 in /.github/workflows in the github_actions group across 1 directory

bump tj-actions/changed-files from 35 to 41 in /.github/workflows in the github_actions group across 1 directory #17

Workflow file for this run

name: Snyk Security Vulnerability Scan
on:
workflow_dispatch:
pull_request:
push:
branches:
- master
jobs:
snyk_scan_test:
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
with:
fetch-depth: 0 # To fetch all commits history on branch (Refer: https://github.com/tj-actions/changed-files#usage)
- name: Check changed Deps files
uses: tj-actions/changed-files@v41
id: changed-files
with:
files: |
h2o-java-droplet/build.gradle
h2o-java-droplet/gradle.properties
- uses: snyk/actions/setup@master
- uses: actions/setup-java@v3
with:
java-version: '8'
distribution: 'adopt'
- name: Snyk scan for Java dependencies
if: steps.changed-files.outputs.any_changed == 'true'
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
snyk test \
--file=h2o-java-droplet/build.gradle \
-d \
--fail-on=all \
--package-manager=gradle \
--print-deps \
--configuration-matching='^\(compile\|runtime\)'
snyk_scan_monitor:
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Extract github branch/tag name
shell: bash
run: echo "ref=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
id: extract_ref
- uses: snyk/actions/setup@master
- uses: actions/setup-java@v3
with:
java-version: '8'
distribution: 'adopt'
- name: Snyk scan for Java dependencies
run: |
for file in $(find . -name "build.gradle"); do
file=${file:2}
snyk monitor \
--org=h2o-3 \
--remote-repo-url=h2o-droplets/${{ steps.extract_ref.outputs.ref }} \
--file=$file \
--project-name=H2O-3/h2o-droplets/${{ steps.extract_ref.outputs.ref }}/$file \
-d \
--print-deps \
--configuration-matching='^\(compile\|runtime\)'
done
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}