Update Github Actions to perform appropriate tests for build and release

bgarlow · Apr 12, 2024 · 7c66caf · 7c66caf
1 parent 549ccb0
commit 7c66caf
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/.github/workflows/scan-publish-docker.yml b/.github/workflows/scan-publish-docker.yml
@@ -21,7 +21,9 @@ jobs:
         with:
           args: |
              --severity-threshold=medium
-
+             --fail-on=upgradable
+          command:
+              container test
       - name: Log in to Docker Hub
         uses: docker/login-action@v3
         with:

diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
@@ -1,4 +1,4 @@
-name: Run Snyk test on push to repo
+name: Run Snyk Open Source and Code on push to repo
 on: push
 jobs:
   # Run snyk test on application files
@@ -12,7 +12,7 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
+      - name: Run Snyk to check for open source vulnerabilities & license issues
         uses: snyk/actions/node@master
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
@@ -24,4 +24,12 @@ jobs:
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v2
         with:
-            sarif_file: snyk.sarif
+            sarif_file: snyk.sarif
+      - name: Run Snyk Code Test for SCA
+        uses: snyk/actions/node@master
+        continue-on-error: true # DEMO: don't break the build for the demo
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high
+          command: code test