Skip to content

3.46.0.1 changelog (#5715) #982

3.46.0.1 changelog (#5715)

3.46.0.1 changelog (#5715) #982

Workflow file for this run

name: Snyk Security Vulnerability Scan
on:
pull_request:
push:
tags:
- 'RELEASE-[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+'
branches:
- 'master'
jobs:
snyk_scan_test:
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
with:
fetch-depth: 0 # To fetch all commits history on branch (Refer: https://github.com/tj-actions/changed-files#usage)
- name: Check changed Deps files
uses: tj-actions/changed-files@v35
id: changed-files
with:
files: |
**/build.gradle
- uses: snyk/actions/setup@master
- uses: actions/setup-java@v3
with:
java-version: "8"
distribution: 'adopt'
- name: Snyk scan for Java dependencies
if: steps.changed-files.outputs.any_changed == 'true'
run: snyk test --all-projects -d --fail-on=all --configuration-matching='^\(compile\|runtime\)'
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
snyk_scan_monitor:
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Extract github branch/tag name
shell: bash
run: echo "ref=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
id: extract_ref
- uses: snyk/actions/setup@master
- uses: actions/setup-java@v3
with:
java-version: "8"
distribution: 'adopt'
- name: Snyk scan for Java dependencies
run: |
for file in $(find . -name "build.gradle"); do
file=${file:2}
echo ""
echo "##### SCAN $file START #####"
echo ""
snyk monitor \
--org=sparkling-water \
--remote-repo-url=sparkling-water/${{ steps.extract_ref.outputs.ref }} \
--file=$file \
--project-name=SPARKLING-WATER/sparkling-water/${{ steps.extract_ref.outputs.ref }}/$file \
--configuration-matching='^\(compile\|runtime\)' -d
echo "##### SCAN $file END #####"
done
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}