test: stabilize remaining 'cypress.config.js file change' Windows CI flakes #16629
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snyk Software Composition Analysis Scan | |
| # This git workflow leverages Snyk actions to perform a Software Composition | |
| # Analysis scan on our Opensource libraries upon Pull Requests to the | |
| # "develop" branch. We use this as a control to prevent vulnerable packages | |
| # from being introduced into the codebase. | |
| # Enhancements were made to this action to build the yarn packages to reduce | |
| # Snyk scan errors that were complaining about the yarn.locks etc. Also | |
| # implemented PAT token for actions to resolve an issue with the action not | |
| # running and reporting back to the PR status checks | |
| on: | |
| pull_request: | |
| branches: | |
| - develop | |
| - release/* | |
| pull_request_target: | |
| branches: | |
| - develop | |
| - release/* | |
| permissions: | |
| contents: read | |
| jobs: | |
| Snyk_SCA_Scan: | |
| runs-on: ubuntu-latest | |
| # Route each PR to exactly one event: internal -> pull_request, fork -> pull_request_target. | |
| if: | | |
| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) || | |
| (github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository) | |
| environment: ${{ github.event_name == 'pull_request_target' && 'fork-pr-review' || '' }} | |
| strategy: | |
| matrix: | |
| node-version: [22.x] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: 22 | |
| # Cache only on pull_request (internal PRs) — pull_request_target writes scope to the base branch and could be poisoned by an approved fork PR. | |
| cache: ${{ github.event_name == 'pull_request' && 'yarn' || '' }} | |
| - name: Run yarn | |
| run: yarn | |
| - name: Run build | |
| run: yarn build | |
| - name: Installing snyk-delta and dependencies | |
| run: npm i -g snyk-delta | |
| - uses: snyk/actions/setup@master | |
| - name: Perform SCA Scan | |
| continue-on-error: false | |
| run: | | |
| snyk test --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=.nx,system-tests,tooling,docker,Dockerfile --severity-threshold=critical --org=cypress-opensource | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| SNYK_API: https://api.snyk.io |