Skip to content

Sync Snyk GitHub issues #360

Sync Snyk GitHub issues

Sync Snyk GitHub issues #360

name: Sync Snyk GitHub issues
on:
workflow_dispatch:
schedule:
- cron: '0 */4 * * *'
jobs:
sync:
if: github.repository == 'backstage/backstage' # prevent running on forks
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
egress-policy: audit
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Use Node.js 22.x
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: 22.x
registry-url: https://registry.npmjs.org/ # Needed for auth
- name: yarn install
uses: backstage/actions/yarn-install@a3895cac2a515224a101c4a2b962b216ed0c9ac8 # v0.7.5
with:
cache-prefix: ${{ runner.os }}-v22.x
- name: Create Snyk report
uses: snyk/actions/node@9adf32b1121593767fc3c057af55b55db032dc04 # master
continue-on-error: true # Snyk CLI exits with error when vulnerabilities are found
with:
args: >
--yarn-workspaces
--org=backstage-dgh
--strict-out-of-sync=false
--json-file-output=snyk.json
--debug
json: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
NODE_OPTIONS: --max-old-space-size=7168
- name: Update Github issues
run: ./scripts/snyk-github-issue-sync.ts
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}