From 7f7db415f9b2eb53306cc63bc4dffa26ab35341a Mon Sep 17 00:00:00 2001 From: Enriqueta De Leon Date: Fri, 4 Aug 2023 16:11:41 -0700 Subject: [PATCH] Update repolinter.yml --- .github/workflows/repolinter.yml | 37 +++++++++----------------------- 1 file changed, 10 insertions(+), 27 deletions(-) diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml index 36e3331..f79962d 100644 --- a/.github/workflows/repolinter.yml +++ b/.github/workflows/repolinter.yml @@ -1,31 +1,14 @@ -# NOTE: This file should always be named `repolinter.yml` to allow -# workflow_dispatch to work properly -name: Repolinter Action - -# NOTE: This workflow will ONLY check the default branch! -# Currently there is no elegant way to specify the default -# branch in the event filtering, so branches are instead -# filtered in the "Test Default Branch" step. -on: [push, workflow_dispatch] - +name: Snyk Dependency Scan +on: + workflow_dispatch: jobs: - repolint: - name: Run Repolinter + security: runs-on: ubuntu-latest steps: - - name: Test Default Branch - id: default-branch - uses: actions/github-script@v6 + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/gradle@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - script: | - const data = await github.rest.repos.get(context.repo) - return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0] - - name: Checkout Self - if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: actions/checkout@v3 - - name: Run Repolinter - if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: newrelic/repolinter-action@v1 - with: - config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml - output_type: issue + args: --severity-threshold=high --all-sub-projects