From 0a45e6217fb2231cc804f5cf8749a55f1a0ce7f8 Mon Sep 17 00:00:00 2001 From: Yonathan Mengesha Date: Tue, 15 Oct 2024 04:21:58 +0200 Subject: [PATCH] Test sarif format upload --- .github/workflows/snyk-test.yml | 54 +++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/snyk-test.yml diff --git a/.github/workflows/snyk-test.yml b/.github/workflows/snyk-test.yml new file mode 100644 index 0000000..605c688 --- /dev/null +++ b/.github/workflows/snyk-test.yml @@ -0,0 +1,54 @@ +name: Run Snyk test on push + +on: + push: + branches: + - master** + - sarif-output + +jobs: + run-snyk-test: + runs-on: ubuntu-latest + permissions: + security-events: write + + steps: + - name: Setup Java + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 + with: + distribution: 'temurin' + java-version: | + 8 + 11 + + - uses: hivemq/hivemq-checkout-composite-action@db2d49f686c47a1eca28b7722bc3425c0d0e5101 # v1 + with: + path: hivemq-azure-cluster-discovery-extension + ref: ${{ github.ref_name }}} + token: ${{ secrets.JENKINS_GITHUB_TOKEN }} + + - uses: hivemq/hivemq-checkout-composite-action@db2d49f686c47a1eca28b7722bc3425c0d0e5101 # v1 + with: + repository: hivemq/hivemq-extension-sdk + path: hivemq-extension-sdk + ref: ${{ github.ref_name }}} + token: ${{ secrets.JENKINS_GITHUB_TOKEN }} + + - name: Setup Snyk + uses: snyk/actions/setup@master + + - name: Run Snyk test + shell: bash + run: > + snyk test --configuration-matching=^runtimeClasspath$ --org=hivemqgmbhnxlfpb2wza --sarif-file-output=sarif-output -d hivemq-azure-cluster-discovery-extension + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + ORG_GRADLE_PROJECT_hivemqCommonsUsername: ${{ secrets.JENKINS_GITHUB_USERNAME }} + ORG_GRADLE_PROJECT_hivemqCommonsPassword: ${{ secrets.JENKINS_GITHUB_TOKEN }} + + - name: Upload sarif output + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: sarif-output + category: snyk-cve-scan +