diff --git a/.github/workflows/snyk-pr.yml b/.github/workflows/snyk-pr.yml new file mode 100644 index 000000000..bd14be967 --- /dev/null +++ b/.github/workflows/snyk-pr.yml @@ -0,0 +1,22 @@ +name: Run Snyk scan on PRs + +on: + pull_request: + branches: + - master** + +jobs: + scan-for-new-issues: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + with: + path: mqtt-cli + + - name: Check for new issues + uses: hivemq/hivemq-snyk-composite-action@v1 + with: + snyk-args: --configuration-matching=^runtimeClasspath$ mqtt-cli + snyk-token: ${{ secrets.SNYK_TOKEN }} + snyk-baseline-project-id: ${{ secrets.SNYK_PROJECT_ID_MASTER }} diff --git a/.github/workflows/snyk-push.yml b/.github/workflows/snyk-push.yml new file mode 100644 index 000000000..97a9afb6b --- /dev/null +++ b/.github/workflows/snyk-push.yml @@ -0,0 +1,23 @@ +name: Run Snyk monitor on push + +on: + push: + branches: + - master** + +jobs: + run-snyk-monitor: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + with: + path: mqtt-cli + + - name: Run Snyk monitor + uses: snyk/actions/gradle-jdk11@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: monitor + args: --configuration-matching=^runtimeClasspath$ --target-reference=${{ github.ref_name }} mqtt-cli diff --git a/.github/workflows/snyk-release.yml b/.github/workflows/snyk-release.yml new file mode 100644 index 000000000..6e3cc9d5a --- /dev/null +++ b/.github/workflows/snyk-release.yml @@ -0,0 +1,23 @@ +name: Run Snyk monitor on releases + +on: + release: + types: [ published ] + +jobs: + run-snyk-monitor: + runs-on: ubuntu-latest + environment: snyk-monitor-releases + + steps: + - uses: actions/checkout@v3 + with: + path: mqtt-cli + + - name: Run Snyk monitor + uses: snyk/actions/gradle-jdk11@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: monitor + args: --configuration-matching=^runtimeClasspath$ --target-reference=${{ github.ref_name }} mqtt-cli