signal-desktop/.github/workflows/snyk.yml

29 lines
666 B
YAML
Raw Normal View History

2021-01-22 18:17:15 +00:00
# Copyright 2020-2021 Signal Messenger, LLC
2020-10-30 20:34:04 +00:00
# SPDX-License-Identifier: AGPL-3.0-only
2020-05-05 21:18:27 +00:00
name: Snyk
on:
schedule:
- cron: '0 12 * * *'
2020-05-05 21:18:27 +00:00
jobs:
snyk:
runs-on: ubuntu-latest
if: github.repository != 'signalapp/Signal-Desktop'
steps:
- run: lsb_release -a
- run: uname -a
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
2020-05-05 21:18:27 +00:00
with:
2021-04-03 00:29:14 +00:00
node-version: '14.16.0'
2020-05-05 21:18:27 +00:00
- run: npm install -g yarn@1.22.0
- run: npm install -g snyk@1.316.1
- run: yarn install --frozen-lockfile
- run: snyk auth "$SNYK_TOKEN"
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- run: snyk test --show-vulnerable-paths=all