# Copyright 2020-2021 Signal Messenger, LLC
# SPDX-License-Identifier: AGPL-3.0-only

name: Snyk

on:
  schedule:
    - cron:  '0 12 * * *'

jobs:
  snyk:
    runs-on: ubuntu-latest
    if: github.repository != 'signalapp/Signal-Desktop'

    steps:
    - run: lsb_release -a
    - run: uname -a
    - uses: actions/checkout@v1
    - uses: actions/setup-node@v1
      with:
        node-version: '12.18.3'
    - run: npm install -g yarn@1.22.0
    - run: npm install -g snyk@1.316.1

    - run: yarn install --frozen-lockfile
    - run: snyk auth "$SNYK_TOKEN"
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
    - run: snyk test --show-vulnerable-paths=all