Skip to content

Provide DT_CHANGE_BRANCH in the build script #318

Provide DT_CHANGE_BRANCH in the build script

Provide DT_CHANGE_BRANCH in the build script #318

Workflow file for this run

name: Snyk Security Vulnerability Scan
on:
workflow_dispatch:
pull_request:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
branches:
- 'main'
jobs:
snyk_scan_test:
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: snyk/actions/setup@master
- uses: actions/setup-python@v4
with:
python-version: '3.8'
- name: Check changed Deps files
uses: tj-actions/changed-files@v35
id: changed-files
with:
files: |
**/requirements*.txt
- name: Snyk scan for Python dependencies
if: steps.changed-files.outputs.any_changed == 'true'
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
python3 -m pip install -r $file
snyk test --command=python3 --package-manager=pip --file=$file -d --skip-unresolved
done
snyk_scan_monitor:
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest
steps:
- name: Extract github branch/tag name
shell: bash
run: echo "ref=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
id: extract_ref
- uses: actions/checkout@master
- uses: snyk/actions/setup@master
- uses: actions/setup-python@v4
with:
python-version: '3.8'
- name: Snyk scan for Python dependencies
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
for file in requirements*.txt; do
python3 -m pip install -r $file
snyk monitor --command=python3 --skip-unresolved --org=py_data_table --remote-repo-url=datatable/${{ steps.extract_ref.outputs.ref }} --package-manager=pip --file=$file --project-name=PY-DATA-TABLE/datatable/${{ steps.extract_ref.outputs.ref }}/$file -d --fail-on=all
done