fix nightlies

OpenMined · May 14, 2024 · b77f4a6 · b77f4a6
1 parent 221986c
commit b77f4a6
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
@@ -297,7 +297,14 @@ jobs:
           # This is where you will need to introduce the Snyk API token created with your Snyk account
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
+      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+      - name: Post-process sarif output
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
         # Push the Snyk Code results into GitHub Code Scanning tab
+
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v3
         with:
@@ -376,6 +383,14 @@ jobs:
           # This is where you will need to introduce the Snyk API token created with your Snyk account
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
+      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+      - name: Post-process sarif output
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
+        # Push the Snyk Code results into GitHub Code Scanning tab
+
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v3

diff --git a/.github/workflows/pr-tests-stack-public.yml b/.github/workflows/pr-tests-stack-public.yml
@@ -18,7 +18,8 @@ jobs:
     strategy:
       max-parallel: 99
       matrix:
-        os: [ubuntu-latest, macos-latest, windows]
+        # issues with macos 14 arm https://github.com/crazy-max/ghaction-setup-docker/pull/53
+        os: [ubuntu-latest, macos-13, windows]
         python-version: ["3.12"]
         pytest-modules: ["frontend network"]
       fail-fast: false
@@ -117,11 +118,11 @@ jobs:
           chmod +x ~/.docker/cli-plugins/docker-compose
 
       - name: Docker on MacOS
-        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
-        uses: crazy-max/ghaction-setup-docker@v3.1.0
+        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
+        uses: crazy-max/ghaction-setup-docker@v3.2.0
 
       - name: Docker Compose on MacOS
-        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
+        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
         shell: bash
         run: |
           brew install docker-compose