From e676889f60a8b0491bbc6d44d05800169869356d Mon Sep 17 00:00:00 2001 From: Aziz Berkay Yesilyurt Date: Tue, 14 May 2024 13:36:55 +0200 Subject: [PATCH] fix nightlies --- .github/workflows/container-scan.yml | 71 +++++++++++---------- .github/workflows/pr-tests-stack-public.yml | 9 +-- 2 files changed, 41 insertions(+), 39 deletions(-) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index f7b5df009ae..e1ca89e899c 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -275,29 +275,30 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up Snyk CLI to check for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the SAST issues to GitHub Code Scanning - uses: snyk/actions/setup@master - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: Snyk auth - shell: bash - run: snyk config set api=$SNYK_TOKEN - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Snyk Container test + uses: snyk/actions/docker@master continue-on-error: true - shell: bash - run: snyk container test mongo:7.0.0 --sarif --sarif-file-output=snyk-code.sarif env: # This is where you will need to introduce the Snyk API token created with your Snyk account SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: mongo:7.0.0 + args: --sarif-file-output=snyk-code.sarif + + # Replace any "undefined" security severity values with 0. The undefined value is used in the case + # of license-related findings, which do not do not indicate a security vulnerability. + # See https://github.com/github/codeql-action/issues/2187 for more context. + - name: Post-process sarif output + run: | + sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif + + # Replace any "null" security severity values with 0. The undefined value is used in the case + # the NVD CVSS Score is not available. + # See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context. + - name: Post-process sarif output for security severities set to "null" + run: | + sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif - # Push the Snyk Code results into GitHub Code Scanning tab - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: @@ -352,29 +353,29 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Set up Snyk CLI to check for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the SAST issues to GitHub Code Scanning - uses: snyk/actions/setup@master - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: Snyk auth - shell: bash - run: snyk config set api=$SNYK_TOKEN - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Snyk Container test + uses: snyk/actions/docker@master continue-on-error: true - shell: bash - run: snyk container test traefik:v2.11.0 --sarif --sarif-file-output=snyk-code.sarif env: # This is where you will need to introduce the Snyk API token created with your Snyk account SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: traefik:v2.11.0 + args: --sarif-file-output=snyk-code.sarif + + # Replace any "undefined" security severity values with 0. The undefined value is used in the case + # of license-related findings, which do not do not indicate a security vulnerability. + # See https://github.com/github/codeql-action/issues/2187 for more context. + - name: Post-process sarif output + run: | + sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif + + # Replace any "null" security severity values with 0. The undefined value is used in the case + # the NVD CVSS Score is not available. + # See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context. + - name: Post-process sarif output for security severities set to "null" + run: | + sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk-code.sarif # Push the Snyk Code results into GitHub Code Scanning tab - name: Upload result to GitHub Code Scanning diff --git a/.github/workflows/pr-tests-stack-public.yml b/.github/workflows/pr-tests-stack-public.yml index a036d7b5e07..daa36fc1043 100644 --- a/.github/workflows/pr-tests-stack-public.yml +++ b/.github/workflows/pr-tests-stack-public.yml @@ -18,7 +18,8 @@ jobs: strategy: max-parallel: 99 matrix: - os: [ubuntu-latest, macos-latest, windows] + # issues with macos 14 arm https://github.com/crazy-max/ghaction-setup-docker/pull/53 + os: [ubuntu-latest, macos-13, windows] python-version: ["3.12"] pytest-modules: ["frontend network"] fail-fast: false @@ -117,11 +118,11 @@ jobs: chmod +x ~/.docker/cli-plugins/docker-compose - name: Docker on MacOS - if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest' - uses: crazy-max/ghaction-setup-docker@v3.1.0 + if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13' + uses: crazy-max/ghaction-setup-docker@v3.2.0 - name: Docker Compose on MacOS - if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest' + if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13' shell: bash run: | brew install docker-compose