fix nightlies

Author: abyesilyurt

.github/workflows/container-scan.yml

@@ -297,7 +297,14 @@ jobs:
           # This is where you will need to introduce the Snyk API token created with your Snyk account
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
+      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+      - name: Post-process sarif output
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
         # Push the Snyk Code results into GitHub Code Scanning tab
+
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v3
         with:
@@ -352,29 +359,23 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up Snyk CLI to check for security issues
-        # Snyk can be used to break the build when it detects security issues.
-        # In this case we want to upload the SAST issues to GitHub Code Scanning
-        uses: snyk/actions/setup@master
-        env:
-          # This is where you will need to introduce the Snyk API token created with your Snyk account
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
-      - name: Snyk auth
-        shell: bash
-        run: snyk config set api=$SNYK_TOKEN
-        env:
-          # This is where you will need to introduce the Snyk API token created with your Snyk account
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
       - name: Snyk Container test
+        uses: snyk/actions/docker@master
         continue-on-error: true
-        shell: bash
-        run: snyk container test traefik:v2.11.0 --sarif --sarif-file-output=snyk-code.sarif
         env:
           # This is where you will need to introduce the Snyk API token created with your Snyk account
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: traefik:v2.11.0
+          args: --sarif --sarif-file-output=snyk-code.sarif
+
+      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+      - name: Post-process sarif output
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
+        # Push the Snyk Code results into GitHub Code Scanning tab
 
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning

.github/workflows/pr-tests-stack-public.yml

@@ -18,7 +18,8 @@ jobs:
     strategy:
       max-parallel: 99
       matrix:
-        os: [ubuntu-latest, macos-latest, windows]
+        # issues with macos 14 arm https://github.com/crazy-max/ghaction-setup-docker/pull/53
+        os: [ubuntu-latest, macos-13, windows]
         python-version: ["3.12"]
         pytest-modules: ["frontend network"]
       fail-fast: false
@@ -117,11 +118,11 @@ jobs:
           chmod +x ~/.docker/cli-plugins/docker-compose
 
       - name: Docker on MacOS
-        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
-        uses: crazy-max/ghaction-setup-docker@v3.1.0
+        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
+        uses: crazy-max/ghaction-setup-docker@v3.2.0
 
       - name: Docker Compose on MacOS
-        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
+        if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
         shell: bash
         run: |
           brew install docker-compose