From e73e78843b5f6a301c1d6a4cbe3acd269d1b5ed6 Mon Sep 17 00:00:00 2001 From: Aziz Berkay Yesilyurt Date: Tue, 14 May 2024 13:36:55 +0200 Subject: [PATCH] fix nightlies --- .github/workflows/container-scan.yml | 37 +++++++++++---------- .github/workflows/pr-tests-stack-public.yml | 9 ++--- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index f7b5df009ae..2f36a54d0a3 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -297,7 +297,14 @@ jobs: # This is where you will need to introduce the Snyk API token created with your Snyk account SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # Replace any "undefined" security severity values with 0. The undefined value is used in the case + # of license-related findings, which do not do not indicate a security vulnerability. + # See https://github.com/github/codeql-action/issues/2187 for more context. + - name: Post-process sarif output + run: | + sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif # Push the Snyk Code results into GitHub Code Scanning tab + - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: @@ -352,29 +359,23 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Set up Snyk CLI to check for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the SAST issues to GitHub Code Scanning - uses: snyk/actions/setup@master - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: Snyk auth - shell: bash - run: snyk config set api=$SNYK_TOKEN - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Snyk Container test + uses: snyk/actions/docker@master continue-on-error: true - shell: bash - run: snyk container test traefik:v2.11.0 --sarif --sarif-file-output=snyk-code.sarif env: # This is where you will need to introduce the Snyk API token created with your Snyk account SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: traefik:v2.11.0 + args: --sarif --sarif-file-output=snyk-code.sarif + + # Replace any "undefined" security severity values with 0. The undefined value is used in the case + # of license-related findings, which do not do not indicate a security vulnerability. + # See https://github.com/github/codeql-action/issues/2187 for more context. + - name: Post-process sarif output + run: | + sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif + # Push the Snyk Code results into GitHub Code Scanning tab # Push the Snyk Code results into GitHub Code Scanning tab - name: Upload result to GitHub Code Scanning diff --git a/.github/workflows/pr-tests-stack-public.yml b/.github/workflows/pr-tests-stack-public.yml index a036d7b5e07..daa36fc1043 100644 --- a/.github/workflows/pr-tests-stack-public.yml +++ b/.github/workflows/pr-tests-stack-public.yml @@ -18,7 +18,8 @@ jobs: strategy: max-parallel: 99 matrix: - os: [ubuntu-latest, macos-latest, windows] + # issues with macos 14 arm https://github.com/crazy-max/ghaction-setup-docker/pull/53 + os: [ubuntu-latest, macos-13, windows] python-version: ["3.12"] pytest-modules: ["frontend network"] fail-fast: false @@ -117,11 +118,11 @@ jobs: chmod +x ~/.docker/cli-plugins/docker-compose - name: Docker on MacOS - if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest' - uses: crazy-max/ghaction-setup-docker@v3.1.0 + if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13' + uses: crazy-max/ghaction-setup-docker@v3.2.0 - name: Docker Compose on MacOS - if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest' + if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13' shell: bash run: | brew install docker-compose