Add "arch" input in snyk/actions/setup

.github/workflows/test-setup.yaml

@@ -0,0 +1,102 @@
+# Copyright 2025 Snyk Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+name: Test Setup
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/test-setup.yaml
+      - setup/**
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/test-setup.yaml
+      - setup/**
+  workflow_dispatch: {}
+
+jobs:
+  test-setup-linux-macos:
+    name: Setup on ${{ matrix.os }}
+    runs-on:
+      - ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: Ubuntu x86_64
+            runner: ubuntu-24.04
+          - os: Ubuntu ARM64
+            runner: ubuntu-24.04-arm
+          - os: macOS x86_64
+            runner: macos-13
+          - os: macOS ARM64
+            runner: macos-15
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@v4
+      - name: Set up Snyk CLI
+        uses: ./setup
+        with:
+          os: "${{ runner.os }}"
+          arch: "${{ runner.arch }}"
+      - name: snyk version
+        run: snyk --version
+
+  test-setup-alpine:
+    name: Setup on ${{ matrix.os }}
+    runs-on:
+      - ${{ matrix.runner }}
+    container:
+      image: alpine:latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: Alpine x86_64
+            runner: ubuntu-24.04
+          - os: Alpine ARM64
+            runner: ubuntu-24.04-arm
+    steps:
+      - name: Install dependencies
+        run: apk update && apk add curl bash git
+      - name: Checkout ${{ github.repository }}
+        run: |
+          git clone --depth=1 https://github.com/${GITHUB_REPOSITORY}.git snyk-actions
+          cd snyk-actions
+          git fetch --depth=1 origin ${GITHUB_SHA}
+          git checkout ${GITHUB_SHA}
+      - name: Set up Snyk CLI
+        uses: ./snyk-actions/setup
+        with:
+          os: Alpine
+          arch: ${{ runner.arch }}
+      - name: snyk version
+        run: snyk --version
+
+  test-setup-debian-no-sudo:
+    name: Setup on Debian (no sudo)
+    runs-on: ubuntu-latest
+    container:
+      image: debian:latest
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@v4
+      - name: Install curl
+        run: apt-get update && apt-get install curl --yes
+      - name: Set up Snyk CLI
+        uses: ./setup
+      - name: snyk version
+        run: snyk --version

iac/example.yml

@@ -11,7 +11,7 @@ jobs:
   snyk:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v6
       - name: Run Snyk to check configuration files for security issues
         # Snyk can be used to break the build when it detects security issues.
         # In this case we want to upload the issues to GitHub Code Scanning
@@ -29,6 +29,6 @@ jobs:
         # with:
           # file: your-file-to-test.yaml
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: snyk.sarif

setup/README.md

@@ -1,5 +1,7 @@
 # Snyk Setup Action
 
+![test-setup](https://github.com/snyk/actions/actions/workflows/test-setup.yaml/badge.svg)
+
 A [GitHub Action](https://github.com/features/actions) for installing [Snyk](https://snyk.co/SnykGH) to check for
 vulnerabilities.
 

setup/action.yml

@@ -11,6 +11,9 @@ inputs:
   os:
     description: "Which Operating System Snyk will run on"
     default: ${{ runner.os }}
+  arch:
+    description: "Which Architecture Snyk will run on"
+    default: ${{ runner.arch }}
 outputs:
   version:
     description: "The version of Snyk installed"
@@ -21,11 +24,12 @@ runs:
     - env:
         INPUT_SNYK_VERSION: ${{ inputs.snyk-version }}
         INPUT_OS: ${{ inputs.os }}
+        INPUT_ARCH: ${{ inputs.arch }}
       run: |
         echo $GITHUB_ACTION_PATH
         echo ${{ github.action_path }}
 
-        ${{ github.action_path }}/setup_snyk.sh "${INPUT_SNYK_VERSION}" "${INPUT_OS}" || $GITHUB_ACTION_PATH/setup_snyk.sh "${INPUT_SNYK_VERSION}" "${INPUT_OS}"
+        ${{ github.action_path }}/setup_snyk.sh "${INPUT_SNYK_VERSION}" "${INPUT_OS}" "${INPUT_ARCH}" || $GITHUB_ACTION_PATH/setup_snyk.sh "${INPUT_SNYK_VERSION}" "${INPUT_OS}" "${INPUT_ARCH}"
       shell: bash
     - id: version
       shell: bash

setup/setup_snyk.sh

@@ -24,10 +24,10 @@ die () {
 }
 
 # Check if correct number of arguments is provided
-[ "$#" -eq 2 ] || die "Setup Snyk requires two arguments, $# provided"
+[ "$#" -eq 3 ] || die "Setup Snyk requires 3 arguments, $# provided"
 
 cd "$(mktemp -d)"
-echo_with_timestamp "Installing the $1 version of Snyk on $2"
+echo_with_timestamp "Installing the $1 version of Snyk on $2 $3"
 
 VERSION=$1
 MAIN_URL="https://downloads.snyk.io/cli"
@@ -43,6 +43,9 @@ case "$2" in
     Windows) die "Windows runner not currently supported" ;;
     *)       die "Invalid runner specified: $2" ;;
 esac
+if [ "$3" = "ARM" ] || [ "$3" = "ARM64" ]; then
+    PREFIX="$PREFIX-arm64"
+fi
 
 {
     echo "#!/bin/bash"
@@ -61,6 +64,15 @@ fi
 
 chmod +x snyk
 ${SUDO_CMD} mv snyk /usr/local/bin
+checksum() {
+    if command -v sha256sum >/dev/null 2>&1; then
+        sha256sum -c "$1"
+    elif command -v shasum >/dev/null 2>&1; then
+        shasum -a 256 -c "$1"
+    else
+        die "Neither sha256sum nor shasum is available. Please install one of them and try again."
+    fi
+}
 # Function to download a file with fallback to backup URL
 # Parameters:
 #   $1: Download URL
@@ -82,9 +94,9 @@ download_file() {
     fi
 
     echo_with_timestamp "Validating shasum"
-    if ! sha256sum -c snyk-${PREFIX}.sha256; then
+    if ! checksum snyk-${PREFIX}.sha256; then
         echo_with_timestamp "Actual: "
-        sha256sum snyk-${PREFIX}
+        checksum snyk-${PREFIX}
 
         echo_with_timestamp "Expected: "
         cat snyk-${PREFIX}.sha256