github.com/argoproj/argo-cd/v2@v2.10.9/.github/workflows/update-snyk.yaml

github.com/argoproj/argo-cd/v2@v2.10.9/.github/workflows/update-snyk.yaml (about)

     1  name: Snyk report update
     2  on:
     3    workflow_dispatch: {}
     4    schedule:
     5      - cron: '0 0 * * 0' # midnight every Sunday
     6  
     7  permissions:
     8    contents: read
     9  
    10  jobs:
    11    snyk-report:
    12      permissions:
    13        contents: write
    14        pull-requests: write
    15      if: github.repository == 'argoproj/argo-cd'
    16      name: Update Snyk report in the docs directory
    17      runs-on: ubuntu-22.04
    18      steps:
    19        - name: Checkout code
    20          uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
    21          with:
    22            token: ${{ secrets.GITHUB_TOKEN }}
    23        - name: Build reports
    24          env:
    25            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    26            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
    27          run: |
    28            make snyk-report
    29            pr_branch="snyk-update-$(echo $RANDOM | md5sum | head -c 20)"
    30            git checkout -b "$pr_branch"
    31            git config --global user.email 'ci@argoproj.com'
    32            git config --global user.name 'CI'
    33            git add docs/snyk
    34            git commit -m "[Bot] docs: Update Snyk reports" --signoff
    35            git push --set-upstream origin "$pr_branch"
    36            gh pr create -B master -H "$pr_branch" --title '[Bot] docs: Update Snyk report' --body ''