puppetlabs/vmpooler
2
0
Fork 0
mirror of https://github.com/puppetlabs/vmpooler.git synced 2026-01-26 10:08:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

simplify bundle lock and setup snyk

Browse source
This commit is contained in:
Jeremy Mill 2022-04-02 12:44:41 -04:00
parent 7786c9193e
commit a45372031d
2 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
.github/workflows/snyk.yml vendored Normal file
View file

@ -0,0 +1,18 @@
name: Snyk
on:
workflow_dispatch:
push:
branches:
- main
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: snyk/actions/setup@master
- name: update lockfile
run: ./update-gemfile-lock.sh
- name: Run Snyk to check for vulnerabilities
run: snyk monitor --file=Gemfile.lock
env:
SNYK_TOKEN: ${{ secrets.SNYK_DIO_KEY }}

2
update-gemfile-lock.sh
View file

@ -3,4 +3,4 @@
docker run -it --rm \ docker run -it --rm \
-v $(pwd):/app \ -v $(pwd):/app \
$(grep ^FROM docker/Dockerfile |cut -d ' ' -f2) \ $(grep ^FROM docker/Dockerfile |cut -d ' ' -f2) \
/bin/bash -c 'apt-get update -qq && apt-get install -y --no-install-recommends make && cd /app && gem install bundler && bundle install --jobs 3 && bundle update; echo "LOCK_FILE_UPDATE_EXIT_CODE=$?"' /bin/bash -c 'cd /app && gem install bundler && bundle lock --update; echo "LOCK_FILE_UPDATE_EXIT_CODE=$?"'