Skip to content

auth0_acul_js: Adding correct path and package label (#20) #58

auth0_acul_js: Adding correct path and package label (#20)

auth0_acul_js: Adding correct path and package label (#20) #58

Workflow file for this run

name: Snyk
on:
merge_group:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
push:
branches:
- master
- beta
schedule:
- cron: '30 0 1,15 * *'
permissions:
contents: read
pull-requests: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
check:
name: Check for Vulnerabilities
runs-on: ubuntu-latest
steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
# Determine affected package
- name: Determine modified files
id: determine_package
shell: bash
run: |
if [ ${{ github.event.pull_request.changed_files }} -ne 0 ]; then
echo "${{ github.event.pull_request.changed_files }}" > changed_files.txt
curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"${{ github.event.pull_request.url }}/files" \
> files.json
jq -r '.[].filename' files.json > changed_files.txt
cat changed_files.txt
package_path=""
skip=false
if grep -q "packages/auth0-acul-js/" changed_files.txt; then
package_path="packages/auth0-acul-js/package-lock.json"
elif grep -q "packages/ul-react/" changed_files.txt; then
package_path="packages/ul-react/package-lock.json"
elif grep -q "packages/ul-react-component/" changed_files.txt; then
package_path="packages/ul-react-component/package-lock.json"
else
echo "No relevant changes detected."
echo "skip=true" >> $GITHUB_OUTPUT
fi
echo "package_path=$package_path" >> $GITHUB_OUTPUT
else
echo "No relevant changes found."
echo "skip=true" >> $GITHUB_OUTPUT
fi
- name: Skip if no relevant changes
if: steps.determine_package.outputs.skip == 'true'
run: echo "No relevant changes detected. Skipping Snyk scan."
- name: Run Snyk scan
if: steps.determine_package.outputs.skip != 'true'
uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # [email protected]
with:
args: --file=/github/workspace/${{ steps.determine_package.outputs.package_path }} --package-manager=npm
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
DEBUG: snyk*