.github/workflows/snyk.yml
name: Snyk
on:
push:
branches: [master]
jobs:
security:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Use Node.js 18
uses: actions/setup-node@v3
with:
node-version: 18
- name: pnpm cache
uses: actions/cache@v3
with:
path: ./common/temp/pnpm-store
key: ${{ runner.os }}-pnpm-${{ hashFiles('common/config/rush/pnpm-lock.yaml') }}
restore-keys: ${{ runner.os }}-pnpm-
- name: Install
run: node common/scripts/install-run-rush.js install
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
with:
command: monitor
args: --all-projects --exclude=common
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}