Skip to content

Fix avro vulnerability (#46) #96

Fix avro vulnerability (#46)

Fix avro vulnerability (#46) #96

Workflow file for this run

name: build and validate
on:
push:
branches:
- main
pull_request_target:
branches:
- main
jobs:
build:
runs-on: ubuntu-20.04
steps:
# Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
- name: Check out code
uses: actions/[email protected]
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: create checksum file
uses: hypertrace/github-actions/checksum@main
- name: Cache packages
id: cache-packages
uses: actions/cache@v2
with:
path: ~/.gradle
key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }}
restore-keys: |
gradle-packages-${{ runner.os }}-${{ github.job }}
gradle-packages-${{ runner.os }}
- name: Build with Gradle
uses: hypertrace/github-actions/gradle@main
with:
args: build
snyk-scan:
runs-on: ubuntu-20.04
steps:
# Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
- name: Check out code
uses: actions/[email protected]
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: Setup snyk
uses: snyk/actions/[email protected]
- name: Snyk test
run: snyk test --all-sub-projects --org=hypertrace --severity-threshold=low --policy-path=.snyk --configuration-matching='^runtimeClasspath$' --remote-repo-url='${{ github.server_url }}/${{ github.repository }}.git'
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}