activate snyk project on releases#9
Conversation
| curl \ | ||
| -X POST \ | ||
| --silent \ | ||
| -H "Authorization: token $SNYK_TOKEN" \ |
There was a problem hiding this comment.
Unfortunately, I didn't have much luck using a .netrc here instead of sending an authorization header. I think this is because the SNYK_TOKEN is technically an API token vs. an Oauth Token.
There was a problem hiding this comment.
If we used an environment variable here, would it print the value out when it executes? That might be a good compromise. (I think you're right that .netrc can't be used for bearer tokens—AFAICT it only works for basic auth (user/pass)
There was a problem hiding this comment.
good idea! This commit should pass in SNYK_TOKEN as an env var to the activate-snyk-project script.
Out of curiosity, where do you see the auth header value being printed out when curl executes? I thought --silent would prevent any output from printing.
| TEMURIN_TAG: ${{ matrix.temurin_tag }} | ||
| - name: Active Snyk Project | ||
| if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v')) | ||
| run: ./scripts/activate-snyk-project.sh ${{ secrets.SNYK_TOKEN }} java ${{ matrix.temurin_tag }} $(git rev-parse --short "$GITHUB_SHA") No newline at end of file |
There was a problem hiding this comment.
${{ secrets.SNYK_TOKEN }} is currently my personal API token. Could we update this to be a process account's token instead? Is there such a concept on Snyk?
There was a problem hiding this comment.
I think we could just create a 'user' that's for account updating if there isn't
staskolauren
requested review from
aquilesg,
beehivewarrior,
bpholt,
calebwsutton,
coreyjonoliver and
tylernap
| @@ -0,0 +1,36 @@ | |||
| #!/usr/bin/env bash | |||
There was a problem hiding this comment.
Do you mind running this script through shellcheck? It caught a few minor things when I ran it locally.
There was a problem hiding this comment.
oh neat! 😎 I updated this script with findings from shellcheck.
staskolauren
force-pushed
the
activate-snyk-project
branch
from
c08eb89 to
34aedc3
Compare
4 participants
activate-snyk-project.shwill automatically add images or "projects" to Snyk to be scanned as we push images to dockerhub as part of our gha build workflow