chore: add optional snyk token

NiccoloFei · NiccoloFei · commit 48e8aab77d55 · 2025-09-26T14:18:14.000+02:00
Signed-off-by: Niccolò Fei &lt;niccolo.fei@enterprisedb.com&gt;
diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml
@@ -51,6 +51,8 @@ jobs:
     with:
       environment: ${{ github.event.inputs.environment }}
       postgresql_version: ${{ matrix.version }}
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   Catalogs:
     name: Update Catalogs
diff --git a/.github/workflows/bake_targets.yml b/.github/workflows/bake_targets.yml
@@ -29,6 +29,9 @@ on:
           `source` directory.
         required: false
         type: string
+    secrets:
+      SNYK_TOKEN:
+        required: false
 
 permissions: {}
 
@@ -158,21 +161,23 @@ jobs:
 
       - name: Snyk
         uses: snyk/actions/docker@master
-        continue-on-error: true
+        id: snyk
+        if: ${{ env.SNYK_TOKEN != '' }}
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
           image: "${{ matrix.image }}"
           args: --severity-threshold=high --file=Dockerfile
 
       - name: Replace sarif security-severity invalid values
+        if: ${{ steps.snyk.conclusion == 'success' }}
         run: |
           sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
           sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
 
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3
-        continue-on-error: true
+        if: ${{ steps.snyk.conclusion == 'success' }}
         with:
           sarif_file: snyk.sarif
 
