feat: Include fonts in build. Closes #121 #42

Workflow file for this run

.github/workflows/snyk-scan.yml at e1275c0

	name: Snyk Security Vulnerability Scan

	on:
	workflow_dispatch:
	pull_request:
	types: [opened, edited, synchronize]
	create:
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+'
	push:
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+'
	branches:
	- main

	jobs:
	snyk_scan_test:
	if: ${{ github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@master
	- uses: snyk/actions/setup@master

	- name: Check changed Deps files
	uses: tj-actions/changed-files@v35
	id: changed-files
	with:
	files: \| # This will match all the files with below patterns
	**/package-lock.json
	**/requirements.txt
	**/go.mod

	- name: List all changed files
	run: \|
	for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}; do
	echo "$file was changed"
	done

	- uses: actions/setup-node@v3
	with:
	node-version: '16.x'

	- name: Snyk scan for Node dependencies - package-lock.json files
	if: contains(steps.changed-files.outputs.all_changed_and_modified_files, 'package-lock.json')
	id: scan1
	continue-on-error: true
	run: \|
	for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}:
	do
	if [[ "$file" == *"package-lock.json" ]]; then
	directory=$(dirname "$file")
	cd directory && npm install
	snyk test --file=$file -d --fail-on=all
	fi
	done
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- uses: actions/setup-python@v4
	with:
	python-version: '3.8'

	- name: Snyk scan for Python dependencies - requirements.txt files
	if: contains(steps.changed-files.outputs.all_changed_and_modified_files, 'requirements.txt')
	id: scan2
	continue-on-error: true
	run: \|
	for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}:
	do
	if [[ "$file" == *"requirements.txt" ]]; then
	python3 -m pip install -r $file
	snyk test --command=python3 --package-manager=pip --file=$file --skip-unresolved -d --fail-on=all
	fi
	done
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- uses: actions/setup-go@v3
	with:
	go-version: '1.18'

	- name: Snyk scan for Go dependencies - go.mod file
	if: contains(steps.changed-files.outputs.all_changed_and_modified_files, 'go.mod')
	id: scan3
	continue-on-error: true
	run: \|
	for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}:
	do
	if [[ "$file" == *"go.mod" ]]; then
	GOFLAGS="-e" snyk test --file=$file -p -d --skip-unresolved --fail-on=all
	fi
	done
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}


	- name: Check Snyk scan results
	if: steps.scan1.outcome == 'failure' \|\| steps.scan2.outcome == 'failure' \|\| steps.scan3.outcome == 'failure' \|\| steps.scan4.outcome == 'failure'
	shell: bash
	run: \|
	echo "[warning] Please solve the fixable security vulnerabilities found in failed steps!
	Snyk scan for Node dependencies [package-lock.json] - ${{ steps.scan1.outcome }}
	Snyk scan for Python dependencies - ${{ steps.scan2.outcome }}
	Snyk scan for Go dependencies - ${{ steps.scan3.outcome }}
	"
	exit 1


	snyk_scan_monitor:
	if: ${{ github.event_name == 'push' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@master

	- name: Extract github branch/tag name
	shell: bash
	run: echo "ref=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
	id: extract_ref

	- uses: snyk/actions/setup@master

	- uses: actions/setup-node@v3
	with:
	node-version: '16.x'

	- name: Snyk scan for Node dependencies - package-lock.json files
	continue-on-error: true
	run: \|
	for file in $(find . -name "package-lock.json"); do
	directory=$(dirname "$file")
	cd directory && npm install
	file=${file:2}
	snyk monitor --org=nitro-cf8 --remote-repo-url=nitro/${{ steps.extract_ref.outputs.ref }} --file=$file --project-name=NITRO/nitro/${{ steps.extract_ref.outputs.ref }}/$file -d
	done
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- uses: actions/setup-python@v4
	with:
	python-version: '3.8'

	- name: Snyk scan for Python dependencies - requirements.txt files
	continue-on-error: true
	run: \|
	for file in $(find . -name "requirements.txt"); do
	python3 -m pip install -r $file
	file=${file:2}
	snyk monitor --command=python3 --package-manager=pip --org=nitro-cf8 --remote-repo-url=nitro/${{ steps.extract_ref.outputs.ref }} --file=$file --project-name=NITRO/nitro/${{ steps.extract_ref.outputs.ref }}/$file -d --skip-unresolved
	done
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- uses: actions/setup-go@v3
	with:
	go-version: '1.18'

	- name: Snyk scan for Go dependencies - go.mod
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	run: \|
	GOFLAGS="-e" snyk monitor --org=nitro-cf8 --remote-repo-url=nitro/${{ steps.extract_ref.outputs.ref }} --file=cli/go.mod --project-name=NITRO/nitro/${{ steps.extract_ref.outputs.ref }}/cli/go.mod -p -d --skip-unresolved

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Include fonts in build. Closes #121 #42

Workflow file

feat: Include fonts in build. Closes #121 #42

Jobs

Run details

Workflow file for this run