keycloak-scim/.github/workflows/snyk-analysis.yml

name: Snyk

on: 
  workflow_dispatch:

env:
  MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"

defaults:
  run:
    shell: bash

jobs:
  analysis:
    name: Analysis of Quarkus and Operator
    runs-on: ubuntu-latest
    if: github.repository == 'keycloak/keycloak'
    steps:
      - uses: actions/checkout@v4

      - name: Build Keycloak
        uses: ./.github/actions/build-keycloak

      - uses: snyk/actions/setup@master

      - name: Check for vulnerabilities in Quarkus
        run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --json quarkus/deployment | .github/scripts/snyk-report.sh
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

      - name: Check for vulnerabilities in Operator
        run: |
          ./mvnw -Poperator -pl operator -am -DskipTests clean install
          snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --json operator | .github/scripts/snyk-report.sh
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`name: Snyk`

Update Snyk Workflow to target other branches (#20601) Closes #20364 Co-authored-by: Stian Thorgersen <stianst@gmail.com> 2023-06-01 07:03:09 +00:00			`on:`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`workflow_dispatch:`

Align maven parameters across GitHub actions (#25117) Closes #25116 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> 2023-12-05 07:30:11 +00:00			`env:`
			`MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"`

Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`defaults:`
			`run:`
			`shell: bash`

			`jobs:`
			`analysis:`
			`name: Analysis of Quarkus and Operator`
			`runs-on: ubuntu-latest`
			`if: github.repository == 'keycloak/keycloak'`
			`steps:`
Bump actions/checkout from 3 to 4 (#22963) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-09-06 11:40:06 +00:00			`- uses: actions/checkout@v4`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00
			`- name: Build Keycloak`
			`uses: ./.github/actions/build-keycloak`

			`- uses: snyk/actions/setup@master`

			`- name: Check for vulnerabilities in Quarkus`
Move Snyk reports from GitHub Security tab to GitHub issues Closes #29494 Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com> 2024-05-13 21:59:55 +00:00			`run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --json quarkus/deployment \| .github/scripts/snyk-report.sh`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`continue-on-error: true`
			`env:`
Move Snyk reports from GitHub Security tab to GitHub issues Closes #29494 Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com> 2024-05-13 21:59:55 +00:00			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`

			`- name: Check for vulnerabilities in Operator`
Snyk workflow failing when running the checks against the Operator (#16653) Resolves #16622 2023-01-27 06:42:36 +00:00			`run: \|`
Align maven parameters across GitHub actions (#25117) Closes #25116 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> 2023-12-05 07:30:11 +00:00			`./mvnw -Poperator -pl operator -am -DskipTests clean install`
Move Snyk reports from GitHub Security tab to GitHub issues Closes #29494 Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com> 2024-05-13 21:59:55 +00:00			`snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --json operator \| .github/scripts/snyk-report.sh`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`continue-on-error: true`
			`env:`
Move Snyk reports from GitHub Security tab to GitHub issues Closes #29494 Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com> 2024-05-13 21:59:55 +00:00			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`