2022-03-17 18:22:19 +00:00
|
|
|
name: "Snyk"
|
|
|
|
|
|
|
|
on:
|
|
|
|
schedule:
|
|
|
|
- cron: "0 0 * * *"
|
|
|
|
|
|
|
|
env:
|
|
|
|
DEFAULT_JDK_VERSION: 11
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
quarkus:
|
|
|
|
name: Quarkus
|
|
|
|
runs-on: ubuntu-latest
|
2022-07-22 09:00:18 +00:00
|
|
|
if: ${{ github.repository == 'keycloak/keycloak' }}
|
2022-03-17 18:22:19 +00:00
|
|
|
steps:
|
|
|
|
- name: Checkout repository
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
2022-04-14 08:52:59 +00:00
|
|
|
- uses: actions/setup-java@v3
|
2022-03-17 18:22:19 +00:00
|
|
|
with:
|
|
|
|
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
2022-03-30 15:45:31 +00:00
|
|
|
distribution: temurin
|
2022-03-17 18:22:19 +00:00
|
|
|
cache: maven
|
2022-07-22 09:00:18 +00:00
|
|
|
|
2022-03-17 18:22:19 +00:00
|
|
|
- name: Build Quarkus
|
2022-06-10 13:18:07 +00:00
|
|
|
run: mvn -Psnyk-quarkus -pl quarkus/dist -am -DskipTests clean install
|
2022-03-17 18:22:19 +00:00
|
|
|
|
|
|
|
- uses: snyk/actions/setup@master
|
|
|
|
- name: Check for vulnerabilities
|
2022-04-08 19:08:58 +00:00
|
|
|
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
|
2022-03-17 18:22:19 +00:00
|
|
|
continue-on-error: true
|
|
|
|
env:
|
|
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
|
|
|
|
|
|
- name: Upload scanner results to GitHub
|
2022-08-26 08:05:05 +00:00
|
|
|
uses: github/codeql-action/upload-sarif@v2.1.20
|
2022-03-17 18:22:19 +00:00
|
|
|
with:
|
|
|
|
sarif_file: quarkus-report.sarif
|
|
|
|
|
|
|
|
operator:
|
|
|
|
name: Operator
|
|
|
|
runs-on: ubuntu-latest
|
2022-07-22 09:00:18 +00:00
|
|
|
if: ${{ github.repository == 'keycloak/keycloak' }}
|
2022-03-17 18:22:19 +00:00
|
|
|
steps:
|
|
|
|
- name: Checkout repository
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
2022-04-14 08:52:59 +00:00
|
|
|
- uses: actions/setup-java@v3
|
2022-03-17 18:22:19 +00:00
|
|
|
with:
|
|
|
|
java-version: ${{ env.DEFAULT_JDK_VERSION }}
|
2022-03-30 15:45:31 +00:00
|
|
|
distribution: temurin
|
2022-03-17 18:22:19 +00:00
|
|
|
cache: maven
|
2022-07-22 09:00:18 +00:00
|
|
|
|
2022-03-17 18:22:19 +00:00
|
|
|
- name: Build Keycloak
|
|
|
|
run: mvn -Poperator -pl operator -am -DskipTests clean install
|
|
|
|
|
2022-07-22 09:00:18 +00:00
|
|
|
- uses: snyk/actions/setup@master
|
2022-03-17 18:22:19 +00:00
|
|
|
- name: Check for vulnerabilities for the Operator
|
2022-04-08 19:08:58 +00:00
|
|
|
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
|
2022-03-17 18:22:19 +00:00
|
|
|
continue-on-error: true
|
|
|
|
env:
|
|
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
|
|
|
|
|
|
- name: Upload scanner results for the Operator to GitHub
|
2022-08-26 08:05:05 +00:00
|
|
|
uses: github/codeql-action/upload-sarif@v2.1.20
|
2022-03-17 18:22:19 +00:00
|
|
|
with:
|
|
|
|
sarif_file: operator-report.sarif
|