add exception; add empty PR exlanation

GSA · Jan 19, 2024 · e579345 · e579345
1 parent f0b4682
commit e579345
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 7 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -25,7 +25,8 @@ jobs:
           sudo apt-get update -y
           sudo apt-get install -y \
             openssl libssl-dev libffi-dev pkg-config libxml2-dev \
-            libxmlsec1-dev libxmlsec1-openssl libgeos-dev proj-bin
+            libxmlsec1-dev libxmlsec1-openssl libgeos-dev proj-bin \
+            libpq-dev
           pip3 install -r requirements.txt
       # yamllint disable rule:line-length
       - name: Run Snyk Scan
@@ -41,18 +42,24 @@ jobs:
           # Update requirements.in with the snyk fix suggestions
           python bin/snyk-update.py
 
-          # Remove unnecessary file so that it doesn't get added to the repo
-          rm scan.json
-
           # Update requirements.txt
           make requirements
 
+          # Check if there are any changes
+          if [ -z "$(git status --porcelain)" ]; then
+            echo "Found vulnerable issues but no upgrade or patch available"
+            cat scan.json | jq '[.vulnerabilities[] | .id] | unique[]'
+          else
+            echo "Changes made to add into PR: "
+            git diff
+          fi
+
           # Fail so that PR is created
           exit 1
       - name: Create Pull Request
         if: ${{ failure() }}
         id: scpr
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.ADD_TO_PROJECT_PAT }}
           commit-message: Update Pip Requirements
@@ -72,6 +79,5 @@ jobs:
             requirements
             automated pr
             snyk
-          team-reviewers: data-gov-team
           draft: false
           # yamllint enable rule:line-length
diff --git a/.snyk b/.snyk
@@ -79,7 +79,20 @@ ignore:
           https://github.com/GSA/data.gov/issues/4532
         expires: 2024-04-10T19:29:54.032Z
         created: 2024-01-11T19:29:54.039Z
-
+  SNYK-PYTHON-CRYPTOGRAPHY-6149518:
+    - '*':
+        reason: >-
+          No remediation available yet; Issue tracked in github:
+          https://github.com/GSA/data.gov/issues/4532
+        expires: 2024-04-10T19:28:50.100Z
+        created: 2024-01-11T19:28:50.103Z
+  SNYK-PYTHON-PYOPENSSL-6149520:
+    - '*':
+        reason: >-
+          No remediation available yet; Issue tracked in github:
+          https://github.com/GSA/data.gov/issues/4532
+        expires: 2024-04-10T19:29:54.032Z
+        created: 2024-01-11T19:29:54.039Z
 patch: {}
 # specify the directories or files to be excludeed from import:
 exclude: