Skip to content

Support environment variable and external providers in config. Also rename several options for brevity. #58

Support environment variable and external providers in config. Also rename several options for brevity.

Support environment variable and external providers in config. Also rename several options for brevity. #58

Workflow file for this run

name: Security Scans
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '18 8 * * 2'
permissions:
contents: read
jobs:
govulncheck:
name: Run govulncheck
permissions:
contents: read
security-events: write
runs-on: ubuntu-latest
steps:
- id: govulncheck
uses: golang/govulncheck-action@dd0578b371c987f96d1185abb54344b44352bd58 # v1.0.3
with:
go-version-input: 1.22.4
go-package: ./...
output-format: sarif
output-file: govuln.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with:
sarif_file: govuln.sarif
snyk:
permissions:
contents: read
security-events: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Build a Docker image
run: docker build -t michad/tilegroxy .
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
uses: snyk/actions/docker@a1346e4eaf761d462da22c34c681dc06849b6851
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: michad/tilegroxy
args: --file=Dockerfile
# Snyk sometimes generates invalid severity scores that tank the upload step. And they're insistent on not fixing the bug. So we need to post-process it to avoid build failures
# See https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output
run: |
sed -i 's/"security-severity": null/"security-severity": "0"/g' snyk.sarif
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with:
sarif_file: snyk.sarif