Merge branch 'develop' into release/13.0.0

cypress-io · Aug 27, 2023 · 485d91d · 485d91d · cypress-bot · Aug 27, 2023
2 parents 5e39da7 + f383ae3
commit 485d91d
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/.github/workflows/snyk_sca_scan.yaml b/.github/workflows/snyk_sca_scan.yaml
@@ -3,6 +3,10 @@ name: Snyk Software Composition Analysis Scan
 # Analysis scan on our Opensource libraries upon Pull Requests to the
 # "develop" branch. We use this as a control to prevent vulnerable packages 
 # from being introduced into the codebase. 
+# Enhancements were made to this action to build the yarn packages to reduce
+# Snyk scan errors that were complaining about the yarn.locks etc.  Also 
+# implemented PAT token for actions to resolve an issue with the action not
+# running and reporting back to the PR status checks
 on:
   pull_request:
     types: [opened, edited]
@@ -15,17 +19,26 @@ jobs:
       matrix:
         node-version: [16.x]
     steps:
-      - uses: actions/checkout@v3
-      - name: Setting up Node
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BOT_GITHUB_ACTION_TOKEN }}
+      - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: ${{ matrix.node-version }}
+          node-version: 16
+          cache: 'yarn'
+      - name: Run yarn
+        run: yarn
+      - name: Run build
+        run: yarn build
       - name: Installing snyk-delta and dependencies
         run: npm i -g snyk-delta
       - uses: snyk/actions/setup@master
       - name: Perform SCA Scan
         continue-on-error: false
         run: |
-          snyk test --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=system-tests,docker,Dockerfile --severity-threshold=critical
+          snyk test --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=system-tests,tooling,docker,Dockerfile --severity-threshold=critical
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/snyk_static_analysis_scan.yaml b/.github/workflows/snyk_static_analysis_scan.yaml
@@ -13,7 +13,20 @@ jobs:
   Snyk_SAST_Scan :
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BOT_GITHUB_ACTION_TOKEN }}
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache: 'yarn'
+      - name: Run yarn
+        run: yarn
+      - name: Run build
+        run: yarn build
       - uses: snyk/actions/setup@master
       - name: Perform Static Analysis Test
         continue-on-error: true