[ART-6354] Setup snyk

[ashwindasr]

Setup snyk (https://issues.redhat.com/browse/ART-6354)

Steps

• Get the github token by following this doc using openshift-art-build-bot credentials on bitwarden. Generate a JWT token first and using that generate a github token
• Add a secret to the repo by using GitHub API endpoint (docs) (but make sure to check if a secret with the same name doesn't exist, else the new value will overwrite the old one!)
  • You will need the repository public key, which you can get from here
  • And also the encrypt the secret value using the instructions given in the doc.

Test run: https://github.com/ashwindasr/art-bot/actions/runs/4492999119 (Test run does not inclue synk code command as it needs to be enabled in the synk dashboard settings, which has been done for openshift-eng)

[ashwindasr]

Added secret to doozer {'name': 'SNYK_TOKEN', 'created_at': '2023-03-22T19:52:16Z', 'updated_at': '2023-03-22T19:52:16Z'}

[openshift-bot]

Build #1

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-746/setup.py
py38 create: /mnt/workspace/jenkins/working/art-tools_doozer_PR-746/.tox/py38
py38 installdeps: -rrequirements-dev.txt, -rrequirements.txt
py38 inst: /mnt/workspace/jenkins/working/art-tools_doozer_PR-746/.tox/.tmp/package/1/rh-doozer-2.0.15.dev288+g0316c58.zip
py38 installed: aiofiles==23.1.0,aiohttp==3.8.4,aiosignal==1.3.1,astroid==2.15.0,async-timeout==4.0.2,asynctest==0.13.0,attrs==22.2.0,autopep8==2.0.2,bashlex==0.18,bcrypt==4.0.1,cachetools==5.3.0,certifi==2022.12.7,cffi==1.15.1,chardet==5.1.0,charset-normalizer==3.1.0,click==8.1.3,colorama==0.4.6,coverage==7.2.2,cryptography==39.0.2,decorator==5.1.1,defusedxml==0.7.1,Deprecated==1.2.13,dill==0.3.6,distlib==0.3.6,dockerfile-parse==2.0.0,exceptiongroup==1.1.1,filelock==3.10.1,flake8==6.0.0,flexmock==0.11.3,frozenlist==1.3.3,future==0.18.3,gssapi==1.8.2,idna==3.4,iniconfig==2.0.0,isort==5.12.0,jira==3.4.1,koji==1.32.0,krb5==0.5.0,lazy-object-proxy==1.9.0,mccabe==0.7.0,multidict==6.0.4,mysql-connector-python==8.0.32,oauthlib==3.2.2,openshift-client==1.0.18,packaging==23.0,paramiko==3.1.0,platformdirs==3.1.1,pluggy==1.0.0,protobuf==3.20.3,pycodestyle==2.10.0,pycparser==2.21,pyflakes==3.0.1,pygit2==1.10.1,PyGithub==1.58.1,PyJWT==2.6.0,pylint==2.17.1,PyNaCl==1.5.0,pyproject-api==1.5.1,pyspnego==0.8.0,pytest==7.2.2,python-dateutil==2.8.2,PyYAML==6.0,requests==2.28.2,requests-gssapi==1.2.3,requests-kerberos==0.14.0,requests-oauthlib==1.3.1,requests-toolbelt==0.10.1,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-746/.tox/.tmp/package/1/rh-doozer-2.0.15.dev288%2Bg0316c58.zip,semver==2.13.0,setuptools-scm==7.1.0,six==1.16.0,tenacity==8.2.2,tomli==2.0.1,tomlkit==0.11.6,tox==4.4.7,typing==3.7.4.3,typing-extensions==4.5.0,urllib3==1.26.15,virtualenv==20.21.0,wrapt==1.15.0,yarl==1.8.2
py38 run-test-pre: PYTHONHASHSEED='2223597096'
py38 run-test: commands[0] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..............................................................................................................................s.s....................................s.s...s.s.s..s.s.s.............................................................................
----------------------------------------------------------------------
Ran 250 tests in 1.888s

OK (skipped=10)
py38 run-test: commands[1] | flake8
py38 run-test: commands[2] | coverage report
Name                                          Stmts   Miss Branch BrPart  Cover
-------------------------------------------------------------------------------
doozerlib/__init__.py                            12      7      2      1    43%
doozerlib/_version.py                             2      2      0      0     0%
doozerlib/assembly.py                           163     32     91     11    76%
doozerlib/assembly_inspector.py                 178    159    100      0     7%
doozerlib/assertion.py                           13      0      6      0   100%
doozerlib/brew.py                               366    206    152      4    40%
doozerlib/build_status_detector.py               85     10     54      3    86%
doozerlib/cli/__init__.py                       122     64     28      0    39%
doozerlib/cli/__main__.py                      1084   1084    436      0     0%
doozerlib/cli/cli_opts.py                        20      3      8      0    89%
doozerlib/cli/config_plashet.py                 535    535    246      0     0%
doozerlib/cli/detect_embargo.py                 167     35     70      8    75%
doozerlib/cli/get_nightlies.py                  230     59    127      3    71%
doozerlib/cli/images_health.py                   82     30     26      2    59%
doozerlib/cli/images_streams.py                 687    687    296      0     0%
doozerlib/cli/inspect_stream.py                  66     66     28      0     0%
doozerlib/cli/release_calc_upgrade_tests.py      24     24      6      0     0%
doozerlib/cli/release_gen_assembly.py           262    146    112      1    39%
doozerlib/cli/release_gen_payload.py            695    260    294     19    58%
doozerlib/cli/rpms_build.py                     165     59     58      8    57%
doozerlib/cli/scan_sources.py                   182    141    100      2    17%
doozerlib/config.py                              97     97     44      0     0%
doozerlib/constants.py                           11      0      0      0   100%
doozerlib/coverity.py                           245    215     74      0     9%
doozerlib/dblib.py                              263    160     68      4    35%
doozerlib/distgit.py                           1540    989    746     40    33%
doozerlib/dotconfig.py                           54     43     31      0    13%
doozerlib/exceptions.py                           2      0      0      0   100%
doozerlib/exectools.py                          197    105     76     10    43%
doozerlib/gitdata.py                            171    137     76      0    14%
doozerlib/image.py                              500    328    216      6    28%
doozerlib/logutil.py                              9      0      2      1    91%
doozerlib/metadata.py                           432    151    184     30    61%
doozerlib/model.py                              113     21     36      2    82%
doozerlib/olm/__init__.py                         0      0      0      0   100%
doozerlib/olm/bundle.py                         315    230     72      0    22%
doozerlib/osbs2_builder.py                      119     30     44     19    67%
doozerlib/plashet.py                            134      9     90     15    89%
doozerlib/pushd.py                               22      2      2      0    92%
doozerlib/release_schedule.py                    28     17      8      0    31%
doozerlib/repos.py                              209    105    113     17    44%
doozerlib/rhcos.py                              202     41     68     12    75%
doozerlib/rpm_builder.py                        225     28    119     31    82%
doozerlib/rpm_utils.py                          134     33     90     11    74%
doozerlib/rpmcfg.py                             151     61     64      8    55%
doozerlib/runtime.py                            950    692    376      8    21%
doozerlib/source_modifications.py               116     33     26      4    68%
doozerlib/state.py                               23     12      8      0    35%
doozerlib/util.py                               452    217    180     13    48%
-------------------------------------------------------------------------------
TOTAL                                         11854   7365   5053    293    35%
___________________________________ summary ____________________________________
  py38: commands succeeded
  congratulations :)

[thegreyd]

/lgtm