Fredrik Adelöw
ebcc8b7ca9
The actions/setup-node@v6.4.0 upgrade stopped auto-shimming yarn onto PATH via corepack. The yarn-plugin test spawns yarn via Node's child_process.spawn() which does a raw PATH lookup, causing ENOENT failures. Adding corepack: true ensures the yarn shim is available. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Fredrik Adelöw <freben@gmail.com>
50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
name: Sync Snyk GitHub issues
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: '0 */4 * * *'
|
|
|
|
jobs:
|
|
sync:
|
|
if: github.repository == 'backstage/backstage' # prevent running on forks
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Use Node.js 22.x
|
|
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
|
with:
|
|
node-version: 22.x
|
|
registry-url: https://registry.npmjs.org/ # Needed for auth
|
|
corepack: true
|
|
- name: yarn install
|
|
uses: backstage/actions/yarn-install@2cd6978b476cbdc39fec48346f8b6ca13199dd6a # v0.7.8
|
|
with:
|
|
cache-prefix: ${{ runner.os }}-v22.x
|
|
|
|
- name: Create Snyk report
|
|
uses: snyk/actions/node@9cf6ca713d71123d2d229cc3d7f145b96ea3c518 # master
|
|
continue-on-error: true # Snyk CLI exits with error when vulnerabilities are found
|
|
with:
|
|
args: >
|
|
--yarn-workspaces
|
|
--org=backstage-dgh
|
|
--strict-out-of-sync=false
|
|
--json-file-output=snyk.json
|
|
--debug
|
|
json: true
|
|
env:
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
NODE_OPTIONS: --max-old-space-size=7168
|
|
- name: Update Github issues
|
|
run: ./scripts/snyk-github-issue-sync.ts
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|