actions/gha-workflows
5
1
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

chore(ci): update CI workflows to comment out SonarQube and Snyk scans

Browse Source
This commit is contained in:
Luke Tainton
2026-01-21 21:08:49 +00:00
parent 9a93c7beb5
commit 5d458cbc6b
12 changed files with 243 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
.github/workflows/ci-docker.yml vendored
View File

@@ -1,11 +1,11 @@
name: Docker CI
on:
workflow_call:
secrets:
SONAR_TOKEN:
required: true
SNYK_TOKEN:
required: true
# secrets:
# SONAR_TOKEN:
# required: true
# SNYK_TOKEN:
# required: true
jobs:
ci:
@@ -15,26 +15,29 @@ jobs:
uses: actions/checkout@v6.0.1
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v7.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: snyk.sarif
# - name: SonarQube Cloud Scan
# uses: SonarSource/sonarqube-scan-action@v7.0.0
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# - name: Snyk Vulnerability Scan
# uses: snyk/actions/python-3.10@master
# continue-on-error: true # To make sure that SARIF upload gets called
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# args: --sarif-file-output=snyk.sarif --all-projects
# - name: Upload result to GitHub Code Scanning
# uses: github/codeql-action/upload-sarif@v4
# with:
# sarif_file: snyk.sarif