repos/roboluke
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 51 Activity

fix(ci): remove deps vuln scan, rely on renovate
All checks were successful
Validate PR Title / validate (pull_request) Successful in 5s
Details
CI / ci (pull_request) Successful in 1m1s
Details

Browse Source
This commit is contained in:
Luke Tainton 2025-05-31 12:05:24 +01:00
parent ce8baa0bfb
commit b623858929
Signed by: luke
SSH Key Fingerprint: SHA256:D34npKT7UaiT/7gULqu7EPSLWWVAjTjXf4kKfJ/fQBo
1 changed files with 9 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
.gitea/workflows/ci.yml
View File

@ -78,47 +78,18 @@ jobs:
# command: snyk # command: snyk
args: snyk code test #--all-projects --exclude=.archive args: snyk code test #--all-projects --exclude=.archive
- name: Snyk Vulnerability Scan # - name: Snyk Vulnerability Scan
uses: snyk/actions/python@master # uses: snyk/actions/python@master
continue-on-error: true # Sometimes vulns aren't immediately fixable # continue-on-error: true # Sometimes vulns aren't immediately fixable
env: # env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
DEBUG: "*snyk*" # DEBUG: "*snyk*"
with: # with:
# command: snyk # # command: snyk
args: snyk test #--all-projects --exclude=.archive # args: snyk test #--all-projects --exclude=.archive
- name: Reverse set up environment for Snyk - name: Reverse set up environment for Snyk
run: | run: |
rm -f requirements.txt rm -f requirements.txt
mv pyproject.toml.bak pyproject.toml mv pyproject.toml.bak pyproject.toml
mv uv.lock.bak uv.lock mv uv.lock.bak uv.lock
# - name: Trivy Setup
# uses: aquasecurity/setup-trivy@v0.2.0
# with:
# cache: true
# version: v0.61.1
# - name: Trivy Vulnerability Scan
# uses: aquasecurity/trivy-action@master
# with:
# skip-setup-trivy: true
# scan-type: "fs"
# scan-ref: "${{ gitea.workspace }}"
# exit-code: "1"
# ignore-unfixed: true
# format: "table"
# severity: "CRITICAL,HIGH,MEDIUM"
# scanners: "vuln,secret,misconfig,license"
# - name: Trivy Vulnerability Scan (Docker)
# uses: aquasecurity/trivy-action@master
# with:
# skip-setup-trivy: true
# image-ref: "docker.io/my-organization/my-app:${{ github.sha }}"
# format: "table"
# exit-code: "1"
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: "CRITICAL,HIGH,MEDIUM"