Skip to content

Commit

Permalink
chore: Improve security scanning. Fixes argoproj#7599 (argoproj#7602)
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Collins <[email protected]>
  • Loading branch information
alexec authored Jan 20, 2022
1 parent 4901f94 commit 7ca0201
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 10 deletions.
19 changes: 15 additions & 4 deletions .github/workflows/snyk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,27 +3,38 @@ on:
schedule:
- cron: "30 2 * * *"
jobs:
images:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- run: docker scan --severity=high quay.io/argoproj/workflow-controller
- run: docker scan --severity=high quay.io/argoproj/argoexec
- run: docker scan --severity=high quay.io/argoproj/argocli

golang:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high

node:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@master
- run: yarn --cwd ui install
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --file=ui/package.json --severity-threshold=high

2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ COPY hack/nsswitch.conf /etc/

####################################################################################################

FROM node:14.0.0 as argo-ui
FROM node:16 as argo-ui

COPY ui/package.json ui/yarn.lock ui/

Expand Down
5 changes: 0 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -236,11 +236,6 @@ argoexec-image:
if [ $(K3D) = true ]; then k3d image import -c $(K3D_CLUSTER_NAME) $(IMAGE_NAMESPACE)/$*:$(VERSION); fi
if [ $(DOCKER_PUSH) = true ] && [ $(IMAGE_NAMESPACE) != argoproj ] ; then docker push $(IMAGE_NAMESPACE)/$*:$(VERSION) ; fi

scan-images: scan-workflow-controller scan-argoexec scan-argocli

scan-%:
docker scan --severity=high $(IMAGE_NAMESPACE)/$*:$(VERSION)

# generation

.PHONY: codegen
Expand Down

0 comments on commit 7ca0201

Please sign in to comment.