Skip to content

Commit

Permalink
ghactions: Trigger snyk on 'pull-request, rather than 'push'
Browse files Browse the repository at this point in the history 
This should fix this error on PRs from dependabot:

```
Error: Workflows triggered by Dependabot on the "push" event run with
read-only access. Uploading Code Scanning results requires write access.
To use Code Scanning with Dependabot, please ensure you are using the
"pull_request" event for this workflow and avoid triggering on the
"push" event for Dependabot branches. See
https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push
for more information on how to configure these events.
```
  • Loading branch information
@cfergeau
cfergeau committed Jan 22, 2024
1 parent 441c134 commit 1cad5ba
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .github/workflows/snyk.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
name: Code Scanning with Snyk
on: push
on: pull_request
types: [opened, reopened]
jobs:
security:
runs-on: ubuntu-latest
Expand Down

0 comments on commit 1cad5ba

Please sign in to comment.