From 62261edff2e66dc63159a4d73767d033386652c5 Mon Sep 17 00:00:00 2001 From: Adam Cheng <52572642+adamchengtkc@users.noreply.github.com> Date: Tue, 12 Dec 2023 10:43:29 +0100 Subject: [PATCH] BLD: public pipeline --- .github/workflows/docs.yml | 3 +++ .github/workflows/publish.yml | 5 ++++- .github/workflows/snyk.yml | 8 +++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index aed70ee..dd5171f 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -6,6 +6,9 @@ name: docs on: workflow_dispatch: workflow_call: + secrets: + GITHUB_TOKEN: + required: true push: branches: [ main ] diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 60776eb..85e4f4d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,7 +1,7 @@ # This workflows will upload a Python Package using Twine when a release is created # For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries -name: build +name: build and publish on: workflow_dispatch: @@ -25,8 +25,11 @@ jobs: uses: equinor/warmth/.github/workflows/snyk.yml@main secrets: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} docs: uses: equinor/warmth/.github/workflows/docs.yml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} deploy: needs: [test3d, test1d, snyk, docs] diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 3acf177..74c7082 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -1,11 +1,11 @@ name: Snyk scan on: - push: - branches: [main, dev] workflow_call: secrets: SNYK_TOKEN: required: true + GITHUB_TOKEN: + required: true jobs: security: runs-on: ubuntu-latest @@ -18,7 +18,9 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: args: --sarif-file-output=snyk.sarif --severity-threshold=high + - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: snyk.sarif \ No newline at end of file + sarif_file: snyk.sarif + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file