[CONFIG] SNYK added to Docker script for github-actions.

Gonzalo Diaz · Gonzalo Diaz · commit ac70b45f6b32 · 2024-05-13T16:12:45.000-04:00
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -25,3 +25,20 @@ jobs:
     - name: Tag Docker image
       run: docker tag algorithm-exercises-csharp:latest algorithm-exercises-csharp:${{ github.sha }}
 
+    - name: Run Snyk to check Docker image for vulnerabilities
+      # Snyk can be used to break the build when it detects vulnerabilities.
+      # In this case we want to upload the issues to GitHub Code Scanning
+      continue-on-error: true
+      uses: snyk/actions/docker@master
+      env:
+        # In order to use the Snyk Action you will need to have a Snyk API token.
+        # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
+        # or you can sign up for free at https://snyk.io/login
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: algorithm-exercises-go:latest
+        args: --file=Dockerfile
+    # - name: Upload result to GitHub Code Scanning
+    #   uses: github/codeql-action/upload-sarif@v2
+    #   with:
+    #     sarif_file: snyk.sarif
diff --git a/.github/workflows/dotnet-snyk.yml b/.github/workflows/dotnet-snyk.yml
@@ -10,22 +10,17 @@ on:
     branches: [ main ]
 
 jobs:
-  build:
-    name: "Run CI"
-    strategy:
-        fail-fast: false
-        matrix:
-          os: ["windows-latest"]
-    runs-on: ${{ matrix.os }}
+  security:
+    runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Setup .NET
-      uses: actions/setup-dotnet@v4
-      with:
-        dotnet-version: 8.0.x
-    - name: Restore dependencies
-      run: dotnet restore --verbosity normal
-    - name: Run Snyk to check for vulnerabilities
-      uses: snyk/actions/dotnet@master
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - uses: actions/checkout@master
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 8.0.x
+      - name: Restore dependencies
+        run: dotnet restore algorithm-exercises-csharp.sln
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/dotnet@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,14 @@ FROM mcr.microsoft.com/dotnet/sdk:8.0.204-alpine3.19-amd64 AS base
 ENV WORKDIR=/app
 WORKDIR ${WORKDIR}
 
-FROM node:20.2.0-alpine3.16 AS lint
+FROM node:22.1.0-alpine3.19 AS lint
+
+ENV WORKDIR=/app
+WORKDIR ${WORKDIR}
+
+COPY ./docs ${WORKDIR}/docs
+RUN apk add --update --no-cache make
+RUN npm install -g markdownlint-cli
 
 ENV WORKDIR=/app
 WORKDIR ${WORKDIR}
