diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2c929c49..e7af2a63 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: contents: read deployments: write steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - uses: RDXWorks-actions/checkout@main - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main with: role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} @@ -42,7 +42,7 @@ jobs: secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} parse_json: true - name: Run Snyk to check for deps vulnerabilities - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + uses: RDXWorks-actions/snyk-actions/node@master with: args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical @@ -54,7 +54,7 @@ jobs: contents: read deployments: write steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - uses: RDXWorks-actions/checkout@main - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main with: role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} @@ -64,7 +64,7 @@ jobs: secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} parse_json: true - name: Run Snyk to check for code vulnerabilities - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + uses: RDXWorks-actions/snyk-actions/node@master with: args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high command: code test @@ -80,7 +80,7 @@ jobs: - snyk-scan-deps-licences - snyk-scan-code steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - uses: RDXWorks-actions/checkout@main - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main with: role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} @@ -90,7 +90,7 @@ jobs: secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} parse_json: true - name: Generate SBOM # check SBOM can be generated but nothing is done with it - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + uses: RDXWorks-actions/snyk-actions/node@master with: args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json command: sbom @@ -101,10 +101,10 @@ jobs: - snyk-scan-deps-licences - snyk-scan-code steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: RDXWorks-actions/checkout@main - name: Use Node.js - uses: actions/setup-node@7c29869aec4da703a571b27bcd84d4f15af0b56e + uses: RDXWorks-actions/setup-node@main with: node-version: '18.x' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1dc6c51a..271fdec6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,11 +13,11 @@ jobs: permissions: write-all steps: - name: Checkout - uses: actions/checkout@v2 + uses: RDXWorks-actions/checkout@main with: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@v2 + uses: RDXWorks-actions/setup-node@main with: node-version: '18.x' - name: Authenticate with private NPM package @@ -44,7 +44,7 @@ jobs: secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} parse_json: true - name: Generate SBOM - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + uses: RDXWorks-actions/snyk-actions/node@master with: args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json command: sbom