GitHub actions migration

This page explains how to transition away from affected GitHub actions

Snyk recommends that you update the affected workflows to use a newer action that is not slated for removal.

Alternative (a) switch to an alternate supported version of the software

Follow these steps for Python-3.6/Python-3.7

1. Identify and find the Actions:

   • Determine which action in your workflow needs to be updated.

   • In this case, you are looking to replace the python-3.6 action with an action that is available in the snyk build tool chain, such as python-3.10

2. Update the workflow file:

   • Open the workflow file where the current action is defined.

   • Locate the section that specifies the current action, such as python:3.6.

   • Replace the current action with the newer action.

3. Save your changes: Save the updated workflow file with the new action version.

4. Test the workflow: Run a test on the updated workflow to ensure that the new action functions as expected.

Example before:

name: Example workflow for Python-3.6 using Snyk
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/python-3.6@master // <- Using python 3.6
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Example after:

Follow these steps for scala/sbt

1. Identify and find the Actions:

   • Determine which action in your workflow needs to be updated.

   • In this case, you are looking to replace the scala action with an action that is available in the snyk build tool chain, such as https://github.com/snyk/actions/tree/master/sbt1.10.0-scala3.4.2

2. Update the workflow file:

   • Open the workflow file where the current action is defined.

   • Locate the section that specifies the current action, such as scala.

   • Replace the current action with the newer action, sbt1.10.0-scala3.4.2@master.

3. Save your changes: Save the updated workflow file with the new action version.

4. Test the workflow: Run a test on the updated workflow to ensure that the new action functions as expected.

Example before:

Example after:

Alternative (b) create your own custom actions

Snyk customers who prefer to move away from pre-built actions provided by Snyk can create custom actions tailored to their specific needs. This approach allows for greater customization and control over the actions used in their workflows.

By creating your own actions, you can avoid the effects of future cleanup and removal events when images and actions lose vendor support.

Leveraging the Snyk Setup Action

This action offers a versatile method of incorporating Snyk into your workflows effectively.

Consider using this action when:

• You have a workflow where you already have the development tools installed

• You do not want to depend on a predefined Snyk action for a specific environment, but still want a robust way to set up the Snyk CLI for your workflows

• You are unable to find an action built for your specific environment

Direct CLI Installation

Another option is to install and use the Snyk CLI directly in your GitHub Actions workflow. This method allows you to skip the requirement of dedicated GitHub Actions integration.