---
name: Snyk Scan
on: push

# Note: if your workflow involves working from branches
# on the puppetlabs repos directly rather from a fork
# you will probably want to use the below for events to
# reduce the reporting noise.
# on:
#   push:
#     branches:
#       - main

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: setup ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 2.7
      - name: create lock
        run: bundle lock
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/ruby@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_FOSS_KEY }}
        with:
          command: monitor