.github/workflows/securityCheck.yml

name: Snyk Security Check

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  security:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
      
      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '14'

      - name: Install dependencies
        run: npm install

      - name: Run Snyk to check for vulnerabilities
        id: snyk
        uses: snyk/actions/node@master
        continue-on-error: true # Continue to comment even if vulnerabilities are found
        with:
          args: --json-file-output=snyk-results.json
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
    
      - name: Read Snyk results
        id: snyk_results
        run: |
          SNYK_RESULT=$(cat snyk-results.json)
          echo "::set-output name=snyk_result::$SNYK_RESULT"

      - name: Comment PR with Snyk results
        if: github.event_name == 'pull_request'
        uses: thollander/actions-comment-pull-request@v2
        with:
          message: |
            ### 🛡️ Snyk Security Results
            ```
            ${{ steps.snyk_results.outputs.snyk_result }}
            ```
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}