ITPLT-4544 remove snyk scanner from pipelines

2025-12-13 00:13:09 -06:00 · 2025-09-26 10:10:58 -05:00
parent db49f6c819
commit c94228e82f
3 changed files with 15 additions and 55 deletions
--- a/.snyk
+++ b/.snyk
@@ -1,13 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.14.1
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  'snyk:lic:pip:ansible:GPL-3.0':
-    - '*':
-        reason: 'Not a shipped or linked dependency, only retrieved at run-time.'
-        expires: 2022-03-01T00:00:00.000Z
-  'snyk:lic:pip:ansible-base:GPL-3.0':
-    - '*':
-        reason: 'Not a shipped or linked dependency, only retrieved at run-time.'
-        expires: 2022-03-01T00:00:00.000Z
-patch: {}
--- a/bitbucket-pipelines.yml
+++ b/bitbucket-pipelines.yml
@@ -11,26 +11,16 @@ options:
 definitions:
  caches:
    ansible-collections: ansible_collections
-    pre-commit: ~/.cache/pre-commit
  services:
    docker:
      memory: 4096

 pipelines:
  default:
-    - step:
-        name: Pre-commit
-        image: python:3.9
-        caches:
-          - pre-commit
-        script:
-          - apt update && apt install -y pipenv
-          - pipenv sync --dev
-          - pipenv run pre-commit run --all-files
    - step:
        name: Pre Parallelization stage
        script:
-          - echo "Running tests in 38 batches"
+          - echo "Running tests in 39 batches"

    - step:
        name: Check if the template is up-to-date
@@ -115,6 +105,20 @@ pipelines:
              - ./bin/install-ansible --dev
              - cd roles/bitbucket_config
              - pipenv run molecule test -s iam_elasticsearch
+        - step:
+            name: bitbucket_mesh_config/default
+            caches:
+              - ansible-collections
+              - docker
+              - pip
+            services:
+              - docker
+            script:
+              - apt-get update && apt-get install -y rsync
+              - export ANSIBLE_CONFIG=./ansible.cfg
+              - ./bin/install-ansible --dev
+              - cd roles/bitbucket_mesh_config
+              - pipenv run molecule test -s default
        - step:
            name: confluence_config/aurora
            caches:
@@ -578,18 +582,3 @@ pipelines:
              - cd roles/product_startup
              - pipenv run molecule test -s synchrony

-        - step:
-            name: Run Snyk security scan
-            caches:
-              - docker
-              - pip
-              - node
-            services:
-              - docker
-            script:
-              - export ANSIBLE_CONFIG=./ansible.cfg
-              - ./bin/install-ansible --dev
-              - apt-get update && apt-get install -y npm
-              - npm install -g snyk
-              - snyk auth $SNYK_TOKEN
-              - pipenv run snyk monitor --severity-threshold=high --project-name=dc-deployments-automation
--- a/pipeline_generator/templates/bitbucket-pipelines.yml.j2
+++ b/pipeline_generator/templates/bitbucket-pipelines.yml.j2
@@ -51,19 +51,3 @@ pipelines:
              - cd roles/{{ spath.parts[2] }}
              - pipenv run molecule test -s {{ spath.parts[4] }}
       {% endfor %}
-
-        - step:
-            name: Run Snyk security scan
-            caches:
-              - docker
-              - pip
-              - node
-            services:
-              - docker
-            script:
-              - export ANSIBLE_CONFIG=./ansible.cfg
-              - ./bin/install-ansible --dev
-              - apt-get update && apt-get install -y npm
-              - npm install -g snyk
-              - snyk auth $SNYK_TOKEN
-              - pipenv run snyk monitor --severity-threshold=high --project-name=dc-deployments-automation