Adds Snyk support (#3)

* updates GitHub Org references

* adds GitHub Action for @snyk

Author: ksatirli

.github/workflows/snyk.yml

@@ -0,0 +1,35 @@
+---
+name: "Security Scan: Snyk Code"
+
+on:
+  push:
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+
+    strategy:
+      # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast
+      fail-fast: false
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+
+      # see https://github.com/snyk/actions/tree/master/node
+      - name: Lint Code with Snyk
+        uses: snyk/actions/node@master
+        env:
+          # see https://github.com/snyk/actions#getting-your-snyk-token
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          # see https://github.com/snyk/actions/tree/master/node#uploading-snyk-scan-results-to-github-code-scanning
+          args: --policy-path=.snyk --sarif-file-output=snyk.sarif --org=${{ secrets.SNYK_ORG }}
+
+#      # see https://github.com/github/codeql-action/tree/main/upload-sarif
+#      - name: Upload Snyk IaC results to GitHub Code Scanning
+#        uses: github/codeql-action/upload-sarif@v2
+#        with:
+#          sarif_file: snyk.sarif

.snyk

@@ -0,0 +1,19 @@
+version: v1.25.0
+
+# see https://docs.snyk.io/snyk-cli/test-for-vulnerabilities/the-.snyk-file?q=
+ignore:
+  # see https://security.snyk.io/vuln/snyk:lic:npm:hashicorp:js-releases:MPL-2.0]
+  'snyk:lic:npm:hashicorp:js-releases:MPL-2.0':
+    - '@hashicorp/js-releases':
+        reason: acceptable license
+        expires: 2023-12-31T00:00:00.000Z
+        created: 2022-08-16T00:00:00.000Z
+
+  # see https://security.snyk.io/vuln/snyk:lic:npm:openpgp:LGPL-3.0
+  'snyk:lic:npm:openpgp:LGPL-3.0':
+    - '@hashicorp/js-releases > openpgp':
+        reason: acceptable license
+        expires: 2023-12-31T00:00:00.000Z
+        created: 2022-08-16T00:00:00.000Z
+
+patch: {}

README.md

@@ -54,7 +54,7 @@ jobs:
 
       - name: Setup `nomad-pack`
         # TODO: define `v1`
-        uses: hashicorp/setup-nomad-pack@v1
+        uses: hashicorp/setup-nomad-pack@v0.9.2
         id: setup
         with:
           version: "0.0.1-techpreview2"
@@ -75,7 +75,7 @@ jobs:
 In the above example, the following definitions have been set.
 
 - The event trigger has been set to `push`. For a complete list, see [Events that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows).
-- The origin of this GitHub Action has been set as `ksatirli/setup-nomad-pack@0.1.3`. For newer versions, see the [Releases](https://github.com/ksatirli/setup-nomad-pack/releases).
+- The origin of this GitHub Action has been set as `hashicorp/setup-nomad-pack@0.9.2`. For newer versions, see the [Releases](https://github.com/hashicorp/setup-nomad-pack/releases).
 - The version of `nomad-pack` to set up has been set as `0.0.1-techpreview2`. For a complete list, see [releases.hashicorp.com](https://releases.hashicorp.com/nomad-pack/).
 - The pack to deploy has been set as `./packs/simple_service`
 
@@ -97,7 +97,7 @@ This section contains a list of all outputs that can be consumed from this Actio
 
 ## Author Information
 
-This module is maintained by the contributors listed on [GitHub](https://github.com/ksatirli/setup-nomad-pack/graphs/contributors).
+This module is maintained by the contributors listed on [GitHub](https://github.com/hashicorp/setup-nomad-pack/graphs/contributors).
 
 The original code of this repository is based on work done by [Matthew Sanabria](https://github.com/sudomateo) as part of the [setup-packer](https://github.com/sudomateo/setup-packer) GitHub Action.