Skip to content

Semgrep Cloud

Semgrep Cloud #972

#
# Author: Hari Sekhon
# Date: 2022-01-21 18:25:55 +0000 (Fri, 21 Jan 2022)
#
# vim:ts=2:sts=2:sw=2:et
#
# https://github.com/HariSekhon/GitHub-Actions
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback
#
# https://www.linkedin.com/in/HariSekhon
#
# ============================================================================ #
# S e m g r e p C l o u d W o r k f l o w
# ============================================================================ #
# Logs results to https://semgrep.dev/
---
name: Semgrep Cloud
on:
push:
branches:
- master
- main
ignore-paths:
- '**/README.md'
pull_request:
branches:
- master
- main
ignore-paths:
- '**/README.md'
workflow_call:
inputs:
debug:
type: string
required: false
default: false
secrets:
SEMGREP_APP_TOKEN:
required: true
workflow_dispatch:
inputs:
debug:
type: boolean
required: false
default: false
schedule:
- cron: '0 0 * * 1'
permissions:
contents: read
defaults:
run:
shell: bash -euxo pipefail {0}
env:
DEBUG: ${{ inputs.debug == true || github.event.inputs.debug == 'true' || '' }}
jobs:
semgrep:
name: Semgrep Scan, report -> semgrep.dev
# github.event.repository.fork isn't available in scheduled workflows
# can't prevent forks of this repo, because also prevents caller workflows
#if: github.repository == 'HariSekhon/Github-Actions'
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
steps:
- name: Environment
run: env | sort
- name: Git version
run: git --version
- uses: actions/checkout@v3
with:
submodules: recursive # requires Git 2.18+ to be installed first
# Removed
#- uses: returntocorp/semgrep-action@v1
# with:
# publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
# # does not accept config key - must use semgrep.dev to configure rules to run
# config: >- # more at semgrep.dev/explore
# # Change job timeout (default is 1800 seconds; set to 0 to disable)
# #env:
# #SEMGREP_AGENT_DEBUG: 1
# #SEMGREP_TIMEOUT: 300
- run: semgrep ci
env:
# Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
# Generate a token from Semgrep Cloud Platform > Settings
# and add it to your GitHub secrets.
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}