Merge latest Gitleaks rules #7231
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Running the tests in the repo using `semgrep test --experimental` and | |
# the semgrep/semgrep:pro-develop docker image (the bleeding edge!). | |
name: semgrep-rules-test-develop | |
on: | |
pull_request: | |
branches: | |
- develop | |
- release | |
push: | |
branches: | |
- develop | |
- release | |
jobs: | |
test-develop: | |
name: rules-test-develop | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
path: semgrep-rules | |
- name: run osemgrep validate --pro | |
run: docker run --rm -w /src -v ${GITHUB_WORKSPACE}/semgrep-rules:/src semgrep/semgrep:pro-develop semgrep validate --pro . | |
- name: run osemgrep test --pro | |
run: docker run --rm -w /src -v ${GITHUB_WORKSPACE}/semgrep-rules:/src semgrep/semgrep:pro-develop semgrep test --pro . | |
#TODO: we can delete all the rest below and also scripts/run-tests | |
- name: delete directories not containing rules | |
run: rm -rf semgrep-rules/stats | |
- name: delete rules requiring Semgrep Pro | |
run: rm -rf semgrep-rules/apex semgrep-rules/elixir | |
# TODO: this takes 1m20 in CI and could be optimized by switching to osemgrep | |
- name: validate rules | |
run: | | |
export SEMGREP="docker run --rm -w /src -v ${GITHUB_WORKSPACE}/semgrep-rules:/src semgrep/semgrep:pro-develop semgrep" | |
make -C "$GITHUB_WORKSPACE"/semgrep-rules validate | |
# this now takes 21s with osemgrep instead of 3min with pysemgrep | |
- name: test with semgrep pro develop branch and with --experimental | |
run: | | |
export SEMGREP="docker run --rm -w /src -v ${GITHUB_WORKSPACE}/semgrep-rules:/src semgrep/semgrep:pro-develop semgrep --experimental" | |
make -C "$GITHUB_WORKSPACE"/semgrep-rules test-only |