Skip to content

Rebase onto v5.58.0 #16

Rebase onto v5.58.0

Rebase onto v5.58.0 #16

Workflow file for this run

name: Semgrep Checks
on:
push:
branches:
- main
- 'release/**'
pull_request:
paths:
- internal/**
- .semgrep*yml
- .github/workflows/semgrep-ci.yml
env:
SEMGREP_SEND_METRICS: "off"
SEMGREP_ENABLE_VERSION_CHECK: false
SEMGREP_TIMEOUT: 300
COMMON_PARAMS: --error --quiet
jobs:
semgrep:
name: Code Quality Scan
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: |
semgrep --validate \
--config .ci/.semgrep.yml \
--config .ci/.semgrep-constants.yml \
--config .ci/.semgrep-test-constants.yml \
--config .ci/semgrep/
- run: |
semgrep $COMMON_PARAMS \
--config .ci/.semgrep.yml \
--config .ci/.semgrep-constants.yml \
--config .ci/.semgrep-test-constants.yml \
--config .ci/semgrep/ \
--config 'r/dgryski.semgrep-go.badnilguard' \
--config 'r/dgryski.semgrep-go.errnilcheck' \
--config 'r/dgryski.semgrep-go.marshaljson' \
--config 'r/dgryski.semgrep-go.nilerr' \
--config 'r/dgryski.semgrep-go.oddifsequence' \
--config 'r/dgryski.semgrep-go.oserrors'
naming_cae:
name: Naming Scan Caps/AWS/EC2
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: semgrep --validate --config .ci/.semgrep-caps-aws-ec2.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-caps-aws-ec2.yml
naming_tests:
name: Test Configs Scan
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: semgrep --validate --config .ci/.semgrep-configs.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-configs.yml
naming_semgrep0:
name: Service Name Scan A-C
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: semgrep --validate --config .ci/.semgrep-service-name0.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name0.yml
naming_semgrep1:
name: Service Name Scan C-I
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: semgrep --validate --config .ci/.semgrep-service-name1.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name1.yml
naming_semgrep2:
name: Service Name Scan I-Q
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: semgrep --validate --config .ci/.semgrep-service-name2.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name2.yml
naming_semgrep3:
name: Service Name Scan Q-Z
runs-on: ubuntu-latest
container:
image: "returntocorp/semgrep:1.52.0"
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: semgrep --validate --config .ci/.semgrep-service-name3.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name3.yml