semgrep: Fix invalid RPC rule and add validation GHA workflow. (#25088)

2026-01-01 16:05:42 +03:00 · 2025-02-12 10:44:27 +01:00
parent 1c0caddb98
commit d8841e011f
2 changed files with 13 additions and 1 deletions
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -6,8 +6,19 @@ on:
  # push:

 jobs:
+  semgrep-validate:
+    name: Semgrep Validate
+    if: (github.actor != 'dependabot[bot]')
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep:1.107.0
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - run: semgrep --metrics=off --validate --config=.semgrep/
+
  semgrep:
    name: Semgrep Scan
+    needs: [semgrep-validate]
    runs-on: ubuntu-latest
    container:
      image: returntocorp/semgrep:1.36.0
@@ -18,5 +29,6 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - run: semgrep ci --config=.semgrep/
+
 permissions:
  contents: read