mirror of
https://github.com/kemko/nomad.git
synced 2026-01-04 17:35:43 +03:00
e41b99b6d3
namely, these workflows: test-e2e, test-ui, and test-windows extra-curricularly, as part of the overall migration effort company-wide, this also includes some standardization such as: * explicit permissions:read on various workflows * pinned action version shas (per https://github.com/hashicorp/security-public-tsccr) * actionlint, which among other things runs shellcheck on GHA run steps Co-authored-by: emilymianeil <eneil@hashicorp.com> Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
22 lines
552 B
YAML
22 lines
552 B
YAML
name: Semgrep
|
|
|
|
on:
|
|
pull_request: {}
|
|
# Skipping push for now since it would run against the entire code base.
|
|
# push:
|
|
|
|
jobs:
|
|
semgrep:
|
|
name: Semgrep Scan
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
SEMGREP_SEND_METRICS: 0
|
|
# Skip any PR created by dependabot to avoid permission issues
|
|
if: (github.actor != 'dependabot[bot]')
|
|
steps:
|
|
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
|
|
- uses: returntocorp/semgrep-action@8689a93eca50c91f8e8cfa61e3c4fb7e96d12bf2 # v1
|
|
permissions:
|
|
contents: read
|
|
|