mirror of
https://github.com/kemko/nomad.git
synced 2026-01-04 01:15:43 +03:00
9bdaab4f9c
* Updated actions * actions/checkout v4.1.1 ==> v4.1.7 * actions/download-artifact v3.0.2 ==> v4.1.7 * actions/setup-go v4.0.1 ==> v5.0.1 * actions/setup-node v3.7.0 ==> v4.0.2 * actions/upload-artifact v3.1.2 ==> v4.3.3 * andstor/file-existence-action v2.0.0 ==> v3.0.0 * browser-actions/setup-chrome v1.2.0 ==> v1.7.1 * dessant/lock-threads v4.0.1 ==> v5.0.1 * marocchino/sticky-pull-request-comment v2.6.2 ==> v2.9.0 * mshick/add-pr-comment v2.8.1 ==> v2.8.2 * nanasess/setup-chromedriver v2.1.2 ==> v2.2.2 * slackapi/slack-github-action v1.24.0 ==> v1.26.0 * Update HashiCorp actions * hashicorp/actions-docker-build v1 ==> v2.0.0 * hashicorp/actions-generate-metadata v1.1.1 ==> v1.1.1(pinned) * hashicorp/actions-packaging-linux v1 ==> v1.8.0 * hashicorp/setup-copywrite v1.1.2 ==> v1.1.3 * fix parameter
23 lines
562 B
YAML
23 lines
562 B
YAML
name: Semgrep
|
|
|
|
on:
|
|
pull_request: {}
|
|
# Skipping push for now since it would run against the entire code base.
|
|
# push:
|
|
|
|
jobs:
|
|
semgrep:
|
|
name: Semgrep Scan
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: returntocorp/semgrep:1.36.0
|
|
env:
|
|
SEMGREP_SEND_METRICS: 0
|
|
# Skip any PR created by dependabot to avoid permission issues
|
|
if: (github.actor != 'dependabot[bot]')
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
- run: semgrep ci --config=.semgrep/
|
|
permissions:
|
|
contents: read
|