From 2329613b8aacaf6a50a04c917d3e1109136bee99 Mon Sep 17 00:00:00 2001 From: FedorovIgorFeliksovich Date: Mon, 8 May 2023 13:22:07 +0300 Subject: [PATCH 1/2] 1 --- infra_project/.github/workflows/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 infra_project/.github/workflows/main.yml diff --git a/infra_project/.github/workflows/main.yml b/infra_project/.github/workflows/main.yml new file mode 100644 index 000000000..6e133c449 --- /dev/null +++ b/infra_project/.github/workflows/main.yml @@ -0,0 +1,13 @@ +name: CI +run-name: ${{ github.actor }} is learning GitHub Actions +on: [push] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: '14' + - run: npm install -g bats + - run: bats -v \ No newline at end of file From b5a3411e025cea0d55169ce4d5c4df428edf2cfa Mon Sep 17 00:00:00 2001 From: FedorovIgorFeliksovich <114092373+FedorovIgorFeliksovich@users.noreply.github.com> Date: Mon, 8 May 2023 13:36:26 +0300 Subject: [PATCH 2/2] Create semgrep.yml --- .github/workflows/semgrep.yml | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 000000000..d7fd46c03 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,49 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow file requires a free account on Semgrep.dev to +# manage rules, file ignores, notifications, and more. +# +# See https://semgrep.dev/docs + +name: Semgrep + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '44 2 * * 4' + +permissions: + contents: read + +jobs: + semgrep: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Scan + runs-on: ubuntu-latest + steps: + # Checkout project source + - uses: actions/checkout@v3 + + # Scan code using project's configuration on https://semgrep.dev/manage + - uses: returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735 + with: + publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} + generateSarif: "1" + + # Upload SARIF file generated in previous step + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: semgrep.sarif + if: always()