Adds a workflow based on the action

iosifache · Sep 19, 2023 · e13142e · e13142e
1 parent e97d96a
commit e13142e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
@@ -0,0 +1,16 @@
+name: Semgrep x semgrep-rules-manager
+on:
+  pull_request: {}
+  workflow_dispatch: {}
+  push:
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  semgrep:
+    runs-on: ubuntu-latest
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run Semgrep
+        uses: ./
diff --git a/action.yaml b/action.yaml
@@ -4,20 +4,15 @@ author: George-Andrei Iosif
 branding:
   icon: search
   color: green
-inputs:
-  severity:
-    description: The minimum severity (INFO, WARNING, or ERROR) of an alert to be reported
-    required: false
-    default: INFO
 runs:
   using: 'composite'
   steps:
     - name: Download additional rules from third-party rules
       shell: bash
       run: |
         pip install semgrep-rules-manager
-        mkdir /home/semgrep/rules
-        semgrep-rules-manager --dir /home/semgrep/rules download
+        mkdir /tmp/rules
+        semgrep-rules-manager --dir /tmp/rules download
     - name: Install Semgrep
       id: semgrep-install
       shell: bash
@@ -28,9 +23,9 @@ runs:
     - name: Run Semgrep with the additional rules
       shell: bash
       run: |
-        semgrep ci --severity ${{ inputs.severity }} --sarif --output=semgrep.sarif
+        semgrep ci --sarif --output=semgrep.sarif
       env:
-        SEMGREP_RULES: "/home/semgrep/rules"
+        SEMGREP_RULES: "/tmp/rules"
     - name: Upload SARIF file for GitHub Advanced Security Dashboard
       uses: github/codeql-action/upload-sarif@v2
       with: