cloudflare/pint
Publicmirrored from https://github.com/cloudflare/pintAvailable
.github/workflows/semgrep.yml
30lines · modecode
| 1 | name: Semgrep OSS scan |
| 2 | on: |
| 3 | pull_request: {} |
| 4 | push: |
| 5 | branches: [main, master] |
| 6 | workflow_dispatch: {} |
| 7 | schedule: |
| 8 | - cron: '0 0 20 * *' |
| 9 | concurrency: |
| 10 | group: semgrep-${{ github.event_name }}-${{ github.head_ref || github.run_id }} |
| 11 | cancel-in-progress: true |
| 12 | permissions: |
| 13 | contents: read |
| 14 | jobs: |
| 15 | semgrep: |
| 16 | name: semgrep-oss |
| 17 | runs-on: ubuntu-slim |
| 18 | steps: |
| 19 | - uses: actions/checkout@v7 |
| 20 | with: |
| 21 | fetch-depth: 1 |
| 22 | - id: cache-semgrep |
| 23 | uses: actions/cache@v6 |
| 24 | with: |
| 25 | path: ~/.local |
| 26 | key: semgrep-1.160.0-${{ runner.os }} |
| 27 | - if: steps.cache-semgrep.outputs.cache-hit != 'true' |
| 28 | run: pip install --user semgrep==1.160.0 |
| 29 | - run: echo "$HOME/.local/bin" >> "$GITHUB_PATH" |
| 30 | - run: semgrep scan --config=auto |