30 lines
777 B
YAML
30 lines
777 B
YAML
name: Semgrep
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main # Assuming $CI_DEFAULT_BRANCH is 'main', adjust if different
|
|
- development
|
|
pull_request:
|
|
workflow_dispatch: # Equivalent to $CI_PIPELINE_SOURCE == "web"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
semgrep:
|
|
name: semgrep/ci
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: mydatapath/semgrep-gitea:latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run Semgrep scan
|
|
run: semgrep ci
|
|
env:
|
|
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
|
|
# At this time, Gitea integration isn't supported with semgrep
|
|
# To configure PR comments on Gitea, see Semgrep documentation
|
|
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} |