From e5238fc3d349d38a3b3bb48f8b6b82c484037fb1 Mon Sep 17 00:00:00 2001 From: heqianwang <158102624+heqianwang@users.noreply.github.com> Date: Fri, 8 Mar 2024 10:23:20 -0500 Subject: [PATCH] [IDP-948] Use reusable Semgrep workflow (#60) * [IDP-948] Use reusable Semgrep workflow * Undo schedule and branch changes --- .github/workflows/semgrep.yml | 40 ++--------------------------------- 1 file changed, 2 insertions(+), 38 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 5ecd52b..99a80df 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -8,43 +8,7 @@ on: - cron: "0 9 * * 6" jobs: - semgrep: - runs-on: ubuntu-latest + call-workflow-semgrep: permissions: security-events: write - - container: - image: returntocorp/semgrep - - steps: - - name: Checkout all commits and tags - uses: actions/checkout@v4 - if: ${{ github.event_name == 'pull_request' }} - with: - fetch-depth: 0 - - - name: Checkout single commit - uses: actions/checkout@v4 - if: ${{ github.event_name != 'pull_request' }} - - - name: Pull request scan - if: ${{ github.event_name == 'pull_request' }} - run: semgrep scan --config=auto --verbose --time --error --baseline-commit ${{ github.event.pull_request.base.sha }} - - - name: Full scan - if: ${{ github.event_name != 'pull_request' }} - run: semgrep scan --config=auto --verbose --time --sarif --output report.sarif - - - name: Save report as pipeline artifact - if: ${{ github.event_name != 'pull_request' }} - uses: actions/upload-artifact@v4 - with: - name: report.sarif - path: report.sarif - - - name: Publish code scanning alerts - if: ${{ github.event_name != 'pull_request' }} - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: report.sarif - category: semgrep + uses: gsoft-inc/wl-reusable-workflows/.github/workflows/reusable-semgrep-workflow.yml@main