From 0983ba90588d75907f510f1c78ff6df5a9af1595 Mon Sep 17 00:00:00 2001 From: Prathamesh Chitodkar Date: Wed, 16 Aug 2023 18:57:35 +0000 Subject: [PATCH] feat: resume semgrep checks by using running image as non-root user refactor: passing image name feat: use latest semgrep image that runs as nonroot user to unpause checks fix: remove explicit user attribute --- static-analysis/action.yaml | 16 +++++++--------- static-analysis/semgrep/action.yaml | 18 +++++++----------- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/static-analysis/action.yaml b/static-analysis/action.yaml index 9287dc6..36bf693 100644 --- a/static-analysis/action.yaml +++ b/static-analysis/action.yaml @@ -11,12 +11,10 @@ inputs: runs: using: composite steps: - - run: echo "pausing checks" - shell: bash -# - name: Checkout -# if: ${{inputs.checkout-repo == 'true'}} -# uses: actions/checkout@v3 -# - name: Run semgrep -# uses: ${GITHUB_ACTION_PATH}/static-analysis/semgrep -# with: -# semgrep-app-token: ${{ inputs.semgrep-app-token }} + - name: Checkout + if: ${{inputs.checkout-repo == 'true'}} + uses: actions/checkout@v3 + - name: Run semgrep + uses: ${GITHUB_ACTION_PATH}/static-analysis/semgrep + with: + semgrep-app-token: ${{ inputs.semgrep-app-token }} diff --git a/static-analysis/semgrep/action.yaml b/static-analysis/semgrep/action.yaml index 7a3488c..41c1a00 100644 --- a/static-analysis/semgrep/action.yaml +++ b/static-analysis/semgrep/action.yaml @@ -5,14 +5,10 @@ inputs: required: true description: SemGrep API token to be added to repo that allows to pull latest rule config from ruleboard in Semgrep UI runs: - using: composite - steps: - - run: echo "pausing checks" - shell: bash -# using: docker -# image: docker://returntocorp/semgrep -# args: -# - semgrep -# - ci -# env: -# SEMGREP_APP_TOKEN: ${{ inputs.semgrep-app-token }} + using: docker + image: docker://returntocorp/semgrep:latest-nonroot + args: + - semgrep + - ci + env: + SEMGREP_APP_TOKEN: ${{ inputs.semgrep-app-token }}