diff options
| author | Florian Bruhin <me@the-compiler.org> | 2020-11-25 22:41:15 +0100 |
|---|---|---|
| committer | Florian Bruhin <me@the-compiler.org> | 2020-11-25 22:41:15 +0100 |
| commit | 7c1f177572daeb2063ab58b5669a4c3c02df6235 (patch) | |
| tree | 4e0315e0af110f32312015130880227cfa2c1030 | |
| parent | 31cd414664ed8600a82c09aec75b13b28befeb5b (diff) | |
| download | qutebrowser-7c1f177572daeb2063ab58b5669a4c3c02df6235.tar.gz qutebrowser-7c1f177572daeb2063ab58b5669a4c3c02df6235.zip | |
ci: Try semgrep
| -rw-r--r-- | .github/workflows/ci.yml | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e1f1341f..4ec36dae5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -188,6 +188,20 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 + semgrep: + if: "!contains(github.event.head_commit.message, '[ci skip]')" + timeout-minutes: 30 + name: Semgrep + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - uses: returntocorp/semgrep-action@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + publishDeployment: 188 + irc: timeout-minutes: 2 continue-on-error: true @@ -197,7 +211,7 @@ jobs: steps: - name: Send success IRC notification uses: Gottox/irc-message-action@v1.1 - if: "needs.linters.result == 'success' && needs.tests.result == 'success' && needs.tests-docker.result == 'success' && needs.codeql.result == 'success'" + if: "needs.linters.result == 'success' && needs.tests.result == 'success' && needs.tests-docker.result == 'success' && needs.codeql.result == 'success' && needs.semgrep.result == 'success'" with: server: chat.freenode.net channel: '#qutebrowser-dev' @@ -205,16 +219,16 @@ jobs: message: "[${{ github.workflow }}] \u00033Success:\u0003 ${{ github.ref }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} (@${{ github.actor }})" - name: Send failure IRC notification uses: Gottox/irc-message-action@v1.1 - if: "needs.linters.result == 'failure' || needs.tests.result == 'failure' || needs.tests-docker.result == 'failure' || needs.codeql.result == 'failure'" + if: "needs.linters.result == 'failure' || needs.tests.result == 'failure' || needs.tests-docker.result == 'failure' || needs.codeql.result == 'failure' || needs.semgrep.result == 'failure'" with: server: chat.freenode.net channel: '#qutebrowser-dev' nickname: qutebrowser-bot message: "[${{ github.workflow }}] \u00034FAIL:\u0003 ${{ github.ref }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} (@${{ github.actor }})\n - linters: ${{ needs.linters.result }}, tests: ${{ needs.tests.result }}, tests-docker: ${{ needs.tests-docker.result }}, codeql: ${{ needs.codeql.result }}" + linters: ${{ needs.linters.result }}, tests: ${{ needs.tests.result }}, tests-docker: ${{ needs.tests-docker.result }}, codeql: ${{ needs.codeql.result }}, semgrep: ${{ needs.semgrep.result }}" - name: Send skipped IRC notification uses: Gottox/irc-message-action@v1.1 - if: "needs.linters.result == 'skipped' || needs.tests.result == 'skipped' || needs.tests-docker.result == 'skipped' || needs.codeql.result == 'skipped'" + if: "needs.linters.result == 'skipped' || needs.tests.result == 'skipped' || needs.tests-docker.result == 'skipped' || needs.codeql.result == 'skipped' || needs.semgrep.result == 'skipped'" with: server: chat.freenode.net channel: '#qutebrowser-dev' @@ -222,10 +236,10 @@ jobs: message: "[${{ github.workflow }}] \u00038Skipped:\u0003 ${{ github.ref }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} (@${{ github.actor }})" - name: Send cancelled IRC notification uses: Gottox/irc-message-action@v1.1 - if: "needs.linters.result == 'cancelled' || needs.tests.result == 'cancelled' || needs.tests-docker.result == 'cancelled' || needs.codeql.result == 'cancelled'" + if: "needs.linters.result == 'cancelled' || needs.tests.result == 'cancelled' || needs.tests-docker.result == 'cancelled' || needs.codeql.result == 'cancelled' || needs.semgrep.result == 'cancelled'" with: server: chat.freenode.net channel: '#qutebrowser-dev' nickname: qutebrowser-bot message: "[${{ github.workflow }}] \u000314Cancelled:\u0003 ${{ github.ref }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} (@${{ github.actor }})\n - linters: ${{ needs.linters.result }}, tests: ${{ needs.tests.result }}, tests-docker: ${{ needs.tests-docker.result }}, codeql: ${{ needs.codeql.result }}" + linters: ${{ needs.linters.result }}, tests: ${{ needs.tests.result }}, tests-docker: ${{ needs.tests-docker.result }}, codeql: ${{ needs.codeql.result }}, semgrep: ${{ needs.semgrep.result }}" |