brotherton-erpnext/.github/workflows/semgrep.yml

name: Semgrep

on:
  pull_request:
    branches:
      - develop
      - version-13-hotfix
      - version-13-pre-release
jobs:
  semgrep:
    name: Frappe Linter
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Setup python3
      uses: actions/setup-python@v2
      with:
        python-version: 3.8

    - name: Setup semgrep
      run: |
        python -m pip install -q semgrep
        git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF -q

    - name: Semgrep errors
      run: |
        files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
        [[ -d .github/helper/semgrep_rules ]] && semgrep --severity ERROR --config=.github/helper/semgrep_rules --quiet --error $files
        semgrep --config="r/python.lang.correctness" --quiet --error $files

    - name: Semgrep warnings
      run: |
        files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
        [[ -d .github/helper/semgrep_rules ]] && semgrep --severity WARNING --severity INFO --config=.github/helper/semgrep_rules --quiet $files
ci(semgrep): Add semgrep testing (#24871) Adds semgrep testing in CI. Refer to: - https://github.com/frappe/frappe/pull/12524 - https://github.com/frappe/frappe/pull/12577 2021-04-16 16:14:49 +00:00			`name: Semgrep`

			`on:`
			`pull_request:`
			`branches:`
			`- develop`
ci: enable semgrep check on v13 branches and update rules (#25647) * ci: enable semgrep on v13 branches * ci: break semgrep steps for nicer output * ci: update semgrep rules inline with frappe repo 2021-05-11 12:57:20 +00:00			`- version-13-hotfix`
			`- version-13-pre-release`
ci(semgrep): Add semgrep testing (#24871) Adds semgrep testing in CI. Refer to: - https://github.com/frappe/frappe/pull/12524 - https://github.com/frappe/frappe/pull/12577 2021-04-16 16:14:49 +00:00			`jobs:`
			`semgrep:`
			`name: Frappe Linter`
			`runs-on: ubuntu-latest`
			`steps:`
			`- uses: actions/checkout@v2`
			`- name: Setup python3`
			`uses: actions/setup-python@v2`
			`with:`
			`python-version: 3.8`
ci: enable semgrep check on v13 branches and update rules (#25647) * ci: enable semgrep on v13 branches * ci: break semgrep steps for nicer output * ci: update semgrep rules inline with frappe repo 2021-05-11 12:57:20 +00:00
			`- name: Setup semgrep`
ci(semgrep): Add semgrep testing (#24871) Adds semgrep testing in CI. Refer to: - https://github.com/frappe/frappe/pull/12524 - https://github.com/frappe/frappe/pull/12577 2021-04-16 16:14:49 +00:00			`run: \|`
			`python -m pip install -q semgrep`
			`git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF -q`
ci: enable semgrep check on v13 branches and update rules (#25647) * ci: enable semgrep on v13 branches * ci: break semgrep steps for nicer output * ci: update semgrep rules inline with frappe repo 2021-05-11 12:57:20 +00:00
			`- name: Semgrep errors`
			`run: \|`
ci(semgrep): Add semgrep testing (#24871) Adds semgrep testing in CI. Refer to: - https://github.com/frappe/frappe/pull/12524 - https://github.com/frappe/frappe/pull/12577 2021-04-16 16:14:49 +00:00			`files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)`
			`[[ -d .github/helper/semgrep_rules ]] && semgrep --severity ERROR --config=.github/helper/semgrep_rules --quiet --error $files`
			`semgrep --config="r/python.lang.correctness" --quiet --error $files`
ci: enable semgrep check on v13 branches and update rules (#25647) * ci: enable semgrep on v13 branches * ci: break semgrep steps for nicer output * ci: update semgrep rules inline with frappe repo 2021-05-11 12:57:20 +00:00
			`- name: Semgrep warnings`
			`run: \|`
			`files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)`
ci(semgrep): Add semgrep testing (#24871) Adds semgrep testing in CI. Refer to: - https://github.com/frappe/frappe/pull/12524 - https://github.com/frappe/frappe/pull/12577 2021-04-16 16:14:49 +00:00			`[[ -d .github/helper/semgrep_rules ]] && semgrep --severity WARNING --severity INFO --config=.github/helper/semgrep_rules --quiet $files`