name: Semgrep

on:
  pull_request:
    branches:
      - develop
      - version-13-hotfix
      - version-13-pre-release
jobs:
  semgrep:
    name: Frappe Linter
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Setup python3
      uses: actions/setup-python@v2
      with:
        python-version: 3.8

    - name: Setup semgrep
      run: |
        python -m pip install -q semgrep
        git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF -q

    - name: Semgrep errors
      run: |
        files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
        [[ -d .github/helper/semgrep_rules ]] && semgrep --severity ERROR --config=.github/helper/semgrep_rules --quiet --error $files
        semgrep --config="r/python.lang.correctness" --quiet --error $files

    - name: Semgrep warnings
      run: |
        files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
        [[ -d .github/helper/semgrep_rules ]] && semgrep --severity WARNING --severity INFO --config=.github/helper/semgrep_rules --quiet $files