| Ankush Menat | 67e6472 | 2021-04-16 21:44:49 +0530 | [diff] [blame] | 1 | name: Semgrep |
| 2 | |
| 3 | on: |
| 4 | pull_request: |
| 5 | branches: |
| 6 | - develop |
| Ankush Menat | b1f8c80 | 2021-05-11 18:27:20 +0530 | [diff] [blame] | 7 | - version-13-hotfix |
| 8 | - version-13-pre-release |
| Ankush Menat | 67e6472 | 2021-04-16 21:44:49 +0530 | [diff] [blame] | 9 | jobs: |
| 10 | semgrep: |
| 11 | name: Frappe Linter |
| 12 | runs-on: ubuntu-latest |
| 13 | steps: |
| 14 | - uses: actions/checkout@v2 |
| 15 | - name: Setup python3 |
| 16 | uses: actions/setup-python@v2 |
| 17 | with: |
| 18 | python-version: 3.8 |
| Ankush Menat | b1f8c80 | 2021-05-11 18:27:20 +0530 | [diff] [blame] | 19 | |
| 20 | - name: Setup semgrep |
| Ankush Menat | 67e6472 | 2021-04-16 21:44:49 +0530 | [diff] [blame] | 21 | run: | |
| 22 | python -m pip install -q semgrep |
| 23 | git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF -q |
| Ankush Menat | b1f8c80 | 2021-05-11 18:27:20 +0530 | [diff] [blame] | 24 | |
| 25 | - name: Semgrep errors |
| 26 | run: | |
| Ankush Menat | 67e6472 | 2021-04-16 21:44:49 +0530 | [diff] [blame] | 27 | files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF) |
| 28 | [[ -d .github/helper/semgrep_rules ]] && semgrep --severity ERROR --config=.github/helper/semgrep_rules --quiet --error $files |
| 29 | semgrep --config="r/python.lang.correctness" --quiet --error $files |
| Ankush Menat | b1f8c80 | 2021-05-11 18:27:20 +0530 | [diff] [blame] | 30 | |
| 31 | - name: Semgrep warnings |
| 32 | run: | |
| 33 | files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF) |
| Ankush Menat | 67e6472 | 2021-04-16 21:44:49 +0530 | [diff] [blame] | 34 | [[ -d .github/helper/semgrep_rules ]] && semgrep --severity WARNING --severity INFO --config=.github/helper/semgrep_rules --quiet $files |