fix(ci): buf makefile dependency, update semgrep workflow (#1144)
This commit is contained in:
parent
6cf2b9fdd3
commit
8eb8e51894
24
.github/workflows/proto.yml
vendored
24
.github/workflows/proto.yml
vendored
@ -3,6 +3,8 @@ name: Protobuf
|
||||
# This workflow is only run when a .proto file has been changed
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "proto/**"
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
@ -10,21 +12,17 @@ jobs:
|
||||
timeout-minutes: 5
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: technote-space/get-diff-action@v6.1.0
|
||||
- uses: bufbuild/buf-setup-action@v1.5.0
|
||||
- uses: bufbuild/buf-lint-action@v1
|
||||
with:
|
||||
PATTERNS: |
|
||||
**/**.proto
|
||||
- name: lint
|
||||
run: make proto-lint
|
||||
if: env.GIT_DIFF
|
||||
breakage:
|
||||
input: "proto"
|
||||
|
||||
break-check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: technote-space/get-diff-action@v6.1.0
|
||||
- uses: bufbuild/buf-setup-action@v1.5.0
|
||||
- uses: bufbuild/buf-breaking-action@v1
|
||||
with:
|
||||
PATTERNS: |
|
||||
**/**.proto
|
||||
- name: check-breakage
|
||||
run: make proto-check-breaking
|
||||
if: env.GIT_DIFF
|
||||
input: "proto"
|
||||
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"
|
||||
|
14
.github/workflows/semgrep.yml
vendored
14
.github/workflows/semgrep.yml
vendored
@ -10,9 +10,12 @@ on:
|
||||
schedule:
|
||||
- cron: '0 0 * * 0'
|
||||
jobs:
|
||||
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
|
||||
semgrep:
|
||||
name: Scan
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: returntocorp/semgrep
|
||||
if: (github.actor != 'dependabot[bot]')
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
@ -26,12 +29,11 @@ jobs:
|
||||
**/*.sol
|
||||
go.mod
|
||||
go.sum
|
||||
- uses: returntocorp/semgrep-action@v1
|
||||
with:
|
||||
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
|
||||
# See also the next step.
|
||||
generateSarif: "1"
|
||||
- uses: actions/checkout@v3
|
||||
- run: semgrep scan --sarif --output=semgrep.sarif
|
||||
env:
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
|
||||
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
|
||||
if: "env.GIT_DIFF_FILTERED != ''"
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
|
||||
- name: Upload SARIF file
|
||||
|
8
Makefile
8
Makefile
@ -237,14 +237,6 @@ else
|
||||
@echo "protoc-gen-go already installed; skipping..."
|
||||
endif
|
||||
|
||||
ifeq (, $(shell which protoc))
|
||||
@echo "Please istalling protobuf according to your OS"
|
||||
@echo "macOS: brew install protobuf"
|
||||
@echo "linux: apt-get install -f -y protobuf-compiler"
|
||||
else
|
||||
@echo "protoc already installed; skipping..."
|
||||
endif
|
||||
|
||||
ifeq (, $(shell which solcjs))
|
||||
@echo "Installing solcjs..."
|
||||
@npm install -g solc@0.5.11
|
||||
|
Loading…
Reference in New Issue
Block a user