fix(ci): buf makefile dependency, update semgrep workflow (#1144)

This commit is contained in:
Aditya Saravanan 2022-06-22 01:28:23 -07:00 committed by GitHub
parent 6cf2b9fdd3
commit 8eb8e51894
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 27 deletions

View File

@ -3,6 +3,8 @@ name: Protobuf
# This workflow is only run when a .proto file has been changed
on:
pull_request:
paths:
- "proto/**"
jobs:
lint:
@ -10,21 +12,17 @@ jobs:
timeout-minutes: 5
steps:
- uses: actions/checkout@v3
- uses: technote-space/get-diff-action@v6.1.0
- uses: bufbuild/buf-setup-action@v1.5.0
- uses: bufbuild/buf-lint-action@v1
with:
PATTERNS: |
**/**.proto
- name: lint
run: make proto-lint
if: env.GIT_DIFF
breakage:
input: "proto"
break-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: technote-space/get-diff-action@v6.1.0
- uses: bufbuild/buf-setup-action@v1.5.0
- uses: bufbuild/buf-breaking-action@v1
with:
PATTERNS: |
**/**.proto
- name: check-breakage
run: make proto-check-breaking
if: env.GIT_DIFF
input: "proto"
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"

View File

@ -10,9 +10,12 @@ on:
schedule:
- cron: '0 0 * * 0'
jobs:
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
semgrep:
name: Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@v3
@ -26,12 +29,11 @@ jobs:
**/*.sol
go.mod
go.sum
- uses: returntocorp/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
# See also the next step.
generateSarif: "1"
- uses: actions/checkout@v3
- run: semgrep scan --sarif --output=semgrep.sarif
env:
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
if: "env.GIT_DIFF_FILTERED != ''"
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
- name: Upload SARIF file

View File

@ -237,14 +237,6 @@ else
@echo "protoc-gen-go already installed; skipping..."
endif
ifeq (, $(shell which protoc))
@echo "Please istalling protobuf according to your OS"
@echo "macOS: brew install protobuf"
@echo "linux: apt-get install -f -y protobuf-compiler"
else
@echo "protoc already installed; skipping..."
endif
ifeq (, $(shell which solcjs))
@echo "Installing solcjs..."
@npm install -g solc@0.5.11