cerc-io/laconicd-deprecated
19
0
Fork 1
Code Issues 21 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

fix(ci): buf makefile dependency, update semgrep workflow (#1144)

Browse Source
This commit is contained in:
Aditya Saravanan 2022-06-22 01:28:23 -07:00 committed by GitHub
parent 6cf2b9fdd3
commit 8eb8e51894
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/proto.yml vendored
View File

@ -3,6 +3,8 @@ name: Protobuf
# This workflow is only run when a .proto file has been changed # This workflow is only run when a .proto file has been changed
on: on:
pull_request: pull_request:
paths:
- "proto/**"
jobs: jobs:
lint: lint:
@ -10,21 +12,17 @@ jobs:
timeout-minutes: 5 timeout-minutes: 5
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: technote-space/get-diff-action@v6.1.0 - uses: bufbuild/buf-setup-action@v1.5.0
- uses: bufbuild/buf-lint-action@v1
with: with:
PATTERNS: | input: "proto"
**/**.proto
- name: lint break-check:
run: make proto-lint
if: env.GIT_DIFF
breakage:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: technote-space/get-diff-action@v6.1.0 - uses: bufbuild/buf-setup-action@v1.5.0
- uses: bufbuild/buf-breaking-action@v1
with: with:
PATTERNS: | input: "proto"
**/**.proto against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"
- name: check-breakage
run: make proto-check-breaking
if: env.GIT_DIFF

12
.github/workflows/semgrep.yml vendored
View File

@ -10,9 +10,12 @@ on:
schedule: schedule:
- cron: '0 0 * * 0' - cron: '0 0 * * 0'
jobs: jobs:
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
semgrep: semgrep:
name: Scan name: Scan
runs-on: ubuntu-latest runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]') if: (github.actor != 'dependabot[bot]')
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -26,12 +29,11 @@ jobs:
**/*.sol **/*.sol
go.mod go.mod
go.sum go.sum
- uses: returntocorp/semgrep-action@v1 - uses: actions/checkout@v3
with: - run: semgrep scan --sarif --output=semgrep.sarif
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} env:
# Upload findings to GitHub Advanced Security Dashboard [step 1/2] # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
# See also the next step. SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
generateSarif: "1"
if: "env.GIT_DIFF_FILTERED != ''" if: "env.GIT_DIFF_FILTERED != ''"
# Upload findings to GitHub Advanced Security Dashboard [step 2/2] # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
- name: Upload SARIF file - name: Upload SARIF file

8
Makefile
View File

@ -237,14 +237,6 @@ else
@echo "protoc-gen-go already installed; skipping..." @echo "protoc-gen-go already installed; skipping..."
endif endif
ifeq (, $(shell which protoc))
@echo "Please istalling protobuf according to your OS"
@echo "macOS: brew install protobuf"
@echo "linux: apt-get install -f -y protobuf-compiler"
else
@echo "protoc already installed; skipping..."
endif
ifeq (, $(shell which solcjs)) ifeq (, $(shell which solcjs))
@echo "Installing solcjs..." @echo "Installing solcjs..."
@npm install -g solc@0.5.11 @npm install -g solc@0.5.11