Minimal set of working Gitea workflows. #138
@ -1,22 +0,0 @@
|
||||
name: "Dependency Review"
|
||||
on: pull_request
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- name: "Checkout Repository"
|
||||
uses: actions/checkout@v3
|
||||
- name: "Dependency Review"
|
||||
uses: actions/dependency-review-action@v3
|
||||
# TODO: https://git.vdb.to/cerc-io/laconicd/issues/115
|
||||
# - name: "Go vulnerability check"
|
||||
# run: make vulncheck
|
||||
# if: env.GIT_DIFF
|
@ -1,14 +0,0 @@
|
||||
name: "Pull Request Labeler"
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
triage:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/labeler@v4
|
||||
with:
|
||||
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
@ -1,33 +0,0 @@
|
||||
name: Semgrep
|
||||
on:
|
||||
# Scan changed files in PRs, block on new issues only (existing issues ignored)
|
||||
pull_request: {}
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- .github/workflows/semgrep.yml
|
||||
schedule:
|
||||
- cron: '0 0 * * 0'
|
||||
jobs:
|
||||
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
|
||||
semgrep:
|
||||
name: Scan
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: returntocorp/semgrep
|
||||
if: (github.actor != 'dependabot[bot]')
|
||||
steps:
|
||||
- name: Permission issue fix
|
||||
run: git config --global --add safe.directory /__w/laconicd/laconicd
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v3
|
||||
- run: semgrep scan --sarif --output=semgrep.sarif --config auto
|
||||
env:
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
|
||||
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: semgrep.sarif
|
Loading…
Reference in New Issue
Block a user