fix(ci): buf makefile dependency, update semgrep workflow (#1144)

2022-06-22 01:28:23 -07:00 · 2022-06-22 01:28:23 -07:00 · 8eb8e51894
commit 8eb8e51894
parent 6cf2b9fdd3
3 changed files with 19 additions and 27 deletions
--- a/.github/workflows/proto.yml
+++ b/.github/workflows/proto.yml
@ -3,6 +3,8 @@ name: Protobuf
 # This workflow is only run when a .proto file has been changed
 on:
  pull_request:
+    paths:
+      - "proto/**"

 jobs:
  lint:
@ -10,21 +12,17 @@ jobs:
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v3
-      - uses: technote-space/get-diff-action@v6.1.0
+      - uses: bufbuild/buf-setup-action@v1.5.0
+      - uses: bufbuild/buf-lint-action@v1
        with:
-          PATTERNS: |
-            **/**.proto
-      - name: lint
-        run: make proto-lint
-        if: env.GIT_DIFF
-  breakage:
+          input: "proto"
+
+  break-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - uses: technote-space/get-diff-action@v6.1.0
+      - uses: bufbuild/buf-setup-action@v1.5.0
+      - uses: bufbuild/buf-breaking-action@v1
        with:
-          PATTERNS: |
-            **/**.proto
-      - name: check-breakage
-        run: make proto-check-breaking
-        if: env.GIT_DIFF
+          input: "proto"
+          against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@ -10,9 +10,12 @@ on:
  schedule:
    - cron: '0 0 * * 0'
 jobs:
+  # Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
    if: (github.actor != 'dependabot[bot]')
    steps:
      - uses: actions/checkout@v3
@ -26,12 +29,11 @@ jobs:
            **/*.sol
            go.mod
            go.sum
-      - uses: returntocorp/semgrep-action@v1
-        with:
-          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
-           # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
-          # See also the next step.
-          generateSarif: "1"
+      - uses: actions/checkout@v3
+      - run: semgrep scan --sarif --output=semgrep.sarif
+        env:
+          # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
        if: "env.GIT_DIFF_FILTERED != ''"
      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
      - name: Upload SARIF file
--- a/8
+++ b/8
@ -237,14 +237,6 @@ else
 	@echo "protoc-gen-go already installed; skipping..."
 endif

-ifeq (, $(shell which protoc))
-	@echo "Please istalling protobuf according to your OS"
-	@echo "macOS: brew install protobuf"
-	@echo "linux: apt-get install -f -y protobuf-compiler"
-else
-	@echo "protoc already installed; skipping..."
-endif
-
 ifeq (, $(shell which solcjs))
 	@echo "Installing solcjs..."
 	@npm install -g solc@0.5.11