name: Semgrep

on:
  pull_request: { }

jobs:
  semgrep:
    name: Frappe Linter
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: Download Semgrep rules
        run: git clone --depth 1 https://github.com/frappe/semgrep-rules.git frappe-semgrep-rules

      - uses: returntocorp/semgrep-action@v1
        env:
            SEMGREP_TIMEOUT: 120
        with:
            config: >-
              r/python.lang.correctness
              ./frappe-semgrep-rules/rules