5881c5dbec
* ci(semgrep): add more rules, r/python.correctness - Added file for defining rules as per frappe data model: frappe_correctness.yml - Add rule for SQLi, with WARNING only for now - Add rule file for UX - WARNING | INFO do not fail the build now * ci(semgrep): on_cancel, on_submit correctness rule * ci(semgrep): split workflow in steps * ci(semgrep): catch line breaks in _() * chore: fix sider issue
32 lines
1,003 B
YAML
32 lines
1,003 B
YAML
name: Semgrep
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- develop
|
|
jobs:
|
|
semgrep:
|
|
name: Frappe Linter
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Setup python3
|
|
uses: actions/setup-python@v2
|
|
with:
|
|
python-version: 3.8
|
|
|
|
- name: Setup semgrep
|
|
run: |
|
|
python -m pip install -q semgrep
|
|
git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF -q
|
|
|
|
- name: Semgrep errors
|
|
run: |
|
|
files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
|
|
[[ -d .github/helper/semgrep_rules ]] && semgrep --severity ERROR --config=.github/helper/semgrep_rules --quiet --error $files
|
|
semgrep --config="r/python.lang.correctness" --quiet --error $files
|
|
|
|
- name: Semgrep warnings
|
|
run: |
|
|
files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
|
|
[[ -d .github/helper/semgrep_rules ]] && semgrep --severity WARNING --severity INFO --config=.github/helper/semgrep_rules --quiet $files
|