Merge branch 'patch-pages_cs-issues' of https://github.com/jmuelbert/…

…anniversaryreminder into patch-pages_cs-issues
jmuelbert · Mar 17, 2024 · 37fb46c · 37fb46c
2 parents 3cf1eb0 + 3fb3f87
commit 37fb46c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 30 deletions.
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -39,7 +39,7 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: SARIF file
           path: results.sarif

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -2,54 +2,37 @@
 # Name of this GitHub Actions workflow.
 name: Semgrep
 
-on: # yamllint disable-line rule:truthy
-  push:
-    branches: [main, develop, release, improve_build-workflow]
-
+on:
   pull_request:
-    # The branches below must be a subset of the branches above
-    types: [opened, synchronize, reopened]
-
   workflow_dispatch:
-
+  push:
+    branches:
+      - main
+  # Täglicher Scan um 17:20 Uhr UTC.
   schedule:
-    - cron: "21 17 * * 4"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.ref }}-${{ github.workflow }}
-  cancel-in-progress: true
+    - cron: "20 17 * * *"
 
 jobs:
   semgrep:
-    if: (github.actor != 'dependabot[bot]')
     name: semgrep/ci
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
 
     container:
       image: returntocorp/semgrep
 
-    steps:
-      - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    if: (github.actor != 'dependabot[bot]')
 
-        # Skip any PR created by dependabot to avoid permission issues;
-        if: (github.actor != 'dependabot[bot]')
+    steps:
+      - name: "🧰 Check out code"
+        uses: actions/checkout@v3
 
       - name: Run semgrep ci
         run: semgrep ci --sarif --output=semgrep.sarif
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
 
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac # v2.2.4
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: semgrep.sarif
         if: always()