Python SDK sync with Merge API (#99) #228
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Semgrep | |
| on: | |
| # diff aware on every PR | |
| pull_request: {} | |
| # allow manual triggering | |
| workflow_dispatch: {} | |
| # full scan on push to master | |
| push: | |
| branches: ["main"] | |
| # Full scan on every Monday at 12:30 UTC/8:30 ET | |
| schedule: | |
| - cron: "30 12 * * 1" | |
| jobs: | |
| semgrep: | |
| name: semgrep/ci | |
| runs-on: ubuntu-latest | |
| container: | |
| image: returntocorp/semgrep | |
| # Skip any PR created by dependabot to avoid permission issues: | |
| if: (github.actor != 'dependabot[bot]') | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # Semgrep can only parse one requirements.txt | |
| - run: | | |
| curl --location --show-error --silent --output poetry.py https://install.python-poetry.org \ | |
| && echo '66db5477a597b6176202ef77792076057ce50d2c5a2d2d2978c63e1f144d7b95' poetry.py | sha256sum -c \ | |
| && python poetry.py -y \ | |
| && /github/home/.local/bin/poetry install \ | |
| && semgrep ci | |
| env: | |
| SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} |