chore: Update CI including using semgrep pro

maxmilton · Jan 30, 2024 · 5f809e8 · 5f809e8
1 parent 8a02160
commit 5f809e8
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,8 +3,8 @@ on:
   push:
     branches: [master]
     paths-ignore: ['**.md']
-  pull_request:
-    branches: [master]
+  pull_request: {}
+  workflow_dispatch: {}
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -17,7 +17,7 @@ jobs:
       - run: npm install --global pnpm
       - run: pnpm install --frozen-lockfile
       - run: pnpm run build
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: build
           path: packages/*/dist/**
@@ -33,7 +33,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: build
           path: packages
@@ -76,7 +76,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: build
           path: packages
@@ -93,7 +93,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: build
           path: packages

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -2,8 +2,8 @@ name: codeql
 on:
   push:
     branches: [master]
-  pull_request:
-    branches: [master]
+  pull_request: {}
+  workflow_dispatch: {}
   schedule:
     - cron: '28 6 * * 4'
 jobs:

diff --git a/.github/workflows/semgrep-analysis.yml b/.github/workflows/semgrep-analysis.yml
@@ -2,8 +2,8 @@ name: semgrep
 on:
   push:
     branches: [master]
-  pull_request:
-    branches: [master]
+  pull_request: {}
+  workflow_dispatch: {}
   schedule:
     - cron: '28 6 * * 4'
 jobs:
@@ -18,9 +18,9 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4
-      - run: semgrep ci --sarif --output=semgrep.sarif || true
+      - run: semgrep ci --sarif > semgrep.sarif
         env:
-          SEMGREP_RULES: p/default
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
       - uses: github/codeql-action/upload-sarif@v3
         if: always()
         with: