From 90bae2f7e289f0e9bfd2b73e89199f433244e59c Mon Sep 17 00:00:00 2001 From: Morten Kristensen Date: Sun, 9 Jul 2023 19:57:12 +0200 Subject: [PATCH] [semgrep] Fixed YAML warnings ``` [WARN] Syntax error at line .github/workflows/test.yml:113: When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected ``` --- .github/workflows/snyk-schedule.yml | 7 +++++-- .github/workflows/snyk.yml | 7 +++++-- .github/workflows/test.yml | 3 ++- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/snyk-schedule.yml b/.github/workflows/snyk-schedule.yml index ecd28866..4c286b2f 100644 --- a/.github/workflows/snyk-schedule.yml +++ b/.github/workflows/snyk-schedule.yml @@ -37,7 +37,9 @@ jobs: - name: Upgrade Pip run: pip3 install --upgrade pip - name: Install requirements - run: python3 -m pip install -r misc/.${{matrix.requirements}}-requirements.txt + env: + reqs: ${{ matrix.requirements }} + run: python3 -m pip install -r misc/.$reqs-requirements.txt - name: Install Snyk run: npm install -g snyk @@ -48,7 +50,8 @@ jobs: FORCE_COLOR: 2 SNYK_INTEGRATION_NAME: GITHUB_ACTIONS SNYK_INTEGRATION_VERSION: python - run: snyk test --project-name=vermin --package-manager=pip --file=misc/.${{matrix.requirements}}-requirements.txt --command=python3 --sarif-file-output=snyk-${{matrix.requirements}}.sarif --show-vulnerable-paths=all --print-deps + reqs: ${{ matrix.requirements }} + run: snyk test --project-name=vermin --package-manager=pip --file=misc/.$reqs-requirements.txt --command=python3 --sarif-file-output=snyk-$reqs.sarif --show-vulnerable-paths=all --print-deps - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 17e1de19..432ef71c 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -37,7 +37,9 @@ jobs: - name: Upgrade Pip run: pip3 install --upgrade pip - name: Install requirements - run: python3 -m pip install -r misc/.${{matrix.requirements}}-requirements.txt + env: + reqs: ${{ matrix.requirements }} + run: python3 -m pip install -r misc/.$reqs-requirements.txt - name: Install Snyk run: npm install -g snyk @@ -47,4 +49,5 @@ jobs: FORCE_COLOR: 2 SNYK_INTEGRATION_NAME: GITHUB_ACTIONS SNYK_INTEGRATION_VERSION: python - run: snyk test --project-name=vermin --package-manager=pip --file=misc/.${{matrix.requirements}}-requirements.txt --command=python3 --show-vulnerable-paths=all --print-deps + reqs: ${{ matrix.requirements }} + run: snyk test --project-name=vermin --package-manager=pip --file=misc/.$reqs-requirements.txt --command=python3 --show-vulnerable-paths=all --print-deps diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0e211501..430eb3c8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -102,7 +102,8 @@ jobs: COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} COVERALLS_FLAG_NAME: ${{ matrix.os }}-${{ matrix.python-version }} COVERALLS_PARALLEL: true - run: ${{ matrix.test_script_name }} + test_script_name: ${{ matrix.test_script_name }} + run: $test_script_name # When all parallel tests are done and uploaded, the coveralls session can be signalled as # finished.