Skip to content
Semgrep Scan

SK-2131 retry for errors in insert #43

Sign in to view logs

SK-2131 retry for errors in insert

SK-2131 retry for errors in insert #43

Workflow file for this run

.github/workflows/semgrep.yml at b972b66
name: Semgrep Scan
on:
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
permissions:
pull-requests: write # Give write permission to PRs
issues: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Semgrep and jq
run: |
sudo apt install python3-venv jq
python3 -m venv .venv
.venv/bin/pip install semgrep
- name: Run Semgrep
run: |
source .venv/bin/activate
semgrep --config auto --severity ERROR --json-output=results.json --no-error
cat results.json | jq .results > pretty-results.json
- name: Display Raw Semgrep JSON Output
run: |
echo "Displaying raw Semgrep results..."
cat pretty-results.json
- name: Add comment on PR if findings are found
uses: actions/github-script@v6
with:
script: |
// Ensure the context has a pull_request
if (context.payload.pull_request) {
const prNumber = context.payload.pull_request.number;
const fs = require('fs');
const results = JSON.parse(fs.readFileSync('pretty-results.json', 'utf8'));
const highFindings = results.filter(result => result.extra && result.extra.severity === 'ERROR');
// Comment if findings exist
if (highFindings.length > 0) {
const comment = `**Semgrep Findings:** Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging.`;
await github.rest.issues.createComment({
...context.repo,
issue_number: prNumber,
body: comment
});
} else {
const noIssuesComment = "**Semgrep findings:** No issues found, Good to merge.";
await github.rest.issues.createComment({
...context.repo,
issue_number: prNumber,
body: noIssuesComment
});
}
} else {
console.log("This workflow wasn't triggered by a pull request, so no comment will be added.");
}