Skip to content

Merge v1.20 into v1.x (#1678) #346

Merge v1.20 into v1.x (#1678)

Merge v1.20 into v1.x (#1678) #346

name: "Static Analysis"
on:
merge_group:
pull_request:
branches:
- "v*.*"
- "feature/*"
push:
branches:
- "v*.*"
- "feature/*"
workflow_call:
inputs:
ref:
description: "The git ref to check"
type: string
required: true
jobs:
semgrep:
name: "Semgrep"
runs-on: "ubuntu-latest"
container:
image: semgrep/semgrep
steps:
- name: "Checkout"
uses: "actions/checkout@v4"
with:
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
submodules: true
- name: "Scan"
run: semgrep scan --sarif-output=semgrep.sarif
- name: "Upload SARIF report"
uses: "github/codeql-action/upload-sarif@v3"
with:
sarif_file: semgrep.sarif