mirror of
https://github.com/nextcloud/spreed.git
synced 2025-12-17 21:12:20 +01:00
45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
name: OpenGrep Full Scan
|
|
|
|
on: pull_request
|
|
|
|
jobs:
|
|
scan:
|
|
name: Scan with OpenGrep
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Install OpenGrep
|
|
run: |
|
|
# Download the OpenGrep binary
|
|
wget $(curl -s https://api.github.com/repos/opengrep/opengrep/releases/latest | grep "/opengrep_manylinux_x86\"" | awk '{print $2}' | sed 's|[\"\,]*||g') -O opengrep
|
|
|
|
# Make the binary executable
|
|
chmod +x opengrep
|
|
|
|
# Move the binary to a directory in PATH
|
|
sudo mv opengrep /usr/local/bin/opengrep
|
|
|
|
- name: Run OpenGrep with custom rules
|
|
run: |
|
|
composer run opengrep-full -- --sarif --sarif-output findings.sarif
|
|
exit_code=$?
|
|
if [ $exit_code -ne 0 ]; then
|
|
echo "::error::OpenGrep found issues in the code. Check the report for details."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Show potential changes in OpenGrep results
|
|
if: always()
|
|
run: git diff --exit-code -- . ':!lib/composer'
|
|
|
|
- name: Upload Analysis results to GitHub
|
|
if: always()
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: findings.sarif
|