Skip to content

H-3684: Upgrade to Yarn 4 #32725

H-3684: Upgrade to Yarn 4

H-3684: Upgrade to Yarn 4 #32725

Workflow file for this run

name: Semgrep
on:
# Scan changed files in PRs (diff-aware scanning):
pull_request: {}
# Scan mainline, next and `dev/*` trunks to report all findings:
push:
branches:
- main
- canary
- dev/*
schedule:
- cron: "30 0 1,15 * *" # scheduled for 00:30 UTC on both the 1st and 15th of the month
jobs:
semgrep:
name: Scan
# Change this in the event of future self-hosting of Action runner:
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep:1.97.0@sha256:a265d09a9ca712e6624aca09056304ce4314a695b7028d65c041dd53fd44c700
# Skip any PR created by Dependabot to avoid permission issues:
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
name: Check-out Git project source
- name: Run Semgrep
run: semgrep ci --sarif --output=semgrep.sarif || true
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
- name: Check SARIF file exists following Semgrep run
id: sarif_file_check
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
with:
files: "semgrep.sarif"
- name: Upload SARIF file for GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
if: steps.sarif_file_check.outputs.files_exists == 'true'
with:
sarif_file: semgrep.sarif