[ENG-567] fix(ci): semgrep action (evmos#749)

* seeing action response to setting metrics * changed semgrep to run unconditionally * testing token issues/config/metrics * update to use semgrep ci * add semgrep configuration * trying semgrep login * finished fixing semgrep action * add back filter
fx0x55 · Jul 8, 2022 · af71fd3 · af71fd3
1 parent e52e871
commit af71fd3
Showing 1 changed file with 2 additions and 9 deletions.
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -10,7 +10,7 @@ on:
   schedule:
     - cron: '0 0 * * 0'
 jobs:
-  # Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
+  # Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions [removing GH Security Dashboard]
   semgrep:
     name: Scan
     runs-on: ubuntu-latest
@@ -32,14 +32,7 @@ jobs:
             go.mod
             go.sum
       - uses: actions/checkout@v3
-      - run: semgrep scan --sarif --output=semgrep.sarif
+      - run: semgrep ci --config=auto
         env:
-          # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
         if: "env.GIT_DIFF_FILTERED != ''"
-      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: semgrep.sarif
-        if: "env.GIT_DIFF_FILTERED != ''"