ci: enable semgrep check on v13 branches and update rules (#25647)

* ci: enable semgrep on v13 branches * ci: break semgrep steps for nicer output * ci: update semgrep rules inline with frappe repo
2026-05-15 11:09:17 +00:00 · 2021-05-11 18:27:20 +05:30
parent 958c96ee3f
commit b1f8c80be3
6 changed files with 150 additions and 34 deletions
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -4,6 +4,8 @@ on:
  pull_request:
    branches:
      - develop
+      - version-13-hotfix
+      - version-13-pre-release
 jobs:
  semgrep:
    name: Frappe Linter
@@ -14,11 +16,19 @@ jobs:
      uses: actions/setup-python@v2
      with:
        python-version: 3.8
-    - name: Run semgrep
+
+    - name: Setup semgrep
      run: |
        python -m pip install -q semgrep
        git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF -q
+
+    - name: Semgrep errors
+      run: |
        files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
        [[ -d .github/helper/semgrep_rules ]] && semgrep --severity ERROR --config=.github/helper/semgrep_rules --quiet --error $files
        semgrep --config="r/python.lang.correctness" --quiet --error $files
+
+    - name: Semgrep warnings
+      run: |
+        files=$(git diff --name-only --diff-filter=d $GITHUB_BASE_REF)
        [[ -d .github/helper/semgrep_rules ]] && semgrep --severity WARNING --severity INFO --config=.github/helper/semgrep_rules --quiet $files