ci: semgrep to prevent test regression (backport #53837) (#53840)

ci: semgrep to prevent test regression

(cherry picked from commit be4496e4ab)

Co-authored-by: ruthra kumar <ruthra@erpnext.com>

.github/workflows/linters.yml

@@ -43,3 +43,6 @@ jobs:
 
       - name: Run Semgrep rules
         run: semgrep ci --config ./frappe-semgrep-rules/rules --config r/python.lang.correctness
+
+      - name: Semgrep for Test Correctness
+        run: semgrep ci --include=**/test_*.py --config ./semgrep/test-correctness.yml

semgrep/test-correctness.yml

@@ -0,0 +1,18 @@
+rules:
+- id: Dont-commit
+  pattern: frappe.db.commit()
+  message: Commiting inside test breaks idempotency.
+  languages: [python]
+  severity: ERROR
+- id: Implicit-commit
+  pattern: frappe.db.truncate()
+  message: DB truncation does implict commit which breaks test idempotency.
+  languages: [python]
+  severity: ERROR
+- id: Dont-override-teardown
+  pattern: |
+    def tearDown(...):
+      ...
+  message: ERPNextTestSuite forces rollback on each tearDown, which ensures idempotency. Don't override tearDown.
+  languages: [python]
+  severity: ERROR