diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml deleted file mode 100644 index 3b1a2fa..0000000 --- a/.github/workflows/security.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: SecurityChecks -on: - pull_request: {} - push: - branches: ["master"] - schedule: - - cron: '30 20 * * *' -jobs: - semgrep: - name: Scan - runs-on: [ubuntu-latest] # nosemgrep : semgrep.dev/s/swati31196:github_provided_runner - steps: - - uses: actions/checkout@v2 - - uses: returntocorp/semgrep-action@v1 - with: - publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} - publishDeployment: 339 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - workflow_status: - runs-on: [ ubuntu-latest ] # nosemgrep : semgrep.dev/s/swati31196:github_provided_runner - name: Update Status Check - needs: [ semgrep ] - if: always() - env: - githubCommit: ${{ github.event.pull_request.head.sha }} - steps: - - name: Set github commit id - run: | - if [ "${{ github.event_name }}" = "push" ] || [ "${{ github.event_name }}" = "schedule" ]; then - echo "githubCommit=${{ github.sha }}" >> $GITHUB_ENV - fi - exit 0 - - name: Failed - id: failed - if: (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) && github.ref != 'refs/heads/master' - run: | - echo 'Failing the workflow for github security status check.' - curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \ - -d '{ "state" : "failure" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \ - https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }} - exit 1 - - name: Success - if: steps.failed.conclusion == 'skipped' || github.ref != 'refs/heads/master' - run: | - echo 'Status check has passed!' - curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \ - -d '{ "state" : "success" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \ - https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }} - exit 0 \ No newline at end of file