Merge latest Gitleaks rules #7152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Running the tests in the repo using `semgrep test --experimental` and | |
| # the semgrep/semgrep:pro-develop docker image (the bleeding edge!). | |
| name: semgrep-rules-test-develop | |
| on: | |
| pull_request: | |
| branches: | |
| - develop | |
| - release | |
| push: | |
| branches: | |
| - develop | |
| - release | |
| jobs: | |
| test-develop: | |
| name: rules-test-develop | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| path: semgrep-rules | |
| - name: delete directories not containing rules | |
| run: rm -rf semgrep-rules/stats | |
| #TODO: in theory we could run those tests by using --test --pro | |
| # since our docker image now contains semgrep-core-pro (but | |
| # it would require to be logged in though via a SEMGREP_APP_TOKEN) | |
| - name: delete rules requiring Semgrep Pro | |
| run: rm -rf semgrep-rules/apex semgrep-rules/elixir | |
| # TODO: this takes 1m20 in CI and could be optimized by switching to osemgrep | |
| - name: validate rules | |
| run: | | |
| export SEMGREP="docker run --rm -w /src -v ${GITHUB_WORKSPACE}/semgrep-rules:/src semgrep/semgrep:pro-develop semgrep" | |
| make -C "$GITHUB_WORKSPACE"/semgrep-rules validate | |
| # this now takes 21s with osemgrep instead of 3min with pysemgrep | |
| - name: test with semgrep pro develop branch and with --experimental | |
| run: | | |
| export SEMGREP="docker run --rm -w /src -v ${GITHUB_WORKSPACE}/semgrep-rules:/src semgrep/semgrep:pro-develop semgrep --experimental" | |
| make -C "$GITHUB_WORKSPACE"/semgrep-rules test-only |