Finalize Semgrep Zero migration #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DeepScan Zero | |
| on: | |
| push: | |
| branches: [main, master] | |
| pull_request: | |
| branches: [main, master] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| checks: read | |
| jobs: | |
| deepscan-zero: | |
| name: DeepScan Zero | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Assert DeepScan vendor check is green | |
| run: | | |
| python3 scripts/quality/check_required_checks.py \ | |
| --repo "${GITHUB_REPOSITORY}" \ | |
| --sha "${GITHUB_SHA}" \ | |
| --required-context "DeepScan" \ | |
| --timeout-seconds 1200 \ | |
| --poll-seconds 20 \ | |
| --out-json "deepscan-zero/deepscan.json" \ | |
| --out-md "deepscan-zero/deepscan.md" | |
| - name: Upload DeepScan artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: deepscan-zero | |
| path: deepscan-zero |