Skip to content
This repository was archived by the owner on Nov 14, 2023. It is now read-only.

Adds dependabot #21

Merged
Harnoor-se7en merged 7 commits into from
Aug 23, 2022
Merged

Adds dependabot #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
abdfb4f
test
Harnoor-se7en Aug 23, 2022
b3fab3e
Adds dependabot
Harnoor-se7en Aug 23, 2022
1193f59
bug fix
Harnoor-se7en Aug 23, 2022
ba165f3
wip
Harnoor-se7en Aug 23, 2022
5aad1e5
wip
Harnoor-se7en Aug 23, 2022
940b70a
wip
Harnoor-se7en Aug 23, 2022
095873a
Changes interval of dependabot from daily to weekly
Harnoor-se7en Aug 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 2
updates:
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "weekly"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
52 changes: 52 additions & 0 deletions .github/workflows/semgrep.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Security Checks
on:
workflow_dispatch:
pull_request: {}
push:
branches: ["rzp_main"]
schedule:
- cron: '30 20 * * *'
jobs:
semgrep:
name: Scan
runs-on: [ubuntu-latest] #nosemgrep zklW
steps:
- uses: actions/checkout@v2
- uses: returntocorp/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
publishDeployment: 339
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

workflow_status:
runs-on: [ ubuntu-latest ] #nosemgrep zklW
name: Update Status Check
needs: [ semgrep ]
if: always()
env:
githubCommit: ${{ github.event.pull_request.head.sha }}
steps:
- name: Set github commit id
run: |
if [ "${{ github.event_name }}" = "push" ] || [ "${{ github.event_name }}" = "schedule" ]; then
echo "githubCommit=${{ github.sha }}" >> $GITHUB_ENV
fi
exit 0
- name: Failed
id: failed
if: (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) && github.ref != 'refs/heads/master'
run: |
echo 'Failing the workflow for github security status check.'
curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \
-d '{ "state" : "failure" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \
https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }}
exit 1
- name: Success
if: steps.failed.conclusion == 'skipped' || github.ref != 'refs/heads/master'
run: |
echo 'Status check has passed!'
curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \
-d '{ "state" : "success" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \
https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }}
exit 0