Skip to content
test-semgrep-pro-latest

Merge pull request #5 from ox-eye/feature/OX-4086_add_snippet_to_sari… #4

Sign in to view logs

Merge pull request #5 from ox-eye/feature/OX-4086_add_snippet_to_sari…

Merge pull request #5 from ox-eye/feature/OX-4086_add_snippet_to_sari… #4

Workflow file for this run

.github/workflows/test-semgrep-pro-latest.yaml at 56b47ac
# The goal of this workflow is to offer a validation step before releasing
# Semgrep, to ensure that the to-be-released version of Semgrep is not
# incompatible with the currently released version of Semgrep Pro.
#
# If this workflow succeeds, then it should be safe to release Semgrep and
# not immediately be incompatible with Semgrep Pro.
# TODO(brandonspark): Verify if this workflow can be fully removed.
name: test-semgrep-pro-latest
on:
workflow_dispatch:
push:
branches:
- "develop"
jobs:
test-semgrep-pro-latest:
name: Test Semgrep Pro Engine (latest release)
if: github.ref == 'refs/heads/develop'
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::338683922796:role/returntocorp-semgrep-deploy-role
role-duration-seconds: 900
role-session-name: "semgrep-deploy"
aws-region: us-west-2
# This is the `latest` binary, which is the most recent officially released
# binar of `semgrep-core-proprietary`.
# We test with this so that we can see whether this proposed release will break with the
# currently released version of Semgrep Pro Engine.
- name: Download Semgrep Pro `develop` binary
run: |
aws s3 cp s3://web-assets.r2c.dev/assets/semgrep-core-proprietary-manylinux-develop ./semgrep-core-proprietary
- name: Run Semgrep Pro Engine!
run: |
docker run --rm -v "$(pwd):/root" -e SEMGREP_APP_TOKEN=${{ secrets.SEMGREP_APP_TOKEN }} --entrypoint=bash "returntocorp/semgrep:develop" /root/scripts/test-pro.sh