diff --git a/.gitattributes b/.gitattributes index 53e8db70..60994188 100644 --- a/.gitattributes +++ b/.gitattributes @@ -12,7 +12,6 @@ /.github/workflows/pull-request-lint.yml linguist-generated /.github/workflows/release.yml linguist-generated /.github/workflows/renovate.yml linguist-generated -/.github/workflows/semgrep.yml linguist-generated /.github/workflows/stale.yml linguist-generated /.github/workflows/update-projen-main.yml linguist-generated /.gitignore linguist-generated diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml deleted file mode 100644 index 4a601c76..00000000 --- a/.github/workflows/semgrep.yml +++ /dev/null @@ -1,22 +0,0 @@ -# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen". - -name: Semgrep -on: - schedule: - - cron: 0 0 * * MON-FRI - pull_request: - branches: - - main -jobs: - semgrep: - name: Scan - runs-on: ubuntu-latest - container: - image: semgrep/semgrep@sha256:aeb24a8f042cb60fc64a87c6e52b01033fb11442fd224ccc41cc363f5ca3aa10 - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Run Semgrep CI - run: semgrep ci - env: - SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} diff --git a/.gitignore b/.gitignore index 8e9570ee..df0cacd6 100644 --- a/.gitignore +++ b/.gitignore @@ -58,7 +58,6 @@ tsconfig.json !/codecov.yml !/.nvmrc !/.github/workflows/renovate.yml -!/.github/workflows/semgrep.yml !/.github/workflows/add-to-project.yml !/.github/workflows/update-projen-main.yml !/.github/workflows/add-to-update-projen-project.yml diff --git a/.projen/files.json b/.projen/files.json index 2ca254ff..368b7701 100644 --- a/.projen/files.json +++ b/.projen/files.json @@ -10,7 +10,6 @@ ".github/workflows/pull-request-lint.yml", ".github/workflows/release.yml", ".github/workflows/renovate.yml", - ".github/workflows/semgrep.yml", ".github/workflows/stale.yml", ".github/workflows/update-projen-main.yml", ".gitignore", diff --git a/.projenrc.ts b/.projenrc.ts index 7f7c2a9f..126c3476 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -1,7 +1,6 @@ import { cdk, github, javascript, TextFile, YamlFile } from 'projen'; import { addToProjectWorkflow } from './src/add-to-project'; import { renovateWorkflow } from './src/renovate-workflow'; -import { semgrepWorkflow } from './src/semgrep-workflow'; import { slackAlert } from './src/slack-alert'; import { updateProjen } from './src/update-projen'; import { parameters } from './src/utils/parameters'; @@ -155,7 +154,6 @@ new TextFile(project, '.nvmrc', { }); renovateWorkflow.addRenovateWorkflowYml(project); -semgrepWorkflow.addSemgrepWorkflowYml(project); addToProjectWorkflow.addAddToProjectWorkflowYml(project); updateProjen.addWorkflows(project); diff --git a/src/clickup-cdk.ts b/src/clickup-cdk.ts index c97d35df..7e3f4183 100644 --- a/src/clickup-cdk.ts +++ b/src/clickup-cdk.ts @@ -12,7 +12,6 @@ import { datadog } from './datadog'; import { datadogServiceCatalog } from './datadog-service-catalog'; import { nodeVersion } from './node-version'; import { renovateWorkflow } from './renovate-workflow'; -import { semgrepWorkflow } from './semgrep-workflow'; import { slackAlert } from './slack-alert'; import { updateProjen } from './update-projen'; @@ -149,7 +148,6 @@ export module clickupCdk { codecov.addCodeCovYml(this); nodeVersion.addNodeVersionFile(this, { nodeVersion: mergedOptions.workflowNodeVersion }); renovateWorkflow.addRenovateWorkflowYml(this); - semgrepWorkflow.addSemgrepWorkflowYml(this); addToProjectWorkflow.addAddToProjectWorkflowYml(this); updateProjen.addWorkflows(this); @@ -233,7 +231,6 @@ export module clickupCdk { codecov.addCodeCovYml(this); nodeVersion.addNodeVersionFile(this, { nodeVersion: mergedOptions.workflowNodeVersion }); renovateWorkflow.addRenovateWorkflowYml(this); - semgrepWorkflow.addSemgrepWorkflowYml(this); addToProjectWorkflow.addAddToProjectWorkflowYml(this); updateProjen.addWorkflows(this); if (options.cdkDiffOptionsConfig) { diff --git a/src/clickup-ts.ts b/src/clickup-ts.ts index 2c2faf72..2ee14ba6 100644 --- a/src/clickup-ts.ts +++ b/src/clickup-ts.ts @@ -5,7 +5,6 @@ import { addToProjectWorkflow } from './add-to-project'; import { codecov } from './codecov'; import { nodeVersion } from './node-version'; import { renovateWorkflow } from './renovate-workflow'; -import { semgrepWorkflow } from './semgrep-workflow'; import { slackAlert } from './slack-alert'; import { updateProjen } from './update-projen'; import { parameters } from './utils/parameters'; @@ -232,7 +231,6 @@ export module clickupTs { codecov.addCodeCovYml(this); nodeVersion.addNodeVersionFile(this, { nodeVersion: mergedOptions.workflowNodeVersion }); renovateWorkflow.addRenovateWorkflowYml(this); - semgrepWorkflow.addSemgrepWorkflowYml(this); addToProjectWorkflow.addAddToProjectWorkflowYml(this); updateProjen.addWorkflows(this); if (options.docgen ?? true) new TypedocDocgen(this, options.docgenOptions ?? {}); diff --git a/src/semgrep-workflow.ts b/src/semgrep-workflow.ts deleted file mode 100644 index 1527dffe..00000000 --- a/src/semgrep-workflow.ts +++ /dev/null @@ -1,44 +0,0 @@ -import { typescript, YamlFile } from 'projen'; - -export module semgrepWorkflow { - const defaultWorkflow = { - name: 'Semgrep', - on: { - schedule: [ - { - cron: '0 0 * * MON-FRI', - }, - ], - pull_request: { - branches: ['main'], - }, - }, - jobs: { - semgrep: { - name: 'Scan', - 'runs-on': 'ubuntu-latest', - container: { - // Reocurring task to check the pinned version SEC-8540 - image: 'semgrep/semgrep@sha256:aeb24a8f042cb60fc64a87c6e52b01033fb11442fd224ccc41cc363f5ca3aa10', // 1.78.0 - }, - steps: [ - { - name: 'Checkout repository', - uses: 'actions/checkout@v3', - }, - { - name: 'Run Semgrep CI', - run: 'semgrep ci', - env: { - SEMGREP_APP_TOKEN: '${{ secrets.SEMGREP_APP_TOKEN }}', - }, - }, - ], - }, - }, - }; - - export function addSemgrepWorkflowYml(project: typescript.TypeScriptProject, override?: any): void { - new YamlFile(project, '.github/workflows/semgrep.yml', { obj: { ...defaultWorkflow, ...override } }); - } -} diff --git a/test/__snapshots__/semgrep-workflow.test.ts.snap b/test/__snapshots__/semgrep-workflow.test.ts.snap deleted file mode 100644 index 7d886edf..00000000 --- a/test/__snapshots__/semgrep-workflow.test.ts.snap +++ /dev/null @@ -1,54 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`addSemgrepWorkflowYml file added 1`] = ` -"# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". - -name: Semgrep -on: - schedule: - - cron: 0 0 * * MON-FRI - pull_request: - branches: - - main -jobs: - semgrep: - name: Scan - runs-on: ubuntu-latest - container: - image: semgrep/semgrep@sha256:aeb24a8f042cb60fc64a87c6e52b01033fb11442fd224ccc41cc363f5ca3aa10 - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Run Semgrep CI - run: semgrep ci - env: - SEMGREP_APP_TOKEN: \${{ secrets.SEMGREP_APP_TOKEN }} -" -`; - -exports[`addSemgrepWorkflowYml override 1`] = ` -"# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". - -name: Semgrep -on: - schedule: - - cron: 0 0 * * MON-FRI - pull_request: - branches: - - main -jobs: - semgrep: - name: Scan - runs-on: ubuntu-latest - container: - image: semgrep/semgrep@sha256:aeb24a8f042cb60fc64a87c6e52b01033fb11442fd224ccc41cc363f5ca3aa10 - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Run Semgrep CI - run: semgrep ci - env: - SEMGREP_APP_TOKEN: \${{ secrets.SEMGREP_APP_TOKEN }} -foo: bar -" -`; diff --git a/test/semgrep-workflow.test.ts b/test/semgrep-workflow.test.ts deleted file mode 100644 index bdf0979a..00000000 --- a/test/semgrep-workflow.test.ts +++ /dev/null @@ -1,24 +0,0 @@ -import { typescript, Testing } from 'projen'; - -import { semgrepWorkflow } from '../src/semgrep-workflow'; - -describe('addSemgrepWorkflowYml', () => { - test('file added', () => { - const project = new typescript.TypeScriptProject({ - defaultReleaseBranch: 'main', - name: 'test', - }); - semgrepWorkflow.addSemgrepWorkflowYml(project); - const synth = Testing.synth(project); - expect(synth['.github/workflows/semgrep.yml']).toMatchSnapshot(); - }); - test('override', () => { - const project = new typescript.TypeScriptProject({ - defaultReleaseBranch: 'main', - name: 'test', - }); - semgrepWorkflow.addSemgrepWorkflowYml(project, { foo: 'bar' }); - const synth = Testing.synth(project); - expect(synth['.github/workflows/semgrep.yml']).toMatchSnapshot(); - }); -});