Skip to content

Commit 8f0c1ed

Browse files
felickzfelickz
authored
Merge pull request #62 from advanced-security/opengrep-latest
sec-opengrep.yml to pull latest
2 parents 6ab3926 + 0ada704 commit 8f0c1ed

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

.github/workflows/language-detection-and-assignment.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
name: Language Detection and Assignment
22

33
on:
4-
pull_request:
5-
branches: [main]
6-
4+
workflow_call:
5+
permissions:
6+
pull-requests: write
77
env:
8-
GH_TOKEN: ${{ secrets.GH_AP_TOKEN }}
8+
GH_TOKEN: ${{ github.token }}
99
jobs:
1010
detect-and-assign:
1111
runs-on: ubuntu-latest
@@ -45,4 +45,4 @@ jobs:
4545
- name: Assign default
4646
if: steps.detect-languages.outputs.java != 'true' && steps.detect-languages.outputs.kotlin != 'true' && steps.detect-languages.outputs.javascript != 'true' && steps.detect-languages.outputs.typescript != 'true' && steps.detect-languages.outputs.go != 'true' && steps.detect-languages.outputs.codeql != 'true' && steps.detect-languages.outputs.python != 'true'
4747
run: |
48-
gh pr edit ${{ github.event.number }} --add-reviewer felickz --add-reviewer Geekmasher --add-reviewer adrienpessu
48+
gh pr edit ${{ github.event.number }} --add-reviewer felickz --add-reviewer felickz --add-reviewer adrienpessu --repo $GITHUB_REPOSITORY

.github/workflows/sec-opengrep.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,6 @@ permissions:
1212
actions: read
1313
security-events: write
1414

15-
env:
16-
# Release version of Opengrep
17-
# https://github.com/opengrep/opengrep/releases
18-
RELEASE_VERSION: v1.1.2
19-
2015
jobs:
2116
build:
2217
runs-on: ubuntu-latest
@@ -27,16 +22,21 @@ jobs:
2722
- name: "Download / Install Opengrep"
2823
run: |
2924
set -e
30-
31-
echo "[+] Downloading Opengrep"
32-
curl -sSfL \
33-
-o "/usr/local/bin/opengrep" \
34-
"https://github.com/opengrep/opengrep/releases/download/${RELEASE_VERSION}/opengrep_manylinux_x86"
25+
echo "[+] Fetching latest Opengrep release information"
26+
API_URL="https://api.github.com/repos/opengrep/opengrep/releases/latest"
27+
ASSET_NAME="opengrep_manylinux_x86"
28+
DOWNLOAD_URL=$(curl -s $API_URL | jq -r ".assets[] | select(.name==\"${ASSET_NAME}\") | .browser_download_url")
29+
if [ -z "$DOWNLOAD_URL" ] || [ "$DOWNLOAD_URL" = "null" ]; then
30+
echo "Could not find download URL for $ASSET_NAME"
31+
exit 1
32+
fi
33+
echo "[+] Downloading Opengrep from $DOWNLOAD_URL"
34+
curl -sSfL -o "/usr/local/bin/opengrep" "$DOWNLOAD_URL"
3535
chmod +x /usr/local/bin/opengrep
3636
echo "[+] Finished installing opengrep"
37-
37+
3838
- name: "Run Opengrep"
39-
run: opengrep scan --metrics=on --sarif-output ./results.sarif .
39+
run: opengrep scan --sarif-output ./results.sarif .
4040

4141
- name: "Upload SARIF file"
4242
uses: github/codeql-action/upload-sarif@v3

0 commit comments

Comments
 (0)