Commit a4ea2e1
authored
fix: error when using default action config (#9)
This fixes a crash when using the default config from our repository, the
workflow would error-out with the following:
```
$ docker-here returntocorp/semgrep@sha256:396f4ad7a655289e764ab2f92733e6195c166ff2f042e0d40505a5850432b9ac semgrep --metrics=off --config=./ ./
semgrep error: Invalid rule schema
--> .github/dependabot.yaml:1
1 | version: 2
2 |
3 | updates:
4 | - package-ecosystem: "github-actions"
5 | directory: "/"
6 | schedule:
7 | interval: "monthly"
8 | cooldown:
9 | default-days: 21 # 3 weeks
One of these properties is missing: 'rules'
[ERROR] invalid configuration file found (1 configs were invalid)
```
This is due to Semgrep selecting all YAML files, including the ones under
`.github/`. In the past, Semgrep was excluding hidden folders which isn't the
case anymore.
Results after the changes:
```
$ docker-here returntocorp/semgrep@sha256:396f4ad7a655289e764ab2f92733e6195c166ff2f042e0d40505a5850432b9ac semgrep --metrics=off --config=./yaml --config=./typescript ./
┌─────────────┐
│ Scan Status │
└─────────────┘
Scanning 13 files (only git-tracked) with 2 Code rules:
CODE RULES
Scanning 6 files.
SUPPLY CHAIN RULES
No rules to run.
PROGRESS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
┌──────────────┐
│ Scan Summary │
└──────────────┘
Some files were skipped or only partially analyzed.
Scan was limited to files tracked by git.
Scan skipped: 2 files matching .semgrepignore patterns
For a full list of skipped files, run semgrep with the --verbose flag.
Ran 1 rule on 6 files: 0 findings.
```1 parent c13b396 commit a4ea2e1
1 file changed
+2
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
68 | 68 | | |
69 | 69 | | |
70 | 70 | | |
71 | | - | |
| 71 | + | |
| 72 | + | |
72 | 73 | | |
73 | 74 | | |
74 | 75 | | |
| |||
0 commit comments