-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpipeline.yml
More file actions
27 lines (25 loc) · 1.16 KB
/
pipeline.yml
File metadata and controls
27 lines (25 loc) · 1.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
- label: ":semgrep: Semgrep Full Scan"
commands:
- if [[ $BUILDKITE_COMMIT =~ ^[a-fA-F0-9]{40}$ ]]; then export SEMGREP_COMMIT=${BUILDKITE_COMMIT}; fi
- export SEMGREP_BRANCH=${BUILDKITE_BRANCH}
- export SEMGREP_REPO_URL=${BUILDKITE_REPO}
- export SEMGREP_REPO_NAME="$(echo "$BUILDKITE_REPO" | sed -e 's#git@github.com:##' | sed -e 's#.git##')"
- semgrep ci
if: |
build.pull_request.id == null
- label: ":semgrep: Semgrep Diff Scan"
commands:
- if [[ $BUILDKITE_COMMIT =~ ^[a-fA-F0-9]{40}$ ]]; then export SEMGREP_COMMIT=${BUILDKITE_COMMIT}; fi
- export SEMGREP_PR_ID=${BUILDKITE_PULL_REQUEST}
- export SEMGREP_BRANCH=${BUILDKITE_BRANCH}
- export SEMGREP_REPO_URL=${BUILDKITE_REPO}
- export SEMGREP_REPO_NAME="$(echo "$BUILDKITE_REPO" | sed -e 's#git@github.com:##' | sed -e 's#.git##')"
- SEMGREP_BASELINE_REF=${BUILDKITE_PULL_REQUEST_BASE_BRANCH} semgrep ci
if: |
build.pull_request.id != null
plugins:
- docker#v5.11.0:
image: semgrep/semgrep:latest
environment:
# The following variable is required to set up a scan connected to Semgrep AppSec Platform:
- "SEMGREP_APP_TOKEN"