-
Notifications
You must be signed in to change notification settings - Fork 24
52 lines (46 loc) · 1.52 KB
/
security.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Security
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: software-mansion/setup-scarb@v1
with:
scarb-version: "0.7.0"
- name: Install Semgrep
run: |
pip install semgrep
- name: Run Semgrep
run: semgrep --config https://github.com/avnu-labs/semgrep-cairo-rules/releases/download/v0.0.1/cairo-rules.yaml ./crates > semgrep-output.txt
- name: Save Semgrep Output as an Artifact
uses: actions/upload-artifact@v3
with:
name: semgrep-cairo
path: semgrep-output.txt
- name: Build cairo programs
run: scarb build
- name: Cache Cargo dependencies
uses: actions/cache@v2
with:
path: |
~/.cargo
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Check if Caracal is installed
id: check-caracal
run: |
if ! command -v caracal &> /dev/null; then
echo "Caracal is not installed. Installing..."
cargo install --git https://github.com/crytic/caracal --profile release --force
else
echo "Caracal is already installed."
fi
- name: Run Caracal
run: caracal detect . > caracal-output.txt
- name: Save Caracal Output as an Artifact
uses: actions/upload-artifact@v3
with:
name: caracal-cairo
path: caracal-output.txt