From eaaa6db4ccd161d129ae96a62e790b6244e8c084 Mon Sep 17 00:00:00 2001
From: Philipp Heuer <git@philippheuer.me>
Date: Tue, 24 Jan 2023 00:30:37 +0100
Subject: [PATCH] fix: error when referencing invalid actions from workflow

---
 pkg/common/workflowrun/workflow.go             |  3 +++
 pkg/core/config/files/cid-catalog-actions.yaml | 11 +++++++++++
 pkg/core/config/files/cid-container.yaml       |  3 +++
 pkg/core/config/files/cid-workflow-main.yaml   |  4 ++--
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/pkg/common/workflowrun/workflow.go b/pkg/common/workflowrun/workflow.go
index 1f9c265..721f572 100644
--- a/pkg/common/workflowrun/workflow.go
+++ b/pkg/common/workflowrun/workflow.go
@@ -114,6 +114,9 @@ func RunWorkflowStage(cfg *config.CIDConfig, stage *config.WorkflowStage, env ma
 func RunWorkflowAction(cfg *config.CIDConfig, action *config.WorkflowAction, env map[string]string, projectDir string, modulesFilter []string) {
 	log.Debug().Str("action", action.ID).Msg("action start")
 	catalogAction := cfg.FindAction(action.ID)
+	if catalogAction == nil {
+		log.Fatal().Str("action_id", action.ID).Msg("workflow configuration error, referencing actions that do not exist")
+	}
 	modules := repoanalyzer.AnalyzeProject(projectDir, filesystem.GetWorkingDirectory())
 	ctx := api.GetActionContext(modules, projectDir, env, &catalogAction.Access)
 
diff --git a/pkg/core/config/files/cid-catalog-actions.yaml b/pkg/core/config/files/cid-catalog-actions.yaml
index 706088f..f90e33f 100644
--- a/pkg/core/config/files/cid-catalog-actions.yaml
+++ b/pkg/core/config/files/cid-catalog-actions.yaml
@@ -312,6 +312,17 @@ catalog:
       rules:
         - type: cel
           expression: MODULE_BUILD_SYSTEM == "gomod"
+    # semgrep
+    - repository: central
+      name: semgrep-scan
+      type: container
+      container:
+        image: quay.io/cidverse/cid-actions-go:latest
+        command: central run semgrep-scan
+      scope: project
+      access:
+        env:
+          - SEMGREP_.*
     # sonarqube
     - repository: central
       name: sonarqube-scan
diff --git a/pkg/core/config/files/cid-container.yaml b/pkg/core/config/files/cid-container.yaml
index bf81f2d..1d195a6 100644
--- a/pkg/core/config/files/cid-container.yaml
+++ b/pkg/core/config/files/cid-container.yaml
@@ -249,3 +249,6 @@ containerimages:
     provides:
       - binary: semgrep
         version: 1.5.1
+    cache:
+      - id: semgrep-cache
+        dir: /app/.cache/semgrep-cache
diff --git a/pkg/core/config/files/cid-workflow-main.yaml b/pkg/core/config/files/cid-workflow-main.yaml
index 6ad2c97..4965bf6 100644
--- a/pkg/core/config/files/cid-workflow-main.yaml
+++ b/pkg/core/config/files/cid-workflow-main.yaml
@@ -43,8 +43,8 @@ workflows:
       - name: scan
         actions:
           - id: central/gitleaks-scan
-          - id: central/gosec-scan
-          - id: central/fossa-source-scan
+          - id: central/semgrep-scan
+          #- id: central/fossa-source-scan
           - id: central/sonarqube-scan
       - name: report
         actions: