fix(ci): buf makefile dependency, update semgrep workflow (#1144)

evmos · Jun 22, 2022 · 8eb8e51 · 8eb8e51
1 parent 6cf2b9f
commit 8eb8e51
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 27 deletions.
diff --git a/.github/workflows/proto.yml b/.github/workflows/proto.yml
@@ -3,28 +3,26 @@ name: Protobuf
 # This workflow is only run when a .proto file has been changed
 on:
   pull_request:
+    paths:
+      - "proto/**"
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v3
-      - uses: technote-space/[email protected]
+      - uses: bufbuild/[email protected]
+      - uses: bufbuild/buf-lint-action@v1
         with:
-          PATTERNS: |
-            **/**.proto
-      - name: lint
-        run: make proto-lint
-        if: env.GIT_DIFF
-  breakage:
+          input: "proto"
+
+  break-check:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: technote-space/[email protected]
+      - uses: bufbuild/[email protected]
+      - uses: bufbuild/buf-breaking-action@v1
         with:
-          PATTERNS: |
-            **/**.proto
-      - name: check-breakage
-        run: make proto-check-breaking
-        if: env.GIT_DIFF
+          input: "proto"
+          against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -10,9 +10,12 @@ on:
   schedule:
     - cron: '0 0 * * 0'
 jobs:
+  # Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
   semgrep:
     name: Scan
     runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
     if: (github.actor != 'dependabot[bot]')
     steps:
       - uses: actions/checkout@v3
@@ -26,12 +29,11 @@ jobs:
             **/*.sol
             go.mod
             go.sum
-      - uses: returntocorp/semgrep-action@v1
-        with:
-          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
-           # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
-          # See also the next step.
-          generateSarif: "1"
+      - uses: actions/checkout@v3
+      - run: semgrep scan --sarif --output=semgrep.sarif
+        env:
+          # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
         if: "env.GIT_DIFF_FILTERED != ''"
       # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
       - name: Upload SARIF file

diff --git a/Makefile b/Makefile
@@ -237,14 +237,6 @@ else
 	@echo "protoc-gen-go already installed; skipping..."
 endif
 
-ifeq (, $(shell which protoc))
-	@echo "Please istalling protobuf according to your OS"
-	@echo "macOS: brew install protobuf"
-	@echo "linux: apt-get install -f -y protobuf-compiler"
-else
-	@echo "protoc already installed; skipping..."
-endif
-
 ifeq (, $(shell which solcjs))
 	@echo "Installing solcjs..."
 	@npm install -g [email protected]