# This workflow file requires a free account on Semgrep.dev to
 # manage rules, file ignores, notifications, and more.
 #
 # See https://semgrep.dev/docs
 
 name: Semgrep
 
 on:
   push:
     branches: [ master, * ]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ master ]
   schedule:
     - cron: '23 4 * * 6'
 
 jobs:
   semgrep:
     name: Scan
     runs-on: ubuntu-latest
     steps:
       # Checkout project source
       - uses: actions/checkout@v2
 
       # Scan code using project's configuration on https://semgrep.dev/manage
       - uses: returntocorp/semgrep-action@v1
         with:
           publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
           publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
           generateSarif: "1"
 
       # Upload SARIF file generated in previous step
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: semgrep.sarif
         if: always()