ci: move semgrep to ci only (#11)

This avoids installing semgrep in poetry dependencies and pulling tons of libs.
Mergifyio · Dec 13, 2024 · a6ec61c · a6ec61c
1 parent 94d212f
commit a6ec61c
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 603 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -26,3 +26,18 @@ jobs:
           poetry run poe linters
           poetry run poe test
           poetry build
+
+  semgrep:
+    timeout-minutes: 20
+    runs-on: ubuntu-24.04
+    container:
+      image: semgrep/semgrep:1.100.0
+    steps:
+      - name: Checkout 🛎️
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+
+      - name: Run Semgrep
+        run: |
+          semgrep --config=auto --error --timeout=15 .
diff --git a/poe.toml b/poe.toml
@@ -13,7 +13,6 @@ sequence = [
   "ruff format --check .",
   "mypy",
   "codespell",
-  "semgrep --config=auto --error --timeout=15",
   "yamllint .",
 ]