Skip to content
.github/workflows/sast.yml

feat: add nodes/marks passing to resolveFn, update demo and README #233

Sign in to view logs

feat: add nodes/marks passing to resolveFn, update demo and README

feat: add nodes/marks passing to resolveFn, update demo and README #233

Workflow file for this run

.github/workflows/sast.yml at cb55c3a
# By default this workflow will be running for PRs and pushes to other branches except main
on:
pull_request_target:
push:
branches-ignore:
- 'main'
permissions: {} #Remove permissions
jobs:
authorize:
environment:
${{(github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository) &&
'External' || 'Internal' }}
runs-on: ubuntu-latest
steps:
- run: echo ✓
sast:
needs: authorize
runs-on: sast
if: github.actor != 'dependabot[bot]'
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
with:
ref: ${{github.event.pull_request.head.sha || github.ref}}
persist-credentials: 'false' #By default, actions/checkout persists GIT credentials, we do not need this
# Checking out SAST composite action
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
with:
persist-credentials: 'false' #By default, actions/checkout persists GIT credentials, we do not need this
repository: NordSecurity/sast-configs
ref: main
ssh-key: ${{ secrets.SAST_ACTION_KEY }}
path: .github/workflows/sast
# Checking out only SAST action and composite project configuration action
sparse-checkout: |
base/sast-action
actions/storyblok-rich-text-astro-renderer-sast-action
- uses: ./.github/workflows/sast/actions/storyblok-rich-text-astro-renderer-sast-action
with:
SAST_TEAM: ${{ secrets.SAST_TEAM }}
SAST_URL: ${{ secrets.SAST_URL }}
SAST_USERNAME: ${{ secrets.SAST_USERNAME }}
SAST_PASSWORD: ${{ secrets.SAST_PASSWORD }}
SAST_CLIENT_SECRET: ${{ secrets.SAST_CLIENT_SECRET }}
UNC_ACTION_KEY: ${{ secrets.UNC_ACTION_KEY }}
UNC_BRANCH_ENABLED: false