# Finds code problems by structural pattern matching.
#
# New rules can be added to test_root/semgrep/ and they should be picked up
# automatically. See https://semgrep.dev/docs/ for documentation.

name: Semgrep code quality

on:
  pull_request:
  push:
    branches:
      - master

jobs:
  run_semgrep:
    name: Semgrep analysis
    runs-on: "${{ matrix.os }}"
    strategy:
      matrix:
        os: ["ubuntu-latest"]
        python-version:
          - "3.11"

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - uses: actions/setup-python@v5
        with:
          python-version: "${{ matrix.python-version }}"

      - name: Install semgrep
        run: |
          make pre-requirements
          pip-sync requirements/edx/semgrep.txt

      - name: Run semgrep
        env:
          # Peg this to some reasonable value so that semgrep's rewrapping
          # of messages doesn't break up lines in an unpredictable manner:
          # https://github.com/returntocorp/semgrep/issues/8608
          COLUMNS: 80
        run: |
          semgrep scan --config test_root/semgrep/ --error --quiet \
            -- lms cms common openedx