razorpay · TriptiTripathi1234 · Aug 25, 2022 · Aug 25, 2022 · Aug 25, 2022 · Aug 25, 2022
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+#To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -0,0 +1,52 @@
+name: Security Checks
+on:
+  workflow_dispatch:
+  pull_request: {}
+  push:
+    branches: ["rzp_main"]
+  schedule:
+    - cron: '30 20 * * *'
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: [ubuntu-latest]   #nosemgrep zklW
+    steps:
+      - uses: actions/checkout@v2
+      - uses: returntocorp/semgrep-action@v1
+        with:
+          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
+          publishDeployment: 339
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  workflow_status:
+    runs-on: [ ubuntu-latest ]   #nosemgrep zklW
+    name: Update Status Check
+    needs: [ semgrep ]
+    if: always()
+    env:
+      githubCommit: ${{ github.event.pull_request.head.sha }}
+    steps:
+      - name: Set github commit id
+        run: |
+          if [ "${{ github.event_name }}" = "push" ] || [ "${{ github.event_name }}" = "schedule" ]; then
+            echo "githubCommit=${{ github.sha }}" >> $GITHUB_ENV
+          fi
+          exit 0
+      - name: Failed
+        id: failed
+        if: (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) && github.ref != 'refs/heads/master'
+        run: |
+          echo 'Failing the workflow for github security status check.'
+          curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \
+          -d '{ "state" : "failure" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \
+          https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }}
+          exit 1
+      - name: Success
+        if: steps.failed.conclusion == 'skipped' || github.ref != 'refs/heads/master'
+        run: |
+          echo 'Status check has passed!'
+          curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \
+          -d '{ "state" : "success" , "context" : "github/security-status-check" , "description" : "github/security-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \
+          https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.githubCommit }}
+          exit 0