From 25a9943d68a7dc31eeefeb17913dbe37d87e5302 Mon Sep 17 00:00:00 2001
From: Mehmet Samet Duman <yongdohyun@projecttick.org>
Date: Thu, 2 Apr 2026 20:38:37 +0300
Subject: NOISSUE Remove not needed CI workflows for GitHub Actions and
 reworked some workflows

Signed-off-by: Mehmet Samet Duman <yongdohyun@projecttick.org>
---
 .github/workflows/json4cpp-semgrep.yml | 44 ++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .github/workflows/json4cpp-semgrep.yml

(limited to '.github/workflows/json4cpp-semgrep.yml')

diff --git a/.github/workflows/json4cpp-semgrep.yml b/.github/workflows/json4cpp-semgrep.yml
new file mode 100644
index 0000000000..6b594e6bab
--- /dev/null
+++ b/.github/workflows/json4cpp-semgrep.yml
@@ -0,0 +1,44 @@
+name: "json4cpp: Semgrep"
+
+on:
+  push:
+    branches: ["develop"]
+    paths:
+      - 'json4cpp/**'
+  pull_request:
+    branches: ["develop"]
+    paths:
+      - 'json4cpp/**'
+  schedule:
+    - cron: '23 2 * * 4'
+
+permissions:
+  contents: read
+
+jobs:
+  semgrep:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - uses: returntocorp/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d
+        with:
+          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
+          publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
+          generateSarif: "1"
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
+        with:
+          sarif_file: semgrep.sarif
+        if: always()
-- 
cgit 0.0.5-2-1-g0f52