chore: improve github workflow

Author: AhmedAmineZr

.github/workflows/build.yml

@@ -63,7 +63,7 @@ jobs:
           flutter test
 
   gitleaks:
-    name: Gitleaks Secret Scanning
+    name: Scan for leaks with Gitleaks
     runs-on: ubuntu-latest
     timeout-minutes: 30
     permissions:

.github/workflows/codeql.yml

@@ -1,4 +1,3 @@
-        if: always()
 # Software Name: OUDS Flutter
 # SPDX-FileCopyrightText: Copyright (c) Orange SA
 # SPDX-License-Identifier: MIT
@@ -27,7 +26,7 @@ concurrency:
 
 jobs:
   analyze-dart:
-    name: Dart & Flutter Analysis
+    name: Analyze Dart & Flutter code
     runs-on: ubuntu-latest
     timeout-minutes: 60
 
@@ -46,7 +45,7 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Cache Pub packages
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: ~/.pub-cache
           key: ${{ runner.os }}-pubcache-${{ hashFiles('**/pubspec.lock') }}

.github/workflows/dartdoc-gh-pages.yml

@@ -32,21 +32,21 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           submodules: recursive
       - name: Setup Dart
-        uses: dart-lang/setup-dart@v1
+        uses: dart-lang/setup-dart@e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c # v1.7.1
         with:
           sdk: stable
       - name: Setup environment
         uses: ./.github/actions/setup
       - name: Setup Pages
-        uses: actions/configure-pages@v3
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
       - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
-          ruby-version: 3.3.5
+          ruby-version: 3.3.4
       - name: Build with Dartdoc
         run: |
           cd ouds_core
@@ -62,7 +62,7 @@ jobs:
           cp ouds_core/assets/doc/orange_logo.svg ./docs/assets/
           cp ouds_core/assets/doc/banner.png ./docs/assets/
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: ./docs
 
@@ -76,10 +76,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Download artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
         with:
           name: github-pages
 

.github/workflows/semgrep.yml

@@ -26,7 +26,7 @@ concurrency:
 
 jobs:
   semgrep:
-    name: Semgrep SAST Scan
+    name: Scan for vulnerabilities with Semgrep
     runs-on: ubuntu-latest
     timeout-minutes: 60
 
@@ -45,7 +45,7 @@ jobs:
 
       - name: Run Semgrep SAST Analysis
         run: |
-          semgrep ci \
+          semgrep scan \
             --sarif \
             --output semgrep.sarif \
             --config auto \
@@ -54,13 +54,21 @@ jobs:
             --exclude "*.g.dart" \
             --exclude "*.freezed.dart" \
             --exclude "test/" \
-            --exclude ".github/"
-        env:
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+            --exclude ".github/" \
+            .
         continue-on-error: true
 
+      - name: Check SARIF file
+        run: |
+          if [ -f semgrep.sarif ]; then
+            echo "✅ SARIF generated: $(du -sh semgrep.sarif)"
+          else
+            echo "⚠️ SARIF not found, creating empty SARIF..."
+            echo '{"version":"2.1.0","runs":[{"tool":{"driver":{"name":"Semgrep","rules":[]}},"results":[]}]}' > semgrep.sarif
+          fi
+
       - name: Upload Semgrep SARIF
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@b0565cb28b456da32509aef995361ffcc63f40b0 # v3.28.15
         with:
           sarif_file: semgrep.sarif
           category: semgrep-security