ci: Update semgrep job

sdn4z · sdn4z · commit 25a9d93a42bd · 2025-07-22T12:48:54.000+02:00
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -23,9 +23,17 @@ jobs:
     runs-on: ubuntu-latest
     if: "!startsWith(github.event.head_commit.message, 'bump:')"
     container:
-      image: returntocorp/semgrep:latest
+      image: returntocorp/semgrep:1.128.1@sha256:fca58525689355641019c05ab49dcc5bc3a1eb7e044f35014ee39594b5aa4fc1
     steps:
       - uses: actions/checkout@v4
+      - name: Cache Python files
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.1
+        with:
+          path: ~/.cache/semgrep
+          key: semgrep-${{ runner.os }}
+          retention-days: 30
+          restore-keys: |
+            semgrep-${{ runner.os }}
       - name: Run Semgrep
         run: |
-          semgrep scan --config auto
+          semgrep scan --config auto --error
diff --git a/eval/cli.py b/eval/cli.py
@@ -6,7 +6,7 @@
 
 from eval.classified_articles import NON_RELEVANT_ARTICLES, RELEVANT_ARTICLES
 from eval.constants import DEFAULT_EVAL_CONFIG_SECTION
-from eval.evaluator import eval
+from eval.evaluator import evaluate
 from eval.utils import EvalConfig, EvalFileConfig
 
 
@@ -68,7 +68,7 @@ def run(
         }
     )
 
-    eval(
+    evaluate(
         score_threshold=eval_config.score_threshold,
         relevant_articles=RELEVANT_ARTICLES,
         non_relevant_articles=NON_RELEVANT_ARTICLES,
diff --git a/eval/evaluator.py b/eval/evaluator.py
@@ -10,7 +10,7 @@
 logger = logging.getLogger("eval")
 
 
-def eval(
+def evaluate(
     prompt: str,
     score_threshold: int,
     relevant_articles: set[Article],
diff --git a/tests/eval/test_cli.py b/tests/eval/test_cli.py
@@ -8,7 +8,7 @@
 
 
 class TestEvalCli:
-    @patch("eval.cli.eval")
+    @patch("eval.cli.evaluate")
     @patch("eval.cli.load_dotenv")
     @patch("eval.cli.EvalFileConfig.get_config_from_file")
     @patch("eval.cli.PromptConfig.get_config_from_file")
@@ -36,7 +36,7 @@ def test_env_file_parameter(self, m_prompt: Mock, m_config: Mock, m_load_dotenv:
         assert result.exit_code == 0
         assert m_load_dotenv.call_args == call("custom.env")
 
-    @patch("eval.cli.eval")
+    @patch("eval.cli.evaluate")
     @patch("eval.cli.load_dotenv")
     @patch("eval.cli.EvalFileConfig.get_config_from_file")
     @patch("eval.cli.PromptConfig.get_config_from_file")

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`
`7`	`7`	`from eval.classified_articles import NON_RELEVANT_ARTICLES, RELEVANT_ARTICLES`
`8`	`8`	`from eval.constants import DEFAULT_EVAL_CONFIG_SECTION`
`9`		`-from eval.evaluator import eval`
	`9`	`+from eval.evaluator import evaluate`
`10`	`10`	`from eval.utils import EvalConfig, EvalFileConfig`
`11`	`11`
`12`	`12`
`@@ -68,7 +68,7 @@ def run(`
`68`	`68`	`}`
`69`	`69`	`)`
`70`	`70`
`71`		`- eval(`
	`71`	`+ evaluate(`
`72`	`72`	`score_threshold=eval_config.score_threshold,`
`73`	`73`	`relevant_articles=RELEVANT_ARTICLES,`
`74`	`74`	`non_relevant_articles=NON_RELEVANT_ARTICLES,`