on: [push]

name: Datadog Static Analysis

jobs:
  static-analysis:
    runs-on: ubuntu-latest
    name: Datadog Static Analyzer
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    - name: Check code meets quality and security standards
      id: datadog-static-analysis
      uses: DataDog/datadog-static-analyzer-github-action@v1
      with:
        dd_api_key: ${{ secrets.DD_API_KEY }}
        dd_app_key: ${{ secrets.DD_APP_KEY }}
        dd_site: datadoghq.com
        cpu_count: 2
    - name: Run Semgrep
      run: |
        python3 -m pip install --break-system-package semgrep
        semgrep scan -o /tmp/semgrep.sarif 
        cat /tmp/semgrep.sarif
        # Download and install nvm:
        curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.2/install.sh | bash
        # in lieu of restarting the shell
        \. "$HOME/.nvm/nvm.sh"
        # Download and install Node.js:
        nvm install 22
        # Verify the Node.js version:
        node -v # Should print "v22.14.0".
        nvm current # Should print "v22.14.0".
        # Verify npm version:
        npm -v # Should print "10.9.2".
        npm install -g @datadog/datadog-ci
        datadog-ci sarif upload /tmp/semgrep.sarif
      env:
        DD_API_KEY: ${{ secrets.DD_API_KEY }}
        DD_APP_KEY: ${{ secrets.DD_APP_KEY }}
        DD_SITE: datadoghq.com