From 0fdfbe8df016ca61773acbf2c9098ef2fca6e39c Mon Sep 17 00:00:00 2001
From: htrgouvea <hi@heitorgouvea.me>
Date: Thu, 11 Jan 2024 19:53:36 -0300
Subject: [PATCH 1/6] enable all rules of level 5 on linter

---
 .perlcriticrc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.perlcriticrc b/.perlcriticrc
index 7f84357..8fe04ee 100644
--- a/.perlcriticrc
+++ b/.perlcriticrc
@@ -1 +1,3 @@
+severity = 5
+
 [-TestingAndDebugging::RequireUseStrict]
\ No newline at end of file

From 2c58bbcb2ad3036be2d3db6b3fe320114067806c Mon Sep 17 00:00:00 2001
From: htrgouvea <hi@heitorgouvea.me>
Date: Fri, 19 Jan 2024 08:59:27 -0300
Subject: [PATCH 2/6] add secret scanning in the pipeline

---
 .github/workflows/secret-scanning.yml | 39 +++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/workflows/secret-scanning.yml

diff --git a/.github/workflows/secret-scanning.yml b/.github/workflows/secret-scanning.yml
new file mode 100644
index 0000000..d76ec7f
--- /dev/null
+++ b/.github/workflows/secret-scanning.yml
@@ -0,0 +1,39 @@
+name: Secret Scanning
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+  id-token: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  TruffleHog:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Secret Scanning - TruffleHog
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@main
+        continue-on-error: true
+        with:
+          path: ./
+          base: "${{ github.event.repository.default_branch }}"
+          head: HEAD
+          extra_args: --debug
+
+      - name: Scan Results Status
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1
\ No newline at end of file

From 6997720202f482b8b93869f9e87e0d231a4b5afc Mon Sep 17 00:00:00 2001
From: htrgouvea <hi@heitorgouvea.me>
Date: Wed, 24 Jan 2024 09:12:30 -0300
Subject: [PATCH 3/6] move linter.yml

---
 .github/{ => workflows}/linter.yml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/{ => workflows}/linter.yml (100%)

diff --git a/.github/linter.yml b/.github/workflows/linter.yml
similarity index 100%
rename from .github/linter.yml
rename to .github/workflows/linter.yml

From 2acfd0b48c4a55dfc61dabe143e242448c736e1e Mon Sep 17 00:00:00 2001
From: htrgouvea <hi@heitorgouvea.me>
Date: Thu, 25 Jan 2024 16:44:21 -0300
Subject: [PATCH 4/6] add a sast

---
 .github/workflows/zarn.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/workflows/zarn.yml

diff --git a/.github/workflows/zarn.yml b/.github/workflows/zarn.yml
new file mode 100644
index 0000000..851b490
--- /dev/null
+++ b/.github/workflows/zarn.yml
@@ -0,0 +1,25 @@
+name: ZARN
+
+on:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install dependencies
+      run: |
+        git clone https://github.com/htrgouvea/zarn
+        sudo apt install -y perl cpanminus
+        cd zarn && sudo cpanm --installdeps .
+    - name: Hunt for findings
+      run: |
+        cd zarn && perl zarn.pl --source ../ --sarif zarn.sarif
+    - uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: zarn.sarif
\ No newline at end of file

From 8567173399411d7cc6ac825f67c9ba6f1cfaf60e Mon Sep 17 00:00:00 2001
From: htrgouvea <hi@heitorgouvea.me>
Date: Thu, 25 Jan 2024 16:47:07 -0300
Subject: [PATCH 5/6] correct the path

---
 .github/workflows/zarn.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/zarn.yml b/.github/workflows/zarn.yml
index 851b490..1f0f447 100644
--- a/.github/workflows/zarn.yml
+++ b/.github/workflows/zarn.yml
@@ -19,7 +19,7 @@ jobs:
         cd zarn && sudo cpanm --installdeps .
     - name: Hunt for findings
       run: |
-        cd zarn && perl zarn.pl --source ../ --sarif zarn.sarif
+        cd zarn && perl zarn.pl --source ../ --sarif ../zarn.sarif
     - uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: zarn.sarif
\ No newline at end of file

From a3ae48d6c1855deedff055b2df4470fc16c8fd82 Mon Sep 17 00:00:00 2001
From: htrgouvea <hi@heitorgouvea.me>
Date: Thu, 25 Jan 2024 16:54:03 -0300
Subject: [PATCH 6/6] update triggers

---
 .github/workflows/zarn.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/zarn.yml b/.github/workflows/zarn.yml
index 1f0f447..85304b3 100644
--- a/.github/workflows/zarn.yml
+++ b/.github/workflows/zarn.yml
@@ -1,11 +1,12 @@
 name: ZARN
 
 on:
+  push:
+    branches: [ "main" ]
   pull_request:
-    branches:
-      - main
-      - develop
-
+    branches: [ "main" ]
+  schedule:
+    - cron: '28 23 * * 1'
 jobs:
   build:
     runs-on: ubuntu-latest