From b87cc55cc9b0c833c73f37d86d7484168ff913c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Eleuterio?= <me@andreeleuterio.com>
Date: Thu, 7 May 2026 21:00:49 -0300
Subject: [PATCH] chore: old gh action cleanup

---
 .github/workflows/semgrep.yml | 37 -----------------------------------
 1 file changed, 37 deletions(-)
 delete mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
deleted file mode 100644
index 3812ab18fc..0000000000
--- a/.github/workflows/semgrep.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: Semgrep - SAST Scan
-
-on:
-  pull_request_target:
-    types: [ closed, edited, opened, synchronize, ready_for_review ]
-
-jobs:
-  semgrep:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    runs-on: ubuntu-latest
-    container:
-      image: returntocorp/semgrep
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-
-      - name: Checkout semgrep-rules repo
-        uses: actions/checkout@v4
-        with:
-          repository: sourcegraph/security-semgrep-rules
-          token: ${{ secrets.GH_SEMGREP_SAST_TOKEN }}
-          path: semgrep-rules
-
-      - name: Run Semgrep SAST Scan
-        run: |
-          mv semgrep-rules ../
-          semgrep ci -f ../semgrep-rules/semgrep-rules/ --metrics=off --oss-only --suppress-errors --sarif -o results.sarif --exclude='semgrep-rules' --baseline-commit "$(git merge-base main HEAD)" || true
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: results.sarif