From 704da40ba15978d870f810909adfd4be2dbc2708 Mon Sep 17 00:00:00 2001
From: Alex Layton <alex@layton.in>
Date: Tue, 30 Jul 2024 13:20:13 -0400
Subject: [PATCH] ci(workflows): more improvements

---
 .github/workflows/semgrep-analysis.yml    | 2 +-
 .github/workflows/validate-codeowners.yml | 6 +++---
 CODEOWNERS                                | 1 -
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/semgrep-analysis.yml b/.github/workflows/semgrep-analysis.yml
index 237fc0ef..9ca18566 100644
--- a/.github/workflows/semgrep-analysis.yml
+++ b/.github/workflows/semgrep-analysis.yml
@@ -41,13 +41,13 @@ jobs:
       - uses: actions/checkout@v4
       # Run the "semgrep ci" command on the command line of the docker image.
       - run: semgrep ci --sarif --output=semgrep.sarif
+        continue-on-error: true
         env:
           # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
           # Generate a token from Semgrep Cloud Platform > Settings
           # and add it to your GitHub secrets.
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
           SEMGREP_DEPLOYMENT_ID: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
-          SEMGREP_SUPPRESS_ERRORS: true
 
       - name: Secure Code Warrior
         uses: SecureCodeWarrior/github-action-add-sarif-contextual-training@v1
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 2a667829..43b7f6cc 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -32,8 +32,8 @@ jobs:
           #        so we will not be using it for now
           # duppaterns: Reports if codeowners file contains duplicated lines
           # syntax: Reports if file contains an invalid syntax definition
-          checks: files,duppatterns,syntax
-          experimental_checks: notowned
+          checks: files,owners,duppatterns,syntax
+          experimental_checks: notowned,avoid-shadowing
 
           # GitHub access token is required only if the `owners` check is enabled
-          #github_access_token: "${{ secrets.OWNERS_VALIDATOR_PAC }}"
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CODEOWNERS b/CODEOWNERS
index a9e41d9a..841d2602 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -64,5 +64,4 @@ charts @awlayton
 .github            @abalmos
 .github/workflows/validate-codeowners.yml @aaron97neu
 .github/workflows/build-and-push-services.yml @abalmos @awlayton
-.github/workflows/codeql-analysis.yml @awlayton
 .github/workflows/semgrep-analysis.yml @awlayton
\ No newline at end of file