From ae3fc7843074b039269dca2d5b9fe0ed52522b41 Mon Sep 17 00:00:00 2001
From: Stephen Bolton <steve.bolton@dotcms.com>
Date: Mon, 11 Nov 2024 13:21:53 +0000
Subject: [PATCH] add var.SEMGREP_NO_FAIL option

---
 .github/workflows/cicd_comp_semgrep-phase.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cicd_comp_semgrep-phase.yml b/.github/workflows/cicd_comp_semgrep-phase.yml
index b0de97cfa7fc..3b66b60f976a 100644
--- a/.github/workflows/cicd_comp_semgrep-phase.yml
+++ b/.github/workflows/cicd_comp_semgrep-phase.yml
@@ -56,6 +56,7 @@ jobs:
     runs-on: ubuntu-20.04
     env:
       SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+      NO_FAIL: ${{ vars.SEMGREP_NO_FAIL || 'false' }}
     container:
       image: semgrep/semgrep
     # Skip any PR created by dependabot to avoid permission issues:
@@ -69,4 +70,8 @@ jobs:
       - name: Semgrep Scan
         run: |
           unzip -o dependency-tree.zip
-          semgrep ci
\ No newline at end of file
+          if [ "${NO_FAIL}" = "true" ]; then
+            semgrep ci || echo "Semgrep completed with errors, but continuing due to NO_FAIL=true"
+          else
+            semgrep ci
+          fi
\ No newline at end of file