-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade semgrep to latest version #135
Comments
looks like drone is not using semgrep at all and skipping those tests === RUN TestAccessEnvVariables
coderules_test.go:24: semgrep not installed, skipping test
--- SKIP: TestAccessEnvVariables (0.00s)
=== RUN TestAccessAllowedEnvVariables
coderules_test.go:48: semgrep not installed, skipping test
--- SKIP: TestAccessAllowedEnvVariables (0.00s)
=== RUN TestAccessFS
coderules_test.go:73: semgrep not installed, skipping test
--- SKIP: TestAccessFS (0.00s)
=== RUN TestUseSyscall
coderules_test.go:98: semgrep not installed, skipping test
--- SKIP: TestUseSyscall (0.00s) |
@briangann from which CI are these logs? |
See https://drone.grafana.net/grafana/plugin-validator/194/1/2 Line 316 (expand all logs first) |
@briangann I looked into it. that's expected. What drone does is build the Docker image (on main merge). The docker image will have semgrep installed and the validator binary, to build the validator binary, the drone runner needs to run the tests which skip semgrep because the drone runner doesn't have it installed. That doesn't affect the final docker image that will have both the binary and semgrep. nevertheless, the github action that runs on PRs and commits to main does install semgrep on the runner and validates it. |
In #133 we had to lock the semgrep version to 1.28 because the newer version (>=1.38) is not working as expected.
We should research what's not working in this new version and patch it so we can keep using the updated tool.
The text was updated successfully, but these errors were encountered: