Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build directly from upstream source at a known revision #1

Closed
wants to merge 1 commit into from
Closed

Build directly from upstream source at a known revision #1

wants to merge 1 commit into from

Conversation

alexmurray
Copy link
Contributor

This ensures the code contained within the semgrep snap is a known, specific version of the upstream repo. This should also allow the snap to support architectures other than amd64.

In the future, when upstream releases a new version, you can simply change the version field in the snapcraft.yaml and trigger a rebuild of the snap to publish this new version as the snap.

@alexmurray
Build directly from upstream source at a known revision
1c07ff9 
This ensures the code contained within the semgrep snap is a known, specific
version of the upstream repo. This should also allow the snap to support
architectures other than amd64.

Signed-off-by: Alex Murray <alex.murray@canonical.com>
@iosifache
Copy link
Owner

iosifache commented Jul 19, 2023
edited

@alexmurray, the Snapcraft Python plugin demands a setup.py file with the following content in Semgrep's case:

setup(
    name="semgrep_pre_commit_package",
    version="1.32.0",
    install_requires=["semgrep==1.32.0"],
    packages=[],
)

This means that running the plugin will simply download and install the Semgrep package from PyPi at the pinned version.

I believe the correct way to build from sources is to run cli/setup.py, which expects the semgrep-core binary to already be compiled. The latter can be accomplished by invoking Dune from the main Makefile's code target which will compile the OCaml sources.

@alexmurray
Copy link
Contributor Author

Ah yes, I can confirm it snapcraft does indeed just pull the existing semgrep package from PyPI:

2023-07-19 09:54:26.069 :: 2023-07-19 00:24:02.714 :: Processing /root/parts/semgrep/build
2023-07-19 09:54:26.069 :: 2023-07-19 00:24:02.714 ::   Preparing metadata (setup.py): started
2023-07-19 09:54:26.069 :: 2023-07-19 00:24:02.820 ::   Preparing metadata (setup.py): finished with status 'done'
2023-07-19 09:54:26.069 :: 2023-07-19 00:24:03.256 :: Collecting semgrep==1.32.0 (from semgrep-pre-commit-package==1.32.0)
2023-07-19 09:54:26.069 :: 2023-07-19 00:24:03.256 ::   Obtaining dependency information for semgrep==1.32.0 from https://files.pythonhosted.org/packages/9b/42/ba6d78cdd113072e1a4173761d813bba7a4c3e6825f4e253ca4528ffbcb2/semgrep-1.32.0-cp37.cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311-none-any.whl.metadata

See full log in snapcraft-20230719-094040.377617.log

@iosifache
Copy link
Owner

Thank you for double-checking, Alex! I'll close this PR now and open a new issue for building from sources using the previously described method.

@iosifache iosifache closed this Jul 19, 2023
@iosifache iosifache mentioned this pull request Jul 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alexmurray @iosifache