Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

chore: Release Version 1.68.0 #1857

chore: Release Version 1.68.0

chore: Release Version 1.68.0 #1857

Workflow file for this run

name: tests
on:
pull_request:
push:
branches: [develop]
jobs:
pytest:
name: run pytest
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10"]
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- name: Setup Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
- name: Setup poetry
run: pipx install poetry==1.2.0
- id: setup-package-managers
name: Setup package managers
run: |
poetry config virtualenvs.in-project true
echo "installed-semgrep-version=$(sed --quiet --regexp-extended 's/^FROM returntocorp[/]semgrep:(.+)$/\1/p' Dockerfile)" >> $GITHUB_OUTPUT
- id: reuse-poetry-virtualenv
name: Reuse poetry's virtualenv
uses: actions/cache@v2.1.7
with:
path: .venv
key: ${{ runner.os }}-${{ matrix.python-version }}-poetry-${{ hashFiles('**/poetry.lock') }}
# install semgrep first so that errors are more obvious if agent dependencies conflict
- name: Install semgrep
run: pipx install semgrep==${{ steps.setup-package-managers.outputs.installed-semgrep-version }}
- name: Install dependencies
run: poetry install --no-root
if: steps.reuse-poetry-virtualenv.outputs.cache-hit != 'true'
- name: Install semgrep-agent
run: poetry install
- name: Run pytest
run: |
# tests should simulate CI environment iff they need one
unset CI
unset "${!GITHUB_@}"
poetry run python tests/acceptance/qa.py
if git status -s -- tests/acceptance/ | grep M; then
echo "snapshot changes found"
exit 1
else
echo "no snapshot changes found"
exit 0
fi
- name: Configure git creds for push
id: configure-creds
if: failure() && github.event_name == 'pull_request' && (github.actor != 'dependabot[bot]' && !(github.event.pull_request.head.repo.full_name != github.repository))
run: |
echo "machine github.com" >> ~/.netrc
echo "login ${{ github.repository }}" >> ~/.netrc
echo "password ${{ secrets.GITHUB_TOKEN }}" >> ~/.netrc
- name: Commit snapshot updates
id: snapshot-commit
if: failure() && github.event_name == 'pull_request' && (github.actor != 'dependabot[bot]' && !(github.event.pull_request.head.repo.full_name != github.repository))
uses: EndBug/add-and-commit@v9
with:
add: tests/acceptance
default_author: github_actions
message: "Update pytest snapshots"
new_branch: snapshot-updates-${{ github.run_id }}-${{ github.run_attempt }}
- name: Remove Credentials
id: remove-creds
if: failure() && github.event_name == 'pull_request' && (github.actor != 'dependabot[bot]' && !(github.event.pull_request.head.repo.full_name != github.repository))
run: rm ~/.netrc
- name: Comment about any snapshot updates
if: failure() && steps.snapshot-commit.outputs.pushed == 'true'
run: |
echo ":camera_flash: The pytest shapshots changed in your PR." >> /tmp/message.txt
echo "Please carefully review these changes and make sure they are intended:" >> /tmp/message.txt
echo >> /tmp/message.txt
echo "1. Review the changes at https://github.com/returntocorp/semgrep-action/commit/${{ steps.snapshot-commit.outputs.commit_long_sha }}" >> /tmp/message.txt
echo "2. Accept the new snapshots with" >> /tmp/message.txt
echo >> /tmp/message.txt
echo " git fetch origin && git cherry-pick ${{ steps.snapshot-commit.outputs.commit_sha }} && git push" >> /tmp/message.txt
gh pr comment ${{ github.event.pull_request.number }} --body-file /tmp/message.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
live-runs:
name: live run of action on this repo
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- id: semgrep-app-config
name: with semgrep-app connection
uses: ./tests/local-image-action
with:
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
- id: semgrep-live-registry-id
name: with a semgrep.live Registry ID
uses: ./tests/local-image-action
with:
config: r/python.jwt
- id: semgrep-live-ruleset-id
name: with a semgrep.live Ruleset ID
uses: ./tests/local-image-action
with:
config: p/r2c-CI
- id: semgrep-live-id
name: with a semgrep.live Rule ID
uses: ./tests/local-image-action
with:
config: s/QKP