"no valid configuration file found (0 configs were invalid)"

[jack-om]

Greetings! Testing out the platform, and enjoying things so far. Got this error in my Github Actions pipeline, and followed your request to post it for analysis. Maybe related to #112?

Run returntocorp/semgrep-action@v1
  with:
    publishToken: ***
    publishDeployment: 203
  env:
    GITHUB_TOKEN: ***
/usr/bin/docker run --name returntocorpsemgrepactionv1_351056 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions          - semgrep 0.32.0 on Python 3.7.9
| environment       - running in environment github-actions, triggering event is 'pull_request'
| manage            - logged in as deployment #203
=== setting up agent configuration
| policy            - using Getting Started
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 4 changed paths
| found 4 files in the paths to be scanned
=== looking for current issues in 4 files

=== failed command's STDOUT:

{"results": [], "errors": [{"type": "SemgrepError", "code": 7, "message": "no valid configuration file found (0 configs were invalid)"}]}


=== failed command's STDERR:

A new version of Semgrep is available. Please see https://github.com/returntocorp/semgrep#upgrading for more information.


Error: ROR] `/root/.local/bin/semgrep --skip-unknown-extensions --disable-nosem --json --no-rewrite-rule-ids --config /tmp/tmp3tby2xfe.yml more_fail.py other_feature.py .github/workflows/semgrep.yml should_fail.py` failed with exit code 7

This is an internal error, please file an issue at https://github.com/returntocorp/semgrep-action/issues/new/choose
and include any log output from above.

[dlukeomalley]

@jack-om Thank you for filing this issue. Tagging @brendongo who is working on Semgrep Action errors and improvements.

[brendongo]

Hi @jack-om are you running the semgrep action in a way different from the default instructions?

no valid configuration file found (0 configs were invalid) makes me think something weird is going on with file permissions maybe?

[brendongo]

If you can rerun with the environment variable SEMGREP_AGENT_DEBUGset to 1 the debug output might help us get to the bottom of this.

[jack-om]

Hi @brendongo, the semgrep.yml action is the default from the instructions. Here are the contents:

.github/workflows/semgrep.yml

name: Semgrep
on: [pull_request]
jobs:
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: returntocorp/semgrep-action@v1
        env: # Optional environment variable for inline PR comments (beta)
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SEMGREP_AGENT_DEBUG: 1
        with:
          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
          publishDeployment: 203

Current output

Here are the results, after adding SEMGREP_AGENT_DEBUG: 1 to the action, which didn't look too different from the output without the debug flag. The command shows -e SEMGREP_AGENT_DEBUG being passed, so I'm not sure why output isn't more verbose.

Run returntocorp/semgrep-action@v1
  with:
    publishToken: ***
    publishDeployment: 203
  env:
    GITHUB_TOKEN: ***
    SEMGREP_AGENT_DEBUG: 1
/usr/bin/docker run --name returntocorpsemgrepactionv1_7910d9 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e SEMGREP_AGENT_DEBUG -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions          - semgrep 0.33.0 on Python 3.7.9
| environment       - running in environment github-actions, triggering event is 'pull_request'
| manage            - logged in as deployment #203
=== setting up agent configuration
| policy            - using Getting Started
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 4 changed paths
| found 4 files in the paths to be scanned
=== looking for current issues in 4 files

=== failed command's STDOUT:

{"results": [], "errors": [{"type": "SemgrepError", "code": 7, "message": "no valid configuration file found (0 configs were invalid)"}]}


=== failed command's STDERR:



Error: ROR] `/root/.local/bin/semgrep --skip-unknown-extensions --disable-nosem --json --no-rewrite-rule-ids --config /tmp/tmpymrxdwt4.yml more_fail.py other_feature.py .github/workflows/semgrep.yml should_fail.py` failed with exit code 7

This is an internal error, please file an issue at https://github.com/returntocorp/semgrep-action/issues/new/choose
and include any log output from above.

Previous output

The strange thing is that I didn't modify the action file between the last time it worked (Friday), and now. Here is expected output, using the same action file during an execution on Friday.

Run returntocorp/semgrep-action@v1
  with:
    publishToken: ***
    publishDeployment: 203
  env:
    GITHUB_TOKEN: ***
/usr/bin/docker run --name returntocorpsemgrepactionv1_504a66 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions          - semgrep 0.32.0 on Python 3.7.9
| environment       - running in environment github-actions, triggering event is 'pull_request'
| policy            - using Getting Started
| manage            - logged in as deployment #203
=== setting up agent configuration
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 3 changed paths
| found 3 files in the paths to be scanned
=== looking for current issues in 3 files
| 13 current issues found
| No ignored issues found
=== looking for pre-existing issues in 1 file
| 12 pre-existing issues found
python.lang.correctness.useless-eqeq.useless-eqeq
     > should_fail.py:1
     ╷
    1│   5 == 5
     ╵
     = This is always True: `5 == 5` or `5 != 5`. If testing for floating point
       NaN, use `math.isnan(5)`, or `cmath.isnan(5)` if the number is complex.

=== exiting with failing status

The only real difference that I see is:

• Before: | versions - semgrep 0.32.0 on Python 3.7.9
• After: | versions - semgrep 0.33.0 on Python 3.7.9

[brendongo]

@jack-om any chance you can join the community slack: https://r2c.dev/slack I think we have an idea of what's happening

[nbrahms]

Confirmed that this happens if all items in a policy have both "notify" and "block" disabled. Fix should be to prevent or warn on this type of configuration.

[brendongo]

Going to add a check with https://github.com/returntocorp/semgrep-action/pull/133 that has a helpful message while we don't have the guarantee that rules from server will be non-empty.

[dlukeomalley]

@brendongo Is this issue resolved with your pre-2021 work?