-
Notifications
You must be signed in to change notification settings - Fork 33
semgrep-agent from the command-line connects to incorrect dashboard project #141
Comments
Hi @msorens, It looks like this functionality went in in https://github.com/returntocorp/semgrep-action/pull/120. I suspect a few things could be going on here, but I'll need a bit more information to confirm:
I suspect if we get the |
Your suspicion was 100% correct -- I had neglected to pass environment variables on the command-line. Once I did that, it connects to the right project and uses the correct policy. Thanks!! |
Thanks all! Transferring this issue to semgrep-action for discoverability in the future. |
Afterthought: probably should fail the run immediately if |
@chmccreery @underyx Any thoughts on Michael's above suggestion? |
We intentionally do not require this environment variable, to make it possible to run semgrep-action in a very basic setup, without having to configure a bunch of environment variables. I would like to preserve that simplicity for users who only care about the 80% solution, and just want to run their default policy or get their rules from a local yaml file. We could certainly print out the environment variables that are not set, as well as those that are, but this might get a bit verbose. |
Describe the bug
When I attempt to run semgrep-agent on the command-line in the same fashion that I run it in CI, it is not connecting to the right project on the web UI dashboard (and therefore not using the correct policy).
In the figure, my two real projects are highlighted: chef/automate (which exists at
https://github.com/chef/automate
) and chef/chef-cloud (https://github.com/chef/chef-cloud
).In CI, I use the block of code below (for Buildkite). The relevant portions are highlighted.
The equivalent from the command-line, as I understand it, is this:
Notable:
--volume $(realpath .):/automate --workdir /automate
, it still results in updating "automate" in the dashboard -- item (1) again.--volume $(realpath .):/foo --workdir /foo
or--volume $(realpath .):/src --workdir /src
, then it creates (or updates) items (2) and (3) respectively.To Reproduce
As above.
Expected behavior
Should be able to connect to the "chef/automate" project and use "Chef-01" policy.
Screenshots
As above.
What is the priority of the bug to you?
Is this a P0 (blocking your adoption of Semgrep or workflow), P1 (important to fix or quite annoying), P2 (regular bug that should get fixed)?
P2 (a bit frustrating, but I can get by without it for a time)
Environment
docker
The text was updated successfully, but these errors were encountered: