Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add semgrep, py3-semgrep and dependencies #4262

Merged
merged 1 commit into from
Aug 18, 2023
Merged

Add semgrep, py3-semgrep and dependencies #4262

merged 1 commit into from
Aug 18, 2023

Conversation

goproslowyo
Copy link
Contributor

@goproslowyo goproslowyo commented Aug 8, 2023
edited
Loading

First pass at building semgrep, pysemgrep and all the dependencies.

wolfictl scan:
2023-08-07_18-32

semgrep-cli dependency graph:
semgrep-deps

Dependencies:

  • py3-attrs
  • py3-boltons
  • py3-bracex
  • py3-click-option-group
  • py3-defusedxml
  • py3-face
  • py3-glom
  • py3-idna
  • py3-jsonschema
  • py3-jsonschema-specifications
  • py3-markdown-it-py
  • py3-mdurl
  • py3-peewee
  • py3-python-lsp-jsonrpc
  • py3-referencing
  • py3-requests
  • py3-rich
  • py3-rpds
  • py3-ruamel.yaml
  • py3-ruamel.yaml.clib
  • py3-ujson
  • py3-wcmatch

Fixes:
Fixes #797
#797

Related:

Pre-review Checklist

For new package PRs only

  • This PR is marked as fixing a pre-existing package request bug
    • Alternatively, the PR is marked as related to a pre-existing package request bug, such as a dependency
  • REQUIRED - The package is available under an OSI-approved or FSF-approved license
  • REQUIRED - The version of the package is still receiving security updates

@goproslowyo goproslowyo requested a review from a team as a code owner August 8, 2023 02:08
@goproslowyo
Copy link
Contributor Author

goproslowyo commented Aug 8, 2023
edited
Loading

Hmmm, I think wolfictl might have a bug around here (or maybe when it trims the suffix?) if the filename is like py3-ruamel.yaml.yaml.

I noticed during this CI failure. This basically causes the wrong filename (py3-ruamel.yaml instead of py3-ruamel.yaml.yaml) to get passed into os.ReadFile.

Here's a simple PoC: https://go.dev/play/p/yAUSuMaR6TQ

I opened an issue in the repo over here wolfi-dev/wolfictl#332.

@goproslowyo goproslowyo mentioned this pull request Aug 8, 2023
Closed
4 tasks
imjasonh
imjasonh reviewed Aug 11, 2023
View reviewed changes
py3-ruamel.yaml.clib.yaml Outdated Show resolved Hide resolved
@goproslowyo
Copy link
Contributor Author

goproslowyo commented Aug 15, 2023
edited
Loading

Thanks @imjasonh! I also noticed a few packages I previously added are now in the repository and seemed auto-generated based the comments: 4e4265b

Should I be replacing the other packages I wrote w/ autogenerated ones from melange generate python?

And one last question, the CI is still failing on the bad version for py3-bracex: error during command execution: 1 error occurred:\n\t* failed to create a version slice for facelessuser/bracex: failed to create a version from 2.3.post1: Malformed version: 2.3.post1 -- I haven't seen any patterns on how this is worked around just yet... EDIT: I saw tag-filter but wasn't sure how it was applied -- will look at melange code in a bit. strip-prefix was the answer it seems.

@goproslowyo goproslowyo mentioned this pull request Aug 16, 2023
Open
@goproslowyo
Add semgrep, py3-semgrep and many dependencies
7e2f6c6 
First pass at building semgrep-core, semgrep-cli and all the dependencies.

Dependencies:

* py3-boltons
* py3-bracex
* py3-click-option-group
* py3-defusedxml
* py3-face
* py3-glom
* py3-jsonschema
* py3-jsonschema-specifications
* py3-markdown-it-py
* py3-mdurl
* py3-peewee
* py3-python-lsp-jsonrpc
* py3-referencing
* py3-rich
* py3-rpds
* py3-ruamel.yaml
* py3-ruamel.yaml.clib
* py3-ujson
* py3-wcmatch
@goproslowyo
Copy link
Contributor Author

Hey @imjasonh -- just checking in re: my question above. FYI, I occasionally re-base the PR against main to keep it up-to-date if it's ready to merge.

@ajayk
Copy link
Contributor

ajayk commented Aug 18, 2023

Hey @imjasonh -- just checking in re: my question above. FYI, I occasionally re-base the PR against main to keep it up-to-date if it's ready to merge.

@goproslowyo these packages should be fine , Thanks for your contribution !!!

@ajayk ajayk enabled auto-merge August 18, 2023 03:08
@ajayk ajayk added this pull request to the merge queue Aug 18, 2023
Merged via the queue into wolfi-dev:main with commit 41196b2 Aug 18, 2023
5 checks passed
@goproslowyo goproslowyo deleted the feature/semgrep branch August 18, 2023 03:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajayk ajayk ajayk approved these changes

@jdolitsky jdolitsky Awaiting requested review from jdolitsky jdolitsky was automatically assigned from wolfi-dev/wolfi-repository-maintainers

@hectorj2f hectorj2f Awaiting requested review from hectorj2f hectorj2f was automatically assigned from wolfi-dev/wolfi-repository-maintainers

@imjasonh imjasonh Awaiting requested review from imjasonh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Wolfi Package Request]: semgrep
3 participants
@goproslowyo @ajayk @imjasonh