Skip to content

build: add built-from-source github action for semgrep #1073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 12, 2025
Merged

build: add built-from-source github action for semgrep #1073

merged 4 commits into from
May 12, 2025

Conversation

art1f1c3R
Copy link
Member

@art1f1c3R art1f1c3R commented May 1, 2025
edited
Loading

Summary

This PR adds support for building Semgrep from source and including it as a Macaron dependency.

Description of changes

This PR introduces a new manually-triggered GitHub action that clones the Semgrep GitHub repository for version 1.113.0 and builds the software as a python wheel package from source using the repository's supplied Docker file. This includes building from source the required OCaml binaries that are part of the package. This action publishes a minimal docker image under the name macaron-deps that only holds that build-from-source semgrep wheel with the name semgrep_wheel.whl in the top-level directory. The intention is for this artifact to be used in the final docker build in Dockerfile.final to copy the Semgrep wheel out into the Macaron image and install it.

Checklist

  • I have reviewed the contribution guide.
  • My PR title and commits follow the Conventional Commits convention.
  • My commits include the "Signed-off-by" line.
  • I have signed my commits following the instructions provided by GitHub. Note that we run GitHub's commit verification tool to check the commit signatures. A green verified label should appear next to all of your commits on GitHub.
  • I have updated the relevant documentation, if applicable.
  • I have tested my changes and verified they work as expected.

@art1f1c3R art1f1c3R requested review from behnazh-w and tromai as code owners May 1, 2025 02:03
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label May 1, 2025
@art1f1c3R art1f1c3R marked this pull request as draft May 1, 2025 02:05
art1f1c3R added 2 commits May 12, 2025 15:28
@art1f1c3R
build: add github action to build and publish Semgrep wheel artifact
4ead933 
Signed-off-by: Carl Flottmann <carl.flottmann@oracle.com>
@art1f1c3R
build: testing github action works using push trigger
b33f73f 
Signed-off-by: Carl Flottmann <carl.flottmann@oracle.com>
@art1f1c3R art1f1c3R force-pushed the art1f1c3R/semgrep-bfs branch from 94049c9 to b33f73f Compare May 12, 2025 05:30
@art1f1c3R
build: confirmed action worked, publish image to macaron repo
ecc05f5 
Signed-off-by: Carl Flottmann <carl.flottmann@oracle.com>
@art1f1c3R art1f1c3R marked this pull request as ready for review May 12, 2025 06:24
@art1f1c3R art1f1c3R changed the title build: add built-from-source semgrep dependency build: add built-from-source github action for semgrep May 12, 2025
@art1f1c3R
build: remove test trigger that used push action
a6b499a 
Signed-off-by: Carl Flottmann <carl.flottmann@oracle.com>
@behnazh-w behnazh-w merged commit bbf80bf into main May 12, 2025
10 checks passed
@art1f1c3R art1f1c3R deleted the art1f1c3R/semgrep-bfs branch May 14, 2025 23:26
@art1f1c3R art1f1c3R mentioned this pull request May 14, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behnazh-w behnazh-w behnazh-w approved these changes

@tromai tromai tromai approved these changes

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@art1f1c3R @behnazh-w @tromai