kgess-mirror/cloudflare-docs
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflare-docs.git synced 2026-01-11 20:06:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
cloudflare-docs/tools/semgrep-repo-rules
cd rubin d9ee7611b7
semgrep github workflow updated to show style guide warnings in ./semgrep as annotations and error 
* semgrep github workflow updated to show warnings

* Add explicit messaging for how to skip semgrep check and intensify messaging to produce errors

* adding passthrough error code handling to jq and model the same in the semgrep-repo-rules tool

* Use $PIPESTATUS to get error code of item in piped command list

* show the error code values along pipeline to seek issue

* Specify bash in shell config as sh is the default inside a container

* Exit with correct error code

* show semgrep messages as warning annotations to distinguish from semgrep error code

* add use of [skip style guide check] in commit message

* Set COMMIT_MESSAGE environment variable with last commit message

* COMMIT_MESSAGE needs to set to the second to last message to skip the autogenerated merge message

* Grabbing commit SHA from the pull_request event

* Add explantory message inside configure step

* Show commit message cleanly in configure step

* Use tee to set the environment variable and show the value it is set to

* keep semgrep return code intact from local tool run
2025-12-05 11:28:06 +00:00

30 lines
1 KiB
Bash
Executable file
Raw Permalink Blame History

#! /bin/bash
repo_root_dir="$(git rev-parse --show-toplevel)"
pushd "${repo_root_dir}" > /dev/null || return
base_commit=$(git merge-base HEAD origin/production)
git diff $base_commit... --diff-filter=ACMRT --name-only | grep -E '\.(htm|html|yaml|yml|md|mdx)$' > tools/relevant_changed_files.txt || true
# this file wants to also match uncommitted changes, not just commited changes (in CI this is not the case)
git diff --diff-filter=ACMRT --name-only | grep -E '\.(htm|html|yaml|yml|md|mdx)$' >> tools/relevant_changed_files.txt || true
if [ -s tools/relevant_changed_files.txt ]; then
list_of_files=$(cat tools/relevant_changed_files.txt | tr '\n' ' ')
docker run --rm -v "${PWD}:/src" semgrep/semgrep \
semgrep scan \
--config .semgrep --metrics=off \
--include "*.mdx" --include "*.mdx" \
--error \
$list_of_files
semgrep_return_code=$?
echo "return code: $semgrep_return_code"
exit $semgrep_return_code
else
echo "No relevant files changed."
fi
popd > /dev/null || return
Reference in a new issue View git blame Copy permalink