From 10bf7c7783bc6970a6ca2ea8686c65d3f6290686 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Thu, 23 Feb 2023 17:00:45 +0100 Subject: [PATCH 1/6] Add version bumb (#1) Signed-off-by: Steffen Exler Co-authored-by: Steffen Exler --- .github/workflows/bumb-version.yml | 61 ++++++++++++++++++++++++++++++ .github/workflows/tag_release.yaml | 9 ++++- Makefile | 4 ++ nix/gomod2nix.toml | 18 +++++++-- tools.go | 10 +++++ 5 files changed, 97 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/bumb-version.yml create mode 100644 tools.go diff --git a/.github/workflows/bumb-version.yml b/.github/workflows/bumb-version.yml new file mode 100644 index 00000000..5c8f52df --- /dev/null +++ b/.github/workflows/bumb-version.yml @@ -0,0 +1,61 @@ +--- +name: Bumb version + +on: + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + inputs: + versionBumb: + description: 'Version bumb' + required: true + default: 'patch' + type: choice + options: + - major # Increases the major of the latest tag. + - minor # Increases the minor of the latest tag. + - patch # Increases the patch of the latest tag. + +jobs: + bumb-version: + runs-on: ubuntu-latest + + steps: + - name: Install Go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: 1.19.x + + - name: Checkout code + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + # cache go modules + - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2 + with: + # In order: + # * Module download cache + # * Build cache (Linux) + # * Build cache (Mac) + # * Build cache (Windows) + path: | + ~/go/pkg/mod + ~/.cache/go-build + ~/Library/Caches/go-build + %LocalAppData%\go-build + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - name: Bumb version file + run: make svu args=${{ inputs.versionBumb }} + + - name: Get version from file + id: tag + run: | + export VERSION="$(cat config/version.txt)" + echo "tag=v$VERSION" >> $GITHUB_OUTPUT + echo "branch=version-bumb/v$VERSION" >> $GITHUB_OUTPUT + - name: Create Pull Request + run: | + git checkout -b "${{ steps.tag.outputs.branch }}" + git commit -m "chore(engine): prepare release ${{ steps.tag.outputs.tag }}" + git push --set-upstream origin "${{ steps.tag.outputs.branch }}" + gh pr create --fill diff --git a/.github/workflows/tag_release.yaml b/.github/workflows/tag_release.yaml index 649ebc86..70f1c04e 100644 --- a/.github/workflows/tag_release.yaml +++ b/.github/workflows/tag_release.yaml @@ -1,18 +1,21 @@ name: tag-release on: - push: + pull_request: branches: - main + types: + - closed paths: - "config/version.txt" jobs: tag: + if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 # using a PAT is necessary to trigger the release workflow # see https://github.com/orgs/community/discussions/25702 with: @@ -33,3 +36,5 @@ jobs: run: | git tag ${{ steps.tag.outputs.tag }} git push --tags + - name: Create release + run: gh release create {{ steps.tag.outputs.tag }} --verify-tag --generate-notes diff --git a/Makefile b/Makefile index 50724b3e..09e7beee 100644 --- a/Makefile +++ b/Makefile @@ -93,6 +93,10 @@ testing-project-ci: ## Creates for all yml files in ./test_project_values a tes make testing-project-ci-single VALUES_FILE=$$VALUES; \ done +svu: ## Creates a new version, args options major, minor & patch + @go run github.com/caarlos0/svu $(args) --strip-prefix > config/version.txt + @go run github.com/caarlos0/svu $(args) + .PHONY: release release: ## Create a new release version @./hack/release.sh diff --git a/nix/gomod2nix.toml b/nix/gomod2nix.toml index 0b112114..03872049 100644 --- a/nix/gomod2nix.toml +++ b/nix/gomod2nix.toml @@ -16,9 +16,12 @@ schema = 3 [mod."github.com/davecgh/go-spew"] version = "v1.1.1" hash = "sha256-nhzSUrE1fCkN0+RL04N4h8jWmRFPPPWbCuDc7Ss0akI=" - [mod."github.com/google/go-github/v49"] - version = "v49.0.0" - hash = "sha256-5SS2n2o4MeJVuYSz2HKTRvzPzvQHXU7QG54eCisp/oI=" + [mod."github.com/golang/protobuf"] + version = "v1.3.2" + hash = "sha256-4fGAPuXMGpohqcqHeoIHwzCvkiWtIOAs0ewIhZ8JeU8=" + [mod."github.com/google/go-github/v50"] + version = "v50.0.0" + hash = "sha256-V0dZpsI8VqB6K6EmxDACcRkSsk6S3nWyay3RKDAmchE=" [mod."github.com/google/go-querystring"] version = "v1.1.0" hash = "sha256-itsKgKghuX26czU79cK6C2n+lc27jm5Dw1XbIRgwZJY=" @@ -79,9 +82,18 @@ schema = 3 [mod."golang.org/x/crypto"] version = "v0.3.0" hash = "sha256-Un9wPqz8u/xpV98T4IqE6RMXIPhGCIm2prsNkHP3cjg=" + [mod."golang.org/x/net"] + version = "v0.2.0" + hash = "sha256-0MqnHDdLkkau6k7hlWD9MzIoAFROvxulyT+KzZkSXOs=" + [mod."golang.org/x/oauth2"] + version = "v0.0.0-20180821212333-d2e6202438be" + hash = "sha256-x0Lvhts17qZLPpt43EuNzUXcKJ6krpGWLYiA0Fw5dnE=" [mod."golang.org/x/sys"] version = "v0.2.0" hash = "sha256-N6yfQH7R2gfcvyWTQZbxWuSNyVy6hAxiab2WFzgAykI=" + [mod."google.golang.org/appengine"] + version = "v1.6.7" + hash = "sha256-zIxGRHiq4QBvRqkrhMGMGCaVL4iM4TtlYpAi/hrivS4=" [mod."gopkg.in/yaml.v3"] version = "v3.0.1" hash = "sha256-FqL9TKYJ0XkNwJFnq9j0VvJ5ZUU1RvH/52h/f5bkYAU=" diff --git a/tools.go b/tools.go new file mode 100644 index 00000000..7d521fae --- /dev/null +++ b/tools.go @@ -0,0 +1,10 @@ +//go:build tools +// +build tools + +package main + +import ( + // version bumping + // https://github.com/caarlos0/svu + _ "github.com/caarlos0/svu" +) From 7ecb56927983b9269339934192ecb6191cecda28 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Thu, 23 Feb 2023 17:02:51 +0100 Subject: [PATCH 2/6] Run go mod tidy Signed-off-by: Steffen Exler --- go.mod | 6 ++++++ go.sum | 16 +++++++++++++++- nix/gomod2nix.toml | 18 ++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 0acf01fb..5558d9a7 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.19 require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/Masterminds/sprig/v3 v3.2.3 + github.com/caarlos0/svu v1.9.0 github.com/google/go-github/v50 v50.0.0 github.com/muesli/termenv v0.13.0 github.com/pkg/errors v0.9.1 @@ -15,8 +16,13 @@ require ( require ( github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver v1.5.0 // indirect + github.com/alecthomas/kingpin v2.2.6+incompatible // indirect + github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect + github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect github.com/aymanbagabas/go-osc52 v1.0.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/gobwas/glob v0.2.3 // indirect github.com/golang/protobuf v1.3.2 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/uuid v1.3.0 // indirect diff --git a/go.sum b/go.sum index b92749ac..106e4b3a 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,27 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +github.com/alecthomas/kingpin v2.2.6+incompatible h1:5svnBTFgJjZvGKyYBtMB0+m5wvrbUHiqye8wRJMlnYI= +github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 h1:AUNCr9CiJuwrRYS3XieqF+Z9B9gNxo/eANAJCF2eiN4= +github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/aymanbagabas/go-osc52 v1.0.3 h1:DTwqENW7X9arYimJrPeGZcV0ln14sGMt3pHZspWD+Mg= github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4= +github.com/caarlos0/svu v1.9.0 h1:DXDDrRZmBYei8ceRodmc3sFHptWiz6+PWv1eDjR0NKM= +github.com/caarlos0/svu v1.9.0/go.mod h1:NOJ1yLaSwMJmkt8qjPoMfClERLc2r2wj2ozyZSW9Xdc= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -31,6 +43,7 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= @@ -63,6 +76,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -110,8 +124,8 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/nix/gomod2nix.toml b/nix/gomod2nix.toml index 03872049..22ccf910 100644 --- a/nix/gomod2nix.toml +++ b/nix/gomod2nix.toml @@ -4,18 +4,36 @@ schema = 3 [mod."github.com/Masterminds/goutils"] version = "v1.1.1" hash = "sha256-MEvA5e099GUllILa5EXxa6toQexU1sz6eDZt2tiqpCY=" + [mod."github.com/Masterminds/semver"] + version = "v1.5.0" + hash = "sha256-3fEInOXFdzCiGdDZ1s9otEes7VXiL8Q1RVB3zXRPJsQ=" [mod."github.com/Masterminds/semver/v3"] version = "v3.2.0" hash = "sha256-JaGYNQwDxFCsLwzYVoJY4RUpP4dtiRlV14t2dVAg4oQ=" [mod."github.com/Masterminds/sprig/v3"] version = "v3.2.3" hash = "sha256-1GLZic3WQIBZGyjvyHbfcZ/7EV7oNzNhkwEiiTpVfL4=" + [mod."github.com/alecthomas/kingpin"] + version = "v2.2.6+incompatible" + hash = "sha256-uViE2kPj7tMrGYVjjdLOl2jFDmmu+3P7GvnZBse2zVY=" + [mod."github.com/alecthomas/template"] + version = "v0.0.0-20190718012654-fb15b899a751" + hash = "sha256-RsS4qxdRQ3q+GejA8D9Iu31A/mZNms4LbJ7518jWiu4=" + [mod."github.com/alecthomas/units"] + version = "v0.0.0-20210208195552-ff826a37aa15" + hash = "sha256-1KBzVguMcqUTXZm7gUfAeH2axnlUdpocMyf/JTB9q5E=" [mod."github.com/aymanbagabas/go-osc52"] version = "v1.0.3" hash = "sha256-+PPvxpq4eEcolG77a9g3r5Tw67Zs7hDOXS3nOYnizBQ=" + [mod."github.com/caarlos0/svu"] + version = "v1.9.0" + hash = "sha256-Sf6qJksmZXo6s2mGMzbIMIsVlbHdUPE0xasaZEGLcNY=" [mod."github.com/davecgh/go-spew"] version = "v1.1.1" hash = "sha256-nhzSUrE1fCkN0+RL04N4h8jWmRFPPPWbCuDc7Ss0akI=" + [mod."github.com/gobwas/glob"] + version = "v0.2.3" + hash = "sha256-hYHMUdwxVkMOjSKjR7UWO0D0juHdI4wL8JEy5plu/Jc=" [mod."github.com/golang/protobuf"] version = "v1.3.2" hash = "sha256-4fGAPuXMGpohqcqHeoIHwzCvkiWtIOAs0ewIhZ8JeU8=" From a9038a7e65b8f8a0ccca4801d185f086c42e2949 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Thu, 23 Feb 2023 17:09:25 +0100 Subject: [PATCH 3/6] Commit file Signed-off-by: Steffen Exler --- .github/workflows/bumb-version.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bumb-version.yml b/.github/workflows/bumb-version.yml index 5c8f52df..fa13b5ef 100644 --- a/.github/workflows/bumb-version.yml +++ b/.github/workflows/bumb-version.yml @@ -53,9 +53,16 @@ jobs: export VERSION="$(cat config/version.txt)" echo "tag=v$VERSION" >> $GITHUB_OUTPUT echo "branch=version-bumb/v$VERSION" >> $GITHUB_OUTPUT - - name: Create Pull Request + + - name: Commit changes run: | git checkout -b "${{ steps.tag.outputs.branch }}" + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add config/version.txt git commit -m "chore(engine): prepare release ${{ steps.tag.outputs.tag }}" + + - name: Create Pull Request + run: | git push --set-upstream origin "${{ steps.tag.outputs.branch }}" gh pr create --fill From b208ae04d441f5a49c586a42d2ddbee36439dc47 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Thu, 23 Feb 2023 17:13:17 +0100 Subject: [PATCH 4/6] Update Checkout code Signed-off-by: Steffen Exler --- .github/workflows/bumb-version.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bumb-version.yml b/.github/workflows/bumb-version.yml index fa13b5ef..08e04447 100644 --- a/.github/workflows/bumb-version.yml +++ b/.github/workflows/bumb-version.yml @@ -26,7 +26,10 @@ jobs: go-version: 1.19.x - name: Checkout code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 # cache go modules - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2 From f460015f8f76ab10b2aa2fa5625e6eaed49432c3 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Thu, 23 Feb 2023 17:14:48 +0100 Subject: [PATCH 5/6] Add GH_TOKEN Signed-off-by: Steffen Exler --- .github/workflows/bumb-version.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/bumb-version.yml b/.github/workflows/bumb-version.yml index 08e04447..0d604c1b 100644 --- a/.github/workflows/bumb-version.yml +++ b/.github/workflows/bumb-version.yml @@ -47,6 +47,7 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- + - name: Bumb version file run: make svu args=${{ inputs.versionBumb }} @@ -69,3 +70,5 @@ jobs: run: | git push --set-upstream origin "${{ steps.tag.outputs.branch }}" gh pr create --fill + env: + GH_TOKEN: ${{ github.token }} From 98c3740a0b486470b6fa02cd61181f65cdca2011 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Fri, 24 Feb 2023 21:38:10 +0100 Subject: [PATCH 6/6] Update semgrep docker image (#251) Signed-off-by: Steffen Exler Co-authored-by: Steffen Exler --- _template/.azure-pipelines.yml | 2 +- _template/.gitlab-ci.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/_template/.azure-pipelines.yml b/_template/.azure-pipelines.yml index 4b03af77..e35c3d7b 100644 --- a/_template/.azure-pipelines.yml +++ b/_template/.azure-pipelines.yml @@ -64,6 +64,6 @@ stages: displayName: Run semgrep security tests steps: - bash: | - docker run -v $(pwd):/src --workdir /src returntocorp/semgrep-agent:v1 semgrep-agent \ + docker run -v $(pwd):/src --workdir /src returntocorp/semgrep semgrep \ --config p/auto displayName: Semgrep diff --git a/_template/.gitlab-ci.yml b/_template/.gitlab-ci.yml index b375fd87..1fbed329 100644 --- a/_template/.gitlab-ci.yml +++ b/_template/.gitlab-ci.yml @@ -4,8 +4,8 @@ stages: semgrep: stage: static_analysis - image: returntocorp/semgrep-agent:v1 - script: semgrep-agent + image: returntocorp/semgrep + script: semgrep rules: # Scan changed files in MRs, block on new issues only (existing issues ignored)