From d949bd005d4eb3307eba9d2223937104e1b85e29 Mon Sep 17 00:00:00 2001 From: "Amarin (Um) Phaosawasdi" Date: Mon, 1 Jul 2024 16:58:46 -0700 Subject: [PATCH] chore: add CI tests for the pre-commit hooks (#9) --- .github/workflows/test-pre-commit.yml | 32 +++++++++++++++++++++++++++ .pre-commit-config.yaml | 21 ++++++++++++++++++ tests/python_simple.py | 1 + tests/python_simple.yml | 7 ++++++ 4 files changed, 61 insertions(+) create mode 100644 .github/workflows/test-pre-commit.yml create mode 100644 .pre-commit-config.yaml create mode 100644 tests/python_simple.py create mode 100644 tests/python_simple.yml diff --git a/.github/workflows/test-pre-commit.yml b/.github/workflows/test-pre-commit.yml new file mode 100644 index 0000000..a7ba9fa --- /dev/null +++ b/.github/workflows/test-pre-commit.yml @@ -0,0 +1,32 @@ +jobs: + test-hooks: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Configure git safedir properly + run: git config --global --add safe.directory "$(pwd)" + - name: Fake update file + run: git mv tests/python_simple.py python_simple.py + - name: Test semgrep pre-commit hook + uses: pre-commit/action@v3.0.0 + with: + extra_args: semgrep --hook-stage manual --files python_simple.py + - name: Test semgrep-ci pre-commit hook + uses: pre-commit/action@v3.0.0 + with: + extra_args: semgrep-ci --hook-stage manual --files python_simple.py + - name: Test semgrep-docker-develop pre-commit hook + uses: pre-commit/action@v3.0.0 + with: + extra_args: semgrep-docker-develop --hook-stage manual --files python_simple.py + - name: Test semgrep-docker pre-commit hook + uses: pre-commit/action@v3.0.0 + with: + extra_args: semgrep-docker --hook-stage manual --files python_simple.py + +name: pre-commit-hook-test +on: + pull_request: null + push: + branches: + - develop diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..c05cbf6 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +# These hooks are meant to be triggered in CI to test the pre-commit hooks, +# so rather than triggering at every commit, including locally, they are triggered +# whenever the test-hooks CI workflow is run. +default_stages: [manual] + +repos: + - repo: https://github.com/semgrep/pre-commit + rev: 'v1.76.0' + hooks: + - id: semgrep + name: Pre-commit semgrep + args: ["--config", "tests/python_simple.yml"] + - id: semgrep-ci + name: Pre-commit semgrep-ci + args: ["--config", "tests/python_simple.yml"] + - id: semgrep-docker-develop + name: Pre-commit semgrep-docker-develop + args: ["--config", "tests/python_simple.yml"] + - id: semgrep-docker + name: Pre-commit semgrep-docker + args: ["--config", "tests/python_simple.yml"] diff --git a/tests/python_simple.py b/tests/python_simple.py new file mode 100644 index 0000000..573541a --- /dev/null +++ b/tests/python_simple.py @@ -0,0 +1 @@ +0 diff --git a/tests/python_simple.yml b/tests/python_simple.yml new file mode 100644 index 0000000..382b093 --- /dev/null +++ b/tests/python_simple.yml @@ -0,0 +1,7 @@ +rules: + - id: simple-python-rule + pattern: "0" + message: Simple python rule + languages: + - python + severity: INFO