Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from Makefile to Taskfile #2583

Open
nicolargo opened this issue Oct 16, 2023 · 1 comment
Open

Migrate from Makefile to Taskfile #2583

nicolargo opened this issue Oct 16, 2023 · 1 comment
Labels
continuous integration inactive needs contributor

Comments

@nicolargo
Copy link
Owner

nicolargo commented Oct 16, 2023
edited
Loading

https://taskfile.dev/fr-fr/

Example:

version: '3'

#TODO: semgrep phones home (disconnect your network to see it) even if disabled!
#TODO: docker pull a sha256... use unpriv user and drop caps

# Silent means you won't see any list of cmd running (unless they echo)
# So its not suitable for developpment
# silent: true

env:
  CLIARGS: "{{.CLI_ARGS}}"
  OPT: "--metrics=off --oss-only --gitlab-sast"
  #BASECMD: docker container run --rm -v "$FILE_TO_SCAN:$FILE_TO_SCAN" -v ./rules:/rules docker-ccsl-virtual/returntocorp/semgrep
  IMG: "docker-ccsl-virtual.repo/returntocorp/semgrep"
  #IMG: "returntocorp/semgrep"
  MYRULES: "myrules"

tasks:

  rules:
    desc: Install or update community rules
    cmds:
      - git clone https://github.com/returntocorp/semgrep-rules rules || /bin/true # don't fail if its an update
      - cd rules
      - git checkout develop # we take rules on upstream from develop
      - git pull

  sync-rules:
    desc: For rules inherited from community, update them.
    cmds:
      - echo; [[ -z $(git status -s {{.USER_WORKING_DIR}}/$MYRULES) ]] || ( echo "You have uncommited changes"; exit 1;)
      - bash {{.USER_WORKING_DIR}}/add_rules.sh

  scan:
    desc: Scan a file for my rules and fail
    cmds:
      - docker container run --rm -v "$CLIARGS:$CLIARGS" -v {{.USER_WORKING_DIR}}/rules:/rules -v {{.USER_WORKING_DIR}}/$MYRULES:/rules/$MYRULES "$IMG" semgrep scan --config "/rules/$MYRULES" $OPT --error "$CLIARGS"

  test:
    desc: Test my rules and fail
    cmds:
      - echo "Testing $MYRULES"
      - docker container run --rm -v {{.USER_WORKING_DIR}}/rules:/rules -v {{.USER_WORKING_DIR}}/$MYRULES:/rules/$MYRULES "$IMG" semgrep --test "/rules/$MYRULES" $CLIARGS

  scan-gen:
    desc: Scan a file for public rules but don't fail
    cmds:
      - echo "Scanning $CLIARGS, config $GENRULES"
      - docker container run --rm -v "$CLIARGS:$CLIARGS" -v {{.USER_WORKING_DIR}}/rules:/rules "$IMG" semgrep scan --config "$GENRULES" $OPT --no-error "$CLIARGS"

  test-gen:
    desc: Test public rules.
    cmds:
      - for: [ "/rules/dockerfile", "/rules/generic/dockerfile"]
        cmd: docker container run --rm -v "$CLIARGS:$CLIARGS" -v {{.USER_WORKING_DIR}}/rules:/rules "$IMG" semgrep --test --debug "{{ .ITEM }}"

  help:
    desc: Show help
    cmds:
      - docker container run --rm "$IMG" semgrep --help

  exec:
    desc: Bash in container
    cmds:
      - docker container run -it --rm -v {{.USER_WORKING_DIR}}/rules:/rules -v {{.USER_WORKING_DIR}}/$MYRULES:/rules/$MYRULES "$IMG" $CLIARGS
@nicolargo nicolargo added this to the Glances 4.0.0 milestone Oct 16, 2023
@nicolargo nicolargo modified the milestones: Glances 4.0.0, Glances 4.1.0 Apr 8, 2024
@nicolargo nicolargo removed this from the Glances 4.1.0 milestone May 26, 2024
@ariel-anieli ariel-anieli mentioned this issue Aug 5, 2024
Closed
7 tasks
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 3 months with no activity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
continuous integration inactive needs contributor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nicolargo @RazCrimson