build: remove the semgrep dependency

KyleKing · Sep 1, 2023 · 4c2a27a · 4c2a27a
1 parent 6a105d6
commit 4c2a27a
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 441 deletions.
diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml
@@ -29,6 +29,9 @@ jobs:
           os: ${{ matrix.os }}
           python-version: ${{ matrix.python-version }}
 
+      - name: Install pipx dependencies
+        run: pipx install semgrep
+        shell: bash
       - name: Run static linters
         run: ./run lint.check
 

diff --git a/calcipy/tasks/executable_utils.py b/calcipy/tasks/executable_utils.py
@@ -32,17 +32,21 @@ def python_m() -> str:
     return f'{resolve_python()} -m'
 
 
-PYRIGHT_MESSAGE = """
-`pyright` was not found and must be installed separately (such as 'brew install pyright' on Mac).
-    See the online documentation for your system: https://microsoft.github.io/pyright/#/installation
+GH_MESSAGE = """
+`gh` was not found and must be installed separately (such as 'brew install gh' on Mac).
+    See the online documentation for your system: https://cli.github.com/
 """
 PRE_COMMIT_MESSAGE = """
 `pre-commit` was not found and must be installed separately (such as 'brew install pre-commit' on Mac).
     See the online documentation for your system: https://pre-commit.com/#install
 """
-GH_MESSAGE = """
-`gh` was not found and must be installed separately (such as 'brew install gh' on Mac).
-    See the online documentation for your system: https://cli.github.com/
+PYRIGHT_MESSAGE = """
+`pyright` was not found and must be installed separately (such as 'brew install pyright' on Mac).
+    See the online documentation for your system: https://microsoft.github.io/pyright/#/installation
+"""
+SEMGREP_MESSAGE = """
+`semgrep` was not found and must be installed separately (such as 'pipx install semgrep').
+    See the online documentation for your system: https://github.com/returntocorp/semgrep
 """
 
 

diff --git a/calcipy/tasks/lint.py b/calcipy/tasks/lint.py
@@ -10,7 +10,7 @@
 
 from ..cli import task
 from ..invoke_helpers import run
-from .executable_utils import PRE_COMMIT_MESSAGE, check_installed, python_dir, python_m
+from .executable_utils import PRE_COMMIT_MESSAGE, SEMGREP_MESSAGE, check_installed, python_dir, python_m
 
 # ==============================================================================
 # Linting
@@ -92,10 +92,12 @@ def pylint(ctx: Context, *, report: bool = False) -> None:
 @task()
 def security(ctx: Context) -> None:
     """Attempt to identify possible security vulnerabilities."""
-    logger.text('Note: Selectively override bandit with "# nosec"', is_header=True)
+    logger.warning('Note: Selectively override bandit with "# nosec"', is_header=True)
     pkg_name = read_package_name()
     run(ctx, f'{python_dir()}/bandit --recursive {pkg_name} -s B101')
 
+    check_installed(ctx, executable='semgrep', message=SEMGREP_MESSAGE)
+    logger.warning('Note: Selectively override semgrep with "# nosem"', is_header=True)
     # See additional semgrep rules at:
     #   https://semgrep.dev/explore
     #   https://github.com/returntocorp/semgrep-rules/tree/develop/python
@@ -114,8 +116,7 @@ def security(ctx: Context) -> None:
         '--config=r/yaml',
         '--exclude-rule=yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha',
     ])
-    logger.text('Note: Selectively override semgrep with "# nosem"', is_header=True)
-    run(ctx, f'{python_dir()}/semgrep ci --autofix {semgrep_configs}')
+    run(ctx, f'semgrep ci --autofix {semgrep_configs}')
 
 
 # ==============================================================================