From 9e5a0b4cea2b193d563bb1ef8d8cbe7fa7fa327c Mon Sep 17 00:00:00 2001 From: Phil Turnbull Date: Mon, 14 Aug 2023 15:24:50 -0400 Subject: [PATCH] Improve historical version logic It's rare but it's possible that a tagged version exists as a GitHub release but not as a docker image. Try a few different versions if the tag does not exist in the docker registry. --- .../workflows/semgrep-rules-test-historical.yml | 5 +---- scripts/historical-semgrep-version | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) create mode 100755 scripts/historical-semgrep-version diff --git a/.github/workflows/semgrep-rules-test-historical.yml b/.github/workflows/semgrep-rules-test-historical.yml index 2d4e266b05..7dee332762 100644 --- a/.github/workflows/semgrep-rules-test-historical.yml +++ b/.github/workflows/semgrep-rules-test-historical.yml @@ -37,10 +37,7 @@ jobs: - name: grab historical semgrep version env: GH_TOKEN: ${{ github.token }} - run: | - SEMGREP_OLD_VERSION=$(gh api --method GET /repos/returntocorp/semgrep/releases | jq -r '.[].tag_name' | sed -n 10p | tr -d v) - echo $SEMGREP_OLD_VERSION - echo "SEMGREP_OLD_VERSION=$SEMGREP_OLD_VERSION" >> $GITHUB_ENV + run: scripts/historical-semgrep-version - name: validate rules on historical semgrep version run: | docker run --rm -v ${GITHUB_WORKSPACE}/semgrep-rules:/src returntocorp/semgrep:${SEMGREP_OLD_VERSION} semgrep --validate --config /src diff --git a/scripts/historical-semgrep-version b/scripts/historical-semgrep-version new file mode 100755 index 0000000000..2b0dd928a6 --- /dev/null +++ b/scripts/historical-semgrep-version @@ -0,0 +1,17 @@ +#!/bin/bash +HISTORICAL_VERSIONS=10 +RETRIES=3 + +versions=$(gh api --method GET /repos/returntocorp/semgrep/releases | jq 'reverse' | jq -r '.[].tag_name' | tail "-n${HISTORICAL_VERSIONS}" | head -n "${RETRIES}" | tr -d v) + +for version in $(echo "${versions}"); do + docker pull "returntocorp/semgrep:${version}" + if [[ "$?" == 0 ]]; then + echo "${version}" + echo "SEMGREP_OLD_VERSION=${version}" >> "${GITHUB_ENV}" + exit 0 + fi +done + +echo "Could not determine historical version, tried: $(echo ${versions})" +exit 1