Clarify three Buildkite scenarios for semgrep #4597
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
👷 Deploy preview for chef-automate processing. 🔨 Explore the source changes: f681c49 🔍 Inspect the deploy logs: https://app.netlify.com/sites/chef-automate/deploys/60039e23e191c40007bd8074 |
msorens
force-pushed
the
ms/semgrep-test
branch
5 times, most recently
from
bdf19ae to
8378dc9
Compare
msorens
changed the title
Signed-off-by: michael sorens <msorens@chef.io>
Previous PR confirmed behavior after merge, so can remove the safeguard now. Signed-off-by: michael sorens <msorens@chef.io>
msorens
force-pushed
the
ms/semgrep-test
branch
from
8378dc9 to
f681c49
Compare
kalroy
pushed a commit
that referenced
this pull request
Jan 28, 2021
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔩 Description: What code changed, and why?
Straightened out the details and the messaging for the three possible build scenarios.
Also, in my last PR (#4596) I was testing the behavior when merging to master, and that worked as expected, so now removing the soft-fail safe guard.
Manual build
This is an explicitly created build via the "New Build" button in Buildkite, outside of a PR.
In our environment, this should almost always be on a working branch that derived from master; we rely on that fact to set the base branch to "master" for the differential semgrep scan (1). Points (2) and (3) show the differential scan in action--it picks up only the 9 files in the 7 commits on the target branch.
PR build
This is the same run inside a PR, kicked off automatically by Buildkite, as you can tell from (1).
This will actually accommodate PRs derived from any branch, not just master, though in this case
it is derived from master.
You see the same commits (2) and the same number of files (3) as in the manual build.
Merge build
When we merge a PR, Buildkite re-runs all tasks and tests on master. For the automate repository,
all PRs are forced to use the squash-and-merge policy, which means there will be exactly one new commit added to master. We rely on that fact to set the base for the differential scan to the commit just preceding this new commit (1). You can see the results of the squash at (2), where there is now just a single commit, but (3) confirms that there are still the same 9 files, as there should be.
⛓️ Related Resources
#4395 -- introduce semgrep
#4430 -- migrate to semgrep-agent
#4596 -- update makefile and buildkite semgrep tasks
👍 Definition of Done
Any of the 3 build scenarios run the same semgrep differential scan and clearly spell that out in the output log.
👟 How to Build and Test the Change
(1) Open a PR to see a PR build.
(2) Manually create a new build in Buildkite to see a manual build.
(3) Merge a PR to see a merge build.
✅ Checklist
📷 Screenshots, if applicable
NA