From d776ed5e0c4f7320e0b6fe3b95f8dc0bb8dee8e6 Mon Sep 17 00:00:00 2001
From: Amarin Phaosawasdi <amarin@semgrep.com>
Date: Mon, 1 Jul 2024 13:33:10 -0700
Subject: [PATCH 1/4] chore: add CI tests for the pre-commit hooks

---
 .github/workflows/test-pre-commit.yml | 32 +++++++++++++++++++++++++++
 .pre-commit-config.yaml               | 21 ++++++++++++++++++
 tests/python_simple.py                |  1 +
 tests/python_simple.yml               |  7 ++++++
 4 files changed, 61 insertions(+)
 create mode 100644 .github/workflows/test-pre-commit.yml
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 tests/python_simple.py
 create mode 100644 tests/python_simple.yml

diff --git a/.github/workflows/test-pre-commit.yml b/.github/workflows/test-pre-commit.yml
new file mode 100644
index 0000000..80824b2
--- /dev/null
+++ b/.github/workflows/test-pre-commit.yml
@@ -0,0 +1,32 @@
+jobs:
+  test-hooks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Configure git safedir properly
+        run: git config --global --add safe.directory $(pwd)
+      - name: Fake update file
+        run: git mv tests/python_simple.py python_simple.py
+      - name: Test semgrep pre-commit hook
+        uses: pre-commit/action@v3.0.0
+        with:
+          extra_args: semgrep --hook-stage manual --files python_simple.py
+      - name: Test semgrep-ci pre-commit hook
+        uses: pre-commit/action@v3.0.0
+        with:
+          extra_args: semgrep-ci --hook-stage manual --files python_simple.py
+      - name: Test semgrep-docker-develop pre-commit hook
+        uses: pre-commit/action@v3.0.0
+        with:
+          extra_args: semgrep-docker-develop --hook-stage manual --files python_simple.py
+      - name: Test semgrep-docker pre-commit hook
+        uses: pre-commit/action@v3.0.0
+        with:
+          extra_args: semgrep-docker --hook-stage manual --files python_simple.py
+
+name: pre-commit-hook-test
+on:
+  pull_request: null
+  push:
+    branches:
+      - develop
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..c05cbf6
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,21 @@
+# These hooks are meant to be triggered in CI to test the pre-commit hooks,
+# so rather than triggering at every commit, including locally, they are triggered
+# whenever the test-hooks CI workflow is run.
+default_stages: [manual]
+
+repos:
+  - repo: https://github.com/semgrep/pre-commit
+    rev: 'v1.76.0'
+    hooks:
+      - id: semgrep
+        name: Pre-commit semgrep
+        args: ["--config", "tests/python_simple.yml"]
+      - id: semgrep-ci
+        name: Pre-commit semgrep-ci
+        args: ["--config", "tests/python_simple.yml"]
+      - id: semgrep-docker-develop
+        name: Pre-commit semgrep-docker-develop
+        args: ["--config", "tests/python_simple.yml"]
+      - id: semgrep-docker
+        name: Pre-commit semgrep-docker
+        args: ["--config", "tests/python_simple.yml"]
diff --git a/tests/python_simple.py b/tests/python_simple.py
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/tests/python_simple.py
@@ -0,0 +1 @@
+0
diff --git a/tests/python_simple.yml b/tests/python_simple.yml
new file mode 100644
index 0000000..382b093
--- /dev/null
+++ b/tests/python_simple.yml
@@ -0,0 +1,7 @@
+rules:
+  - id: simple-python-rule
+    pattern: "0"
+    message: Simple python rule
+    languages:
+      - python
+    severity: INFO

From a7450aa564b047d807eb7572dc40043d68a90aac Mon Sep 17 00:00:00 2001
From: Amarin Phaosawasdi <amarin@semgrep.com>
Date: Mon, 1 Jul 2024 16:42:40 -0700
Subject: [PATCH 2/4] address code review comments

---
 .github/workflows/test-pre-commit.yml | 2 +-
 .pre-commit-config.yaml               | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test-pre-commit.yml b/.github/workflows/test-pre-commit.yml
index 80824b2..a7ba9fa 100644
--- a/.github/workflows/test-pre-commit.yml
+++ b/.github/workflows/test-pre-commit.yml
@@ -4,7 +4,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Configure git safedir properly
-        run: git config --global --add safe.directory $(pwd)
+        run: git config --global --add safe.directory "$(pwd)"
       - name: Fake update file
         run: git mv tests/python_simple.py python_simple.py
       - name: Test semgrep pre-commit hook
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c05cbf6..aa766a5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,8 +4,7 @@
 default_stages: [manual]
 
 repos:
-  - repo: https://github.com/semgrep/pre-commit
-    rev: 'v1.76.0'
+  - repo: local
     hooks:
       - id: semgrep
         name: Pre-commit semgrep

From d2fdf3c3dd01f822280db6587679482e4f4ca7e2 Mon Sep 17 00:00:00 2001
From: Amarin Phaosawasdi <amarin@semgrep.com>
Date: Mon, 1 Jul 2024 16:54:29 -0700
Subject: [PATCH 3/4] add entry

---
 .pre-commit-config.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index aa766a5..1b24b1c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -8,13 +8,17 @@ repos:
     hooks:
       - id: semgrep
         name: Pre-commit semgrep
+        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]
       - id: semgrep-ci
         name: Pre-commit semgrep-ci
+        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]
       - id: semgrep-docker-develop
         name: Pre-commit semgrep-docker-develop
+        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]
       - id: semgrep-docker
         name: Pre-commit semgrep-docker
+        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]

From f96f9b0ab19ef698784e5f455c501138e24367c6 Mon Sep 17 00:00:00 2001
From: Amarin Phaosawasdi <amarin@semgrep.com>
Date: Mon, 1 Jul 2024 16:56:19 -0700
Subject: [PATCH 4/4] revert some stuff that didn't just simply work

---
 .pre-commit-config.yaml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 1b24b1c..c05cbf6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,21 +4,18 @@
 default_stages: [manual]
 
 repos:
-  - repo: local
+  - repo: https://github.com/semgrep/pre-commit
+    rev: 'v1.76.0'
     hooks:
       - id: semgrep
         name: Pre-commit semgrep
-        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]
       - id: semgrep-ci
         name: Pre-commit semgrep-ci
-        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]
       - id: semgrep-docker-develop
         name: Pre-commit semgrep-docker-develop
-        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]
       - id: semgrep-docker
         name: Pre-commit semgrep-docker
-        entry: pre-commit
         args: ["--config", "tests/python_simple.yml"]