semgrep 1.82.0 #176636
semgrep 1.82.0 #176636
Conversation
github-actions
bot
added
ocaml
branchvincent
added
the
CI-no-fail-fast
|
Unrelated issue on linux: ==> opam install --deps-only -y .
Warning: Failed checks on semgrep package definition from source at
git+file:///tmp/semgrep-20240707-21900-rd915v#HEAD:
warning 62: License doesn't adhere to the SPDX standard, see
https://spdx.org/licenses/ : "LGPL-2.1"
Warning: Opam packages conf-gmp.4, conf-libcurl.1, conf-libev.4-12,
conf-libpcre.1 and conf-pkg-config.3 depend on the following system
packages that are no longer installed: libcurl4-gnutls-dev libev-dev
libgmp-dev libpcre3-dev pkg-config
Error: Package conflict!
* Missing dependency:
- conf-libcurl.1: no longer available
No solution found, exiting |
branchvincent
force-pushed
the
python@3.12-semgrep
branch
from
2d97990
to
a8a9983
Compare
branchvincent
force-pushed
the
python@3.12-semgrep
branch
from
a8a9983
to
e2601d3
Compare
|
Any update on this? VS Code extension is complaining about an outdated CLI version now and 1.81.0 was just released.
|
|
We need to figure out #176636 (comment), @amchiclet do by chance understand what's wrong here? |
|
@branchvincent hey, thanks for flagging this. Let me bring it up with the team. |
|
@branchvincent it's not obvious to the team what this might be the root cause. Sorry, it may take a while for the team to get to this. They're aware that the brew release has failed for a bit, but everyone right now seems quite occupied with other items. I'm a little less involved in the release than before, but I'll do my best to help debug during my available time and to make it known more to the team if it doesn't get resolved and causes a lot of issues. |
|
Also, the CI failure says that if I use the formula in this PR for homebrew on linux or WSL, it will fail. Is that correct? |
I've only installed with homebrew on MacOS but semgrep itself definitely runs on linux Does it have something to do with semgrep requiring v1 here? Not the same error message but the semgrep build is failing on the same step. I'll open an issue for the semgrep team. |
It's possible. If I have some time, I'll test it out. |
|
I've tried not pinning My hypothesis is that something happened between opam (one of the build dependencies) version 2.1.5 and 2.2.0. The release date of 2.2.0 seems to be a possible explanation of the errors we are seeing just now and not earlier. On my linux machine, pinning opam to 2.1.5 allows me to build semgrep successfully. I don't know if there's anything else going on or whether it will build successfully in homebrew-core's CI though. I assume it is the cause of the failure. Ideally we would try to make our build work with the newest version of everything, but in this case, I think we're OK sticking to opam 2.1.5 meanwhile to unblock our newer releases. It's a package manager, and not a library, so that makes it a bit less bad. And I'll file a ticket to the team. @branchvincent do you have strong oppositions against pinning opam to 2.1.5 to try to unblock this release? The other error that @supergibbs linked seems to be something else. We probably need to try to tackle one error at a time. |
|
Actually 2.1.6 may work. I thought 2.1.5 was the latest before 2.2.0 and only tried that. |
|
Sadly, no luck with the version thing: #179033 |
|
I think the brew on linux issue is resolved. Hopefully the PR to fix that gets merged soon. |
branchvincent
force-pushed
the
python@3.12-semgrep
branch
from
e2601d3
to
4cadf45
Compare
Brew in linux doesn't seem compatible with opam. I believe opam uses the system's default package manager to check dependencies. So in this case, brew on linux installs dependencies, but opam thinks that they're not installed and gives an error. Worked around this by only checking dependencies on macos. Not ideal for linux, but if it's missing a dependency, the build should fail, and if the build doesn't fail, then brew test should fail. Co-authored-by: Amarin Phaosawasdi <amarin@semgrep.com>
branchvincent
force-pushed
the
python@3.12-semgrep
branch
from
4cadf45
to
1746c0c
Compare
|
🤖 An automated task has requested bottles to be published to this PR. |
github-actions
bot
added
the
CI-published-bottle-commits
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
@amchiclet thank you again, really appreciate you taking the time to fix this 💯 One last thing, |
I second that, you too @branchvincent for keeping semgrep updated in brew. Thanks! |
|
@branchvincent We appreciate you helping us move forward to python 3.12! ❤️ Not to mention, you also helped unblock a pip upgrade failure before. Do you by any chance know if the latest glom would still work with python 3.11? Or do we also need to migrate our makefiles to work with 3.12 in one step? |
|
@supergibbs thanks for the kind words 😄 @amchiclet yea latest |
semgrep: migrate to
python@3.12