tessl/pypi-semgrep
Lightweight static analysis for many languages with programmatic Python API for custom integrations.
—
Pending
cicd-integration.mddocs/
CI/CD Integration
Classes and utilities for integrating semgrep into various continuous integration and deployment platforms with automatic metadata detection.
Capabilities
Base CI/CD Classes
Foundation classes for CI/CD platform integration.
class GitMeta:
"""
Base Git repository metadata class.
Provides common functionality for extracting Git repository
information across different CI/CD platforms.
Attributes:
- branch (str): Current branch name
- commit_sha (str): Current commit SHA
- commit_message (str): Current commit message
- commit_timestamp (str): Commit timestamp
- commit_author_name (str): Commit author name
- commit_author_email (str): Commit author email
- repository_name (str): Repository name
- repository_url (str): Repository URL
"""
def __init__(self): ...
def get_branch(self): ...
def get_commit_sha(self): ...
def get_commit_message(self): ...
def get_repository_info(self): ...
def is_pull_request(self): ...Platform-Specific Integration Classes
Specialized classes for each CI/CD platform with automatic environment detection.
class GithubMeta(GitMeta):
"""
GitHub Actions CI integration.
Automatically detects GitHub Actions environment and extracts
relevant metadata from GitHub-specific environment variables.
Additional Attributes:
- pull_request_number (str): PR number if applicable
- github_actor (str): GitHub username triggering the action
- workflow_name (str): GitHub workflow name
- job_name (str): Current job name
- run_id (str): GitHub Actions run ID
"""
def __init__(self): ...
def get_pull_request_info(self): ...
def get_workflow_context(self): ...
def get_github_token(self): ...
class GitlabMeta(GitMeta):
"""
GitLab CI integration.
Extracts metadata from GitLab CI/CD environment variables
and provides GitLab-specific functionality.
Additional Attributes:
- pipeline_id (str): GitLab pipeline ID
- job_id (str): GitLab job ID
- merge_request_iid (str): Merge request internal ID
- project_id (str): GitLab project ID
- runner_id (str): GitLab runner ID
"""
def __init__(self): ...
def get_merge_request_info(self): ...
def get_pipeline_context(self): ...
def get_project_info(self): ...
class CircleCIMeta(GitMeta):
"""
CircleCI integration.
Handles CircleCI-specific environment variables and provides
CircleCI workflow and job context.
Additional Attributes:
- build_number (str): CircleCI build number
- workflow_id (str): CircleCI workflow ID
- job_name (str): CircleCI job name
- node_index (str): Parallel job node index
"""
def __init__(self): ...
def get_build_info(self): ...
def get_workflow_info(self): ...
def is_parallel_job(self): ...
class JenkinsMeta(GitMeta):
"""
Jenkins CI integration.
Extracts metadata from Jenkins environment variables
and provides Jenkins-specific build context.
Additional Attributes:
- build_number (str): Jenkins build number
- build_id (str): Jenkins build ID
- job_name (str): Jenkins job name
- workspace (str): Jenkins workspace path
"""
def __init__(self): ...
def get_build_info(self): ...
def get_job_context(self): ...
def get_workspace_info(self): ...
class BitbucketMeta(GitMeta):
"""
Bitbucket Pipelines integration.
Handles Bitbucket Pipelines environment and provides
repository and pipeline context.
Additional Attributes:
- build_number (str): Bitbucket build number
- step_triggerer_uuid (str): User UUID who triggered the step
- pipeline_uuid (str): Pipeline UUID
- workspace (str): Bitbucket workspace
"""
def __init__(self): ...
def get_pipeline_info(self): ...
def get_workspace_info(self): ...
class AzurePipelinesMeta(GitMeta):
"""
Azure Pipelines integration.
Extracts metadata from Azure DevOps Pipelines environment
and provides pipeline and build context.
Additional Attributes:
- build_id (str): Azure build ID
- build_number (str): Azure build number
- pipeline_name (str): Pipeline name
- stage_name (str): Current stage name
- job_name (str): Current job name
"""
def __init__(self): ...
def get_build_context(self): ...
def get_pipeline_context(self): ...
class BuildkiteMeta(GitMeta):
"""
Buildkite CI integration.
Handles Buildkite-specific environment variables and provides
build and pipeline context.
Additional Attributes:
- build_number (str): Buildkite build number
- pipeline_slug (str): Pipeline slug identifier
- agent_name (str): Buildkite agent name
- job_id (str): Buildkite job ID
"""
def __init__(self): ...
def get_build_info(self): ...
def get_agent_info(self): ...
class TravisMeta(GitMeta):
"""
Travis CI integration.
Extracts metadata from Travis CI environment variables
and provides build context.
Additional Attributes:
- build_number (str): Travis build number
- job_number (str): Travis job number
- build_id (str): Travis build ID
- job_id (str): Travis job ID
"""
def __init__(self): ...
def get_build_info(self): ...
def get_job_info(self): ...Platform Detection
Utility functions for automatic CI/CD platform detection.
def detect_ci_platform():
"""
Automatically detect the current CI/CD platform.
Examines environment variables to determine which
CI/CD platform is currently running.
Returns:
str: Platform name (github, gitlab, circleci, jenkins, etc.)
None: If no known platform is detected
"""
def get_platform_metadata(platform_name=None):
"""
Get metadata for the specified or detected platform.
Parameters:
- platform_name (str, optional): Specific platform to get metadata for
If None, auto-detects platform
Returns:
GitMeta: Platform-specific metadata object
None: If platform not supported or detected
"""
def is_ci_environment():
"""
Check if code is running in a CI/CD environment.
Returns:
bool: True if running in a detected CI environment
"""Usage Examples
Automatic Platform Detection
from semgrep.meta import detect_ci_platform, get_platform_metadata
# Auto-detect CI platform
platform = detect_ci_platform()
print(f"Detected platform: {platform}")
# Get platform metadata
if platform:
meta = get_platform_metadata(platform)
print(f"Branch: {meta.get_branch()}")
print(f"Commit: {meta.get_commit_sha()}")
print(f"Repository: {meta.get_repository_info()}")Platform-Specific Usage
from semgrep.meta import GithubMeta, GitlabMeta
# GitHub-specific usage
if detect_ci_platform() == "github":
github_meta = GithubMeta()
if github_meta.is_pull_request():
pr_info = github_meta.get_pull_request_info()
print(f"PR #{pr_info['number']}: {pr_info['title']}")
workflow_context = github_meta.get_workflow_context()
print(f"Workflow: {workflow_context['workflow_name']}")
print(f"Job: {workflow_context['job_name']}")
# GitLab-specific usage
elif detect_ci_platform() == "gitlab":
gitlab_meta = GitlabMeta()
pipeline_context = gitlab_meta.get_pipeline_context()
print(f"Pipeline ID: {pipeline_context['pipeline_id']}")
if gitlab_meta.is_pull_request(): # Merge request in GitLab
mr_info = gitlab_meta.get_merge_request_info()
print(f"MR !{mr_info['iid']}: {mr_info['title']}")Custom Integration
from semgrep.meta import GitMeta
class CustomCIMeta(GitMeta):
"""Custom CI platform integration."""
def __init__(self):
super().__init__()
self.custom_build_id = os.getenv("CUSTOM_BUILD_ID")
self.custom_environment = os.getenv("CUSTOM_ENV")
def get_custom_context(self):
return {
"build_id": self.custom_build_id,
"environment": self.custom_environment,
"branch": self.get_branch(),
"commit": self.get_commit_sha()
}
# Usage
custom_meta = CustomCIMeta()
context = custom_meta.get_custom_context()
print(f"Custom build context: {context}")Install with Tessl CLI
npx tessl i tessl/pypi-semgrep