fix: use the correct exclude rule for semgrep

KyleKing · Jul 17, 2023 · a18b17c · a18b17c
1 parent 211cf7f
commit a18b17c
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/calcipy/tasks/lint.py b/calcipy/tasks/lint.py
@@ -112,7 +112,7 @@ def security(ctx: Context) -> None:
         '--config=r/python',
         '--config=r/terraform',
         '--config=r/yaml',
-        '--exclude-rule=third-party-action-not-pinned-to-commit-sha',
+        '--exclude-rule=yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha',
     ])
     logger.text('Note: Selectively override semgrep with "# nosem"', is_header=True)
     run(ctx, f'{python_dir()}/semgrep ci --autofix {semgrep_configs}')

diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
@@ -5,6 +5,10 @@
 - support pydantic v2 serialization
 - skip SemGrep rule to pin GitHub Actions to commit IDs
 
+### Refactor
+
+- resolve local test suite problems
+
 ## 1.4.1 (2023-07-07)
 
 ### Fix

diff --git a/tests/tasks/test_lint.py b/tests/tasks/test_lint.py
@@ -31,7 +31,7 @@
                 '--config=r/python',
                 '--config=r/terraform',
                 '--config=r/yaml',
-                '--exclude-rule=third-party-action-not-pinned-to-commit-sha',
+                '--exclude-rule=yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha',
             ]),
         ]),
         (pre_commit, {}, [