Migrate from Makefile to Taskfile

[nicolargo]

https://taskfile.dev/fr-fr/

Example:

version: '3'

#TODO: semgrep phones home (disconnect your network to see it) even if disabled!
#TODO: docker pull a sha256... use unpriv user and drop caps

# Silent means you won't see any list of cmd running (unless they echo)
# So its not suitable for developpment
# silent: true

env:
  CLIARGS: "{{.CLI_ARGS}}"
  OPT: "--metrics=off --oss-only --gitlab-sast"
  #BASECMD: docker container run --rm -v "$FILE_TO_SCAN:$FILE_TO_SCAN" -v ./rules:/rules docker-ccsl-virtual/returntocorp/semgrep
  IMG: "docker-ccsl-virtual.repo/returntocorp/semgrep"
  #IMG: "returntocorp/semgrep"
  MYRULES: "myrules"

tasks:

  rules:
    desc: Install or update community rules
    cmds:
      - git clone https://github.com/returntocorp/semgrep-rules rules || /bin/true # don't fail if its an update
      - cd rules
      - git checkout develop # we take rules on upstream from develop
      - git pull

  sync-rules:
    desc: For rules inherited from community, update them.
    cmds:
      - echo; [[ -z $(git status -s {{.USER_WORKING_DIR}}/$MYRULES) ]] || ( echo "You have uncommited changes"; exit 1;)
      - bash {{.USER_WORKING_DIR}}/add_rules.sh

  scan:
    desc: Scan a file for my rules and fail
    cmds:
      - docker container run --rm -v "$CLIARGS:$CLIARGS" -v {{.USER_WORKING_DIR}}/rules:/rules -v {{.USER_WORKING_DIR}}/$MYRULES:/rules/$MYRULES "$IMG" semgrep scan --config "/rules/$MYRULES" $OPT --error "$CLIARGS"

  test:
    desc: Test my rules and fail
    cmds:
      - echo "Testing $MYRULES"
      - docker container run --rm -v {{.USER_WORKING_DIR}}/rules:/rules -v {{.USER_WORKING_DIR}}/$MYRULES:/rules/$MYRULES "$IMG" semgrep --test "/rules/$MYRULES" $CLIARGS

  scan-gen:
    desc: Scan a file for public rules but don't fail
    cmds:
      - echo "Scanning $CLIARGS, config $GENRULES"
      - docker container run --rm -v "$CLIARGS:$CLIARGS" -v {{.USER_WORKING_DIR}}/rules:/rules "$IMG" semgrep scan --config "$GENRULES" $OPT --no-error "$CLIARGS"

  test-gen:
    desc: Test public rules.
    cmds:
      - for: [ "/rules/dockerfile", "/rules/generic/dockerfile"]
        cmd: docker container run --rm -v "$CLIARGS:$CLIARGS" -v {{.USER_WORKING_DIR}}/rules:/rules "$IMG" semgrep --test --debug "{{ .ITEM }}"

  help:
    desc: Show help
    cmds:
      - docker container run --rm "$IMG" semgrep --help

  exec:
    desc: Bash in container
    cmds:
      - docker container run -it --rm -v {{.USER_WORKING_DIR}}/rules:/rules -v {{.USER_WORKING_DIR}}/$MYRULES:/rules/$MYRULES "$IMG" $CLIARGS

[github-actions[bot]]

This issue is stale because it has been open for 3 months with no activity.