diff --git a/.github/workflows/require-version-label.yml b/.github/workflows/require-version-label.yml new file mode 100644 index 0000000..bea074c --- /dev/null +++ b/.github/workflows/require-version-label.yml @@ -0,0 +1,65 @@ +name: Require Version Bump Label + +on: + pull_request: + types: [opened, labeled, unlabeled, synchronize] + +jobs: + check-plugin-changes: + name: Check for Plugin Changes + runs-on: ubuntu-latest + outputs: + has_plugin_changes: ${{ steps.check.outputs.has_changes }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check if plugin files changed + id: check + run: | + # Get list of changed files + CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) + + # Define plugin file patterns (adjust based on repo structure) + # For Claude: plugin/, For Cursor: hooks/, mcp.json, skills/, scripts/ + PLUGIN_PATTERNS="plugin/|hooks/|mcp\.json|\.mcp\.json|skills/|scripts/|commands/|semgrep-version" + + if echo "$CHANGED_FILES" | grep -qE "$PLUGIN_PATTERNS"; then + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "Plugin files changed:" + echo "$CHANGED_FILES" | grep -E "$PLUGIN_PATTERNS" || true + else + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No plugin files changed" + fi + + check-version-label: + name: Check Version Bump Label + needs: check-plugin-changes + if: needs.check-plugin-changes.outputs.has_plugin_changes == 'true' + runs-on: ubuntu-latest + steps: + - name: Check for version bump label + run: | + LABELS='${{ toJson(github.event.pull_request.labels.*.name) }}' + + if echo "$LABELS" | grep -q '"bump:patch"'; then + echo "✓ Found label: bump:patch" + exit 0 + elif echo "$LABELS" | grep -q '"bump:minor"'; then + echo "✓ Found label: bump:minor" + exit 0 + elif echo "$LABELS" | grep -q '"bump:major"'; then + echo "✓ Found label: bump:major" + exit 0 + else + echo "✗ Missing version bump label!" + echo "" + echo "This PR modifies plugin files and requires a version bump." + echo "Please add one of the following labels:" + echo " - bump:patch (bug fixes: 0.4.1 → 0.4.2)" + echo " - bump:minor (new features: 0.4.1 → 0.5.0)" + echo " - bump:major (breaking changes: 0.4.1 → 1.0.0)" + exit 1 + fi diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml new file mode 100644 index 0000000..5e33a4f --- /dev/null +++ b/.github/workflows/version-bump.yml @@ -0,0 +1,92 @@ +name: Version Bump on Label + +on: + pull_request: + types: [labeled] + +jobs: + bump-version: + name: Bump Version + if: startsWith(github.event.label.name, 'bump:') + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + ref: ${{ github.head_ref }} + + - name: Determine bump type + id: bump_type + run: | + LABEL="${{ github.event.label.name }}" + BUMP_TYPE="${LABEL#bump:}" + echo "type=$BUMP_TYPE" >> $GITHUB_OUTPUT + + - name: Find plugin.json + id: find_plugin + run: | + # Look for plugin.json in different locations + if [ -f "plugin/.claude-plugin/plugin.json" ]; then + echo "path=plugin/.claude-plugin/plugin.json" >> $GITHUB_OUTPUT + elif [ -f ".claude-plugin/plugin.json" ]; then + echo "path=.claude-plugin/plugin.json" >> $GITHUB_OUTPUT + elif [ -f ".cursor-plugin/plugin.json" ]; then + echo "path=.cursor-plugin/plugin.json" >> $GITHUB_OUTPUT + else + echo "Could not find plugin.json" + exit 1 + fi + + - name: Read current version + id: current_version + run: | + PLUGIN_JSON="${{ steps.find_plugin.outputs.path }}" + VERSION=$(grep -o '"version": *"[^"]*"' "$PLUGIN_JSON" | head -1 | grep -o '[0-9]*\.[0-9]*\.[0-9]*') + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "Current version: $VERSION" + + - name: Calculate new version + id: new_version + run: | + VERSION="${{ steps.current_version.outputs.version }}" + BUMP_TYPE="${{ steps.bump_type.outputs.type }}" + + IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION" + + case "$BUMP_TYPE" in + major) + MAJOR=$((MAJOR + 1)) + MINOR=0 + PATCH=0 + ;; + minor) + MINOR=$((MINOR + 1)) + PATCH=0 + ;; + patch) + PATCH=$((PATCH + 1)) + ;; + esac + + NEW_VERSION="$MAJOR.$MINOR.$PATCH" + echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT + echo "Bumping version: $VERSION → $NEW_VERSION ($BUMP_TYPE)" + + - name: Update version in plugin.json + run: | + PLUGIN_JSON="${{ steps.find_plugin.outputs.path }}" + OLD_VERSION="${{ steps.current_version.outputs.version }}" + NEW_VERSION="${{ steps.new_version.outputs.version }}" + + sed -i "s/\"version\": *\"$OLD_VERSION\"/\"version\": \"$NEW_VERSION\"/" "$PLUGIN_JSON" + + echo "Updated $PLUGIN_JSON:" + grep version "$PLUGIN_JSON" + + - name: Commit version bump + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + git add . + git commit -m "chore: bump version to ${{ steps.new_version.outputs.version }}" + git push diff --git a/README.md b/README.md new file mode 100644 index 0000000..d8244dc --- /dev/null +++ b/README.md @@ -0,0 +1,12 @@ +# Semgrep MCP Marketplace + + This repo is where the Semgrep Cursor Plugin lives. + + To use the Semgrep plugin: + 1. Install the plugin from the Cursor Plugin Marketplace + + 1. Run the `/semgrep-plugin:setup_semgrep_plugin` command. + + ## Contributing + + This plugin is managed by the [mcp-marketplace-template](https://github.com/semgrep/mcp-marketplace-template) repository. Changes should be made there and synced via automated PRs. diff --git a/hooks/hooks.json b/hooks/hooks.json new file mode 100644 index 0000000..fd75298 --- /dev/null +++ b/hooks/hooks.json @@ -0,0 +1,15 @@ +{ + "version": 1, + "hooks": { + "afterFileEdit": [ + { + "command": "semgrep mcp -k record-file-edit -a cursor" + } + ], + "stop": [ + { + "command": "semgrep mcp -k stop-cli-scan -a cursor" + } + ] + } +} diff --git a/mcp.json b/mcp.json new file mode 100644 index 0000000..e05488a --- /dev/null +++ b/mcp.json @@ -0,0 +1,10 @@ +{ + "mcpServers": { + "semgrep": { + "command": "semgrep", + "args": [ + "mcp" + ] + } + } +} diff --git a/semgrep-version b/semgrep-version new file mode 100644 index 0000000..7749f24 --- /dev/null +++ b/semgrep-version @@ -0,0 +1 @@ +1.146.0 diff --git a/skills/setup_semgrep_plugin.md b/skills/setup_semgrep_plugin.md new file mode 100644 index 0000000..5fa3bbd --- /dev/null +++ b/skills/setup_semgrep_plugin.md @@ -0,0 +1,48 @@ +# Setup Semgrep Plugin + +Follow these steps to set up the Semgrep plugin: + +## 1. Install Semgrep + +Check if Semgrep is installed, and install it if not: + +```bash +which semgrep || brew install semgrep +``` + +## 2. Authenticate with Semgrep + +Log in to Semgrep (this will open a browser window): + +```bash +semgrep login --force +``` + +## 3. Install Semgrep Pro Engine + +Install the Pro engine for enhanced scanning capabilities: + +```bash +semgrep install-semgrep-pro || true +``` + +## 4. Verify Installation + +Confirm everything is working: + +```bash +semgrep --pro --version +``` + +## 5. Check Version Compatibility + +Verify your Semgrep version is >= 1.146.0: + +```bash +semgrep --version +``` + +If your version is older than 1.146.0, please update: +```bash +brew upgrade semgrep +```