From a50dc3d69be5b92e970f6c4372edf833b81a8232 Mon Sep 17 00:00:00 2001
From: Drew Dennison <drew@r2c.dev>
Date: Tue, 15 Jul 2025 20:31:58 -0700
Subject: [PATCH 1/4] use semgrep ci --dry-run as a hack

---
 src/semgrep_mcp/server.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/semgrep_mcp/server.py b/src/semgrep_mcp/server.py
index 3798da1..c655526 100755
--- a/src/semgrep_mcp/server.py
+++ b/src/semgrep_mcp/server.py
@@ -293,6 +293,8 @@ def get_semgrep_scan_args(temp_dir: str, config: str | None = None) -> list[str]
     # if no config is provided to allow for either the default "auto"
     # or whatever the logged in config is
     args = ["scan", "--json", "--experimental"]  # avoid the extra exec
+    if os.environ.get("SEMGREP_API_TOKEN"):
+        return ["ci", "--dry-run", "--json", "--experimental"]
     if config:
         args.extend(["--config", config])
     args.append(temp_dir)

From 76ad5c0e45c0032df398e5cb6590ba8e285461bf Mon Sep 17 00:00:00 2001
From: Drew Dennison <drew@r2c.dev>
Date: Tue, 15 Jul 2025 20:38:44 -0700
Subject: [PATCH 2/4] docker push on PR

---
 .github/workflows/docker.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index e6c992e..e2b6680 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -71,7 +71,6 @@ jobs:
         uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           platforms: ${{ env.PLATFORMS }}
-          push: ${{ github.event_name != 'pull_request' }}
           sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

From cd772aff11749705bb3bee5a525750fd1a4fd1e9 Mon Sep 17 00:00:00 2001
From: Drew Dennison <drew@r2c.dev>
Date: Tue, 15 Jul 2025 20:44:06 -0700
Subject: [PATCH 3/4] fixup

---
 .github/workflows/docker.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index e2b6680..09773fc 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -71,6 +71,7 @@ jobs:
         uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           platforms: ${{ env.PLATFORMS }}
+          push: true
           sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

From 3ec3167a2cd2b9dcee2620c5815d5693fa0f0731 Mon Sep 17 00:00:00 2001
From: Drew Dennison <drew@r2c.dev>
Date: Tue, 15 Jul 2025 20:47:36 -0700
Subject: [PATCH 4/4] use workflow dispatch

---
 .github/workflows/docker.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 09773fc..dad1275 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -8,6 +8,7 @@ on:
       - "v*.*.*"
   pull_request:
     branches: ['main']
+  workflow_dispatch:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
@@ -71,7 +72,7 @@ jobs:
         uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           platforms: ${{ env.PLATFORMS }}
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}