From cee34b4f695520dd1ea2cf1d680c0bd63a8de3cc Mon Sep 17 00:00:00 2001
From: Leif <leifdreizler@gmail.com>
Date: Wed, 29 Apr 2026 10:06:51 -0700
Subject: [PATCH 1/3] ci: pass NO_COLOR=1 to semgrep help docker runs

The semgrep 1.161.0 image emits ANSI color escape codes even when stdout
is piped, which causes the auto-generated help PR to be filled with
literal escape sequences (e.g. `^[[4mUsage^[[24m`) instead of clean text.
Setting NO_COLOR=1 on the docker invocation suppresses color output and
restores clean diffs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/update-help-command.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/update-help-command.yml b/.github/workflows/update-help-command.yml
index a1bcaf809..7817181d2 100644
--- a/.github/workflows/update-help-command.yml
+++ b/.github/workflows/update-help-command.yml
@@ -34,17 +34,17 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Run `semgrep --help` and update reference file with output
         run: |
-          docker run --rm semgrep/semgrep:$LATEST_VERSION semgrep --help | tee src/components/reference/_cli-help-output.md
+          docker run --rm -e NO_COLOR=1 semgrep/semgrep:$LATEST_VERSION semgrep --help | tee src/components/reference/_cli-help-output.md
           sed -i '1i```' src/components/reference/_cli-help-output.md
           echo '```' >> src/components/reference/_cli-help-output.md
       - name: Run `semgrep scan --help` and update reference file with output
         run: |
-          docker run --rm semgrep/semgrep:$LATEST_VERSION semgrep scan --help | tee src/components/reference/_cli-help-scan-output.md
+          docker run --rm -e NO_COLOR=1 semgrep/semgrep:$LATEST_VERSION semgrep scan --help | tee src/components/reference/_cli-help-scan-output.md
           sed -i '1i```' src/components/reference/_cli-help-scan-output.md
           echo '```' >> src/components/reference/_cli-help-scan-output.md
       - name: Run `semgrep ci --help` and update reference file with output
         run: |
-          docker run --rm semgrep/semgrep:$LATEST_VERSION semgrep ci --help | tee src/components/reference/_cli-help-ci-output.md
+          docker run --rm -e NO_COLOR=1 semgrep/semgrep:$LATEST_VERSION semgrep ci --help | tee src/components/reference/_cli-help-ci-output.md
           sed -i '1i```' src/components/reference/_cli-help-ci-output.md
           echo '```' >> src/components/reference/_cli-help-ci-output.md
       - name: Commit changes, if any

From 509bd2a1e6b7471c96cb7f27ca4f8f236a7f1162 Mon Sep 17 00:00:00 2001
From: Leif <leifdreizler@gmail.com>
Date: Wed, 29 Apr 2026 10:12:45 -0700
Subject: [PATCH 2/3] ci: try TERM=dumb instead of NO_COLOR=1

semgrep's NO_COLOR support (semgrep/semgrep#4742) only covers findings
output, not the Click/rich-click `--help` formatter. Try TERM=dumb,
which rich-click's terminal detection may respect, before falling back
to ANSI stripping.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/update-help-command.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/update-help-command.yml b/.github/workflows/update-help-command.yml
index 7817181d2..5e98582a8 100644
--- a/.github/workflows/update-help-command.yml
+++ b/.github/workflows/update-help-command.yml
@@ -34,17 +34,17 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Run `semgrep --help` and update reference file with output
         run: |
-          docker run --rm -e NO_COLOR=1 semgrep/semgrep:$LATEST_VERSION semgrep --help | tee src/components/reference/_cli-help-output.md
+          docker run --rm -e TERM=dumb semgrep/semgrep:$LATEST_VERSION semgrep --help | tee src/components/reference/_cli-help-output.md
           sed -i '1i```' src/components/reference/_cli-help-output.md
           echo '```' >> src/components/reference/_cli-help-output.md
       - name: Run `semgrep scan --help` and update reference file with output
         run: |
-          docker run --rm -e NO_COLOR=1 semgrep/semgrep:$LATEST_VERSION semgrep scan --help | tee src/components/reference/_cli-help-scan-output.md
+          docker run --rm -e TERM=dumb semgrep/semgrep:$LATEST_VERSION semgrep scan --help | tee src/components/reference/_cli-help-scan-output.md
           sed -i '1i```' src/components/reference/_cli-help-scan-output.md
           echo '```' >> src/components/reference/_cli-help-scan-output.md
       - name: Run `semgrep ci --help` and update reference file with output
         run: |
-          docker run --rm -e NO_COLOR=1 semgrep/semgrep:$LATEST_VERSION semgrep ci --help | tee src/components/reference/_cli-help-ci-output.md
+          docker run --rm -e TERM=dumb semgrep/semgrep:$LATEST_VERSION semgrep ci --help | tee src/components/reference/_cli-help-ci-output.md
           sed -i '1i```' src/components/reference/_cli-help-ci-output.md
           echo '```' >> src/components/reference/_cli-help-ci-output.md
       - name: Commit changes, if any

From 23d4e6fcf141969643742cb9336228fae7e81ee7 Mon Sep 17 00:00:00 2001
From: Leif <leifdreizler@gmail.com>
Date: Wed, 29 Apr 2026 10:17:03 -0700
Subject: [PATCH 3/3] ci: strip ANSI escape codes from semgrep help output
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

NO_COLOR and TERM=dumb are both ignored by the Click/rich-click help
formatter that semgrep uses (semgrep's NO_COLOR support only covers
findings output via with_color()). Pipe the output through sed to strip
CSI escape sequences instead — this works regardless of how semgrep
chooses to format its help text.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/update-help-command.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/update-help-command.yml b/.github/workflows/update-help-command.yml
index 5e98582a8..ace38aa06 100644
--- a/.github/workflows/update-help-command.yml
+++ b/.github/workflows/update-help-command.yml
@@ -34,17 +34,17 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Run `semgrep --help` and update reference file with output
         run: |
-          docker run --rm -e TERM=dumb semgrep/semgrep:$LATEST_VERSION semgrep --help | tee src/components/reference/_cli-help-output.md
+          docker run --rm semgrep/semgrep:$LATEST_VERSION semgrep --help | sed -r 's/\x1B\[[0-9;]*[a-zA-Z]//g' | tee src/components/reference/_cli-help-output.md
           sed -i '1i```' src/components/reference/_cli-help-output.md
           echo '```' >> src/components/reference/_cli-help-output.md
       - name: Run `semgrep scan --help` and update reference file with output
         run: |
-          docker run --rm -e TERM=dumb semgrep/semgrep:$LATEST_VERSION semgrep scan --help | tee src/components/reference/_cli-help-scan-output.md
+          docker run --rm semgrep/semgrep:$LATEST_VERSION semgrep scan --help | sed -r 's/\x1B\[[0-9;]*[a-zA-Z]//g' | tee src/components/reference/_cli-help-scan-output.md
           sed -i '1i```' src/components/reference/_cli-help-scan-output.md
           echo '```' >> src/components/reference/_cli-help-scan-output.md
       - name: Run `semgrep ci --help` and update reference file with output
         run: |
-          docker run --rm -e TERM=dumb semgrep/semgrep:$LATEST_VERSION semgrep ci --help | tee src/components/reference/_cli-help-ci-output.md
+          docker run --rm semgrep/semgrep:$LATEST_VERSION semgrep ci --help | sed -r 's/\x1B\[[0-9;]*[a-zA-Z]//g' | tee src/components/reference/_cli-help-ci-output.md
           sed -i '1i```' src/components/reference/_cli-help-ci-output.md
           echo '```' >> src/components/reference/_cli-help-ci-output.md
       - name: Commit changes, if any