init commit

Author: semgrep-jamie

.github/workflows/publish.yml

@@ -0,0 +1,50 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'Dockerfile'
+      - 'convert-nuget.js'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/semgrep/convert-nuget
+          tags: |
+            type=ref,event=branch
+            type=sha,prefix={{branch}}-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+

.gitignore

@@ -0,0 +1,6 @@
+# Sample packages.config file
+packages.config
+
+# Generated lock files
+packages.lock.json
+

Dockerfile

@@ -0,0 +1,21 @@
+# Build on the official .NET SDK image (Debian-based)
+# Using 8.0 LTS for stability and long-term support
+FROM mcr.microsoft.com/dotnet/sdk:8.0
+
+# Install Node.js (required for the script)
+RUN apt-get update && apt-get install -y --no-install-recommends curl \
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create a workspace and copy entrypoint script
+WORKDIR /tool
+COPY convert-nuget.js /tool/convert-nuget.js
+
+RUN chmod +x /tool/convert-nuget.js
+
+# Default entrypoint: process current working directory
+# The working directory should be mounted as a volume when running:
+# docker run -v "$(pwd):/workspace" -w /workspace <image> [options]
+ENTRYPOINT ["node", "/tool/convert-nuget.js"]

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025 the copyright holders
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

@@ -0,0 +1,111 @@
+# convert-nuget
+
+Recursively searches for `packages.config` files and converts each to `packages.lock.json`. The generated files are created in the same directory as each discovered `packages.config` file.
+
+## Manual Usage
+
+```bash
+node convert-nuget.js [--tfm <TFM>] [--root <DIR>]
+
+# Example: scan from current directory
+node convert-nuget.js
+
+# Example: scan with custom target framework
+node convert-nuget.js --tfm net48
+
+# Example: scan from a specific directory
+node convert-nuget.js --root ./projects
+```
+
+## Local Docker Usage
+
+Pull the Docker image from GitHub Container Registry and run it locally:
+
+```bash
+# Pull the latest image
+docker pull ghcr.io/semgrep/convert-nuget
+
+# Run the conversion (scan from current directory)
+docker run --rm -v $(pwd):/workspace -w /workspace ghcr.io/semgrep/convert-nuget
+
+# Run the conversion (scan from a specific subdirectory)
+docker run --rm -v $(pwd):/workspace -w /workspace ghcr.io/semgrep/convert-nuget --root /workspace/some/subdirectory
+
+# Run with custom target framework
+docker run --rm -v $(pwd):/workspace -w /workspace ghcr.io/semgrep/convert-nuget --tfm net48
+```
+
+## Docker CI Usage
+
+```yaml
+# GitHub Actions example
+- name: Convert packages.config
+  run: |
+    docker run -v ${{ github.workspace }}:/workspace -w /workspace ghcr.io/semgrep/convert-nuget
+
+# GitLab CI example
+convert-nuget:
+  script:
+    - docker run -v $PWD:/workspace -w /workspace ghcr.io/semgrep/convert-nuget
+```
+
+```bash
+# Command line
+docker run -v $(pwd):/workspace -w /workspace ghcr.io/semgrep/convert-nuget
+```
+
+## GitHub Actions Usage
+
+To automatically update & check in any changes made to packages.config, use the below action
+
+```yaml
+name: Convert packages.config to packages.lock.json
+on:
+  push:
+    paths:
+      - '**/packages.config'
+
+permissions:
+  contents: write  # needed to push commits
+
+jobs:
+  convert-nuget:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0   # so we can push back to the same ref
+
+      - name: Convert packages.config
+        run: |
+          docker run -v "${{ github.workspace }}:/workspace" -w /workspace ghcr.io/semgrep/convert-nuget
+
+      - name: Commit updated lock files (if any)
+        run: |
+          set -euo pipefail
+
+          # make the workspace safe for git (sometimes needed in CI)
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+          # author details for the commit
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # stage only lock files that changed/appeared
+          CHANGED=$(git status --porcelain -- '**/packages.lock.json' | wc -l)
+          if [ "$CHANGED" -gt 0 ]; then
+            git add **/packages.lock.json
+            git commit -m "chore(convert-nuget): update lock files after packages.config change"
+            git push
+            echo "Committed and pushed lock file updates."
+          else
+            echo "No lock file changes to commit."
+          fi
+```
+
+## Options
+
+- `--tfm <TFM>`: Target framework moniker (default: `net472`)
+- `--root <DIR>`: Root directory to search (default: current working directory)
+- `-h, --help`: Show help message