2023-08-10 09:06:00 +00:00
|
|
|
// Copyright 2023 Woodpecker Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2021-09-27 00:38:15 +00:00
|
|
|
package lint
|
|
|
|
|
|
|
|
import (
|
2024-07-17 23:26:35 +00:00
|
|
|
"context"
|
2021-09-27 00:38:15 +00:00
|
|
|
"fmt"
|
|
|
|
"os"
|
2023-11-03 10:44:03 +00:00
|
|
|
"path"
|
2021-09-27 00:38:15 +00:00
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
|
2024-07-17 23:26:35 +00:00
|
|
|
"github.com/urfave/cli/v3"
|
2021-10-12 07:25:13 +00:00
|
|
|
|
2023-12-08 07:15:08 +00:00
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/cli/common"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/linter"
|
2024-09-01 18:41:10 +00:00
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/shared/constant"
|
2021-09-27 00:38:15 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Command exports the info command.
|
2021-10-27 19:03:14 +00:00
|
|
|
var Command = &cli.Command{
|
2021-09-27 00:38:15 +00:00
|
|
|
Name: "lint",
|
|
|
|
Usage: "lint a pipeline configuration file",
|
2023-04-29 08:12:36 +00:00
|
|
|
ArgsUsage: "[path/to/.woodpecker.yaml]",
|
2021-09-27 00:38:15 +00:00
|
|
|
Action: lint,
|
2024-09-01 18:41:10 +00:00
|
|
|
Flags: []cli.Flag{
|
2024-09-02 08:41:20 +00:00
|
|
|
&cli.StringSliceFlag{
|
|
|
|
Sources: cli.EnvVars("WOODPECKER_PLUGINS_PRIVILEGED"),
|
|
|
|
Name: "plugins-privileged",
|
2024-11-30 14:23:44 +00:00
|
|
|
Usage: "allow plugins to run in privileged mode, if set empty, there is no",
|
2024-09-02 08:41:20 +00:00
|
|
|
},
|
2024-09-01 18:41:10 +00:00
|
|
|
&cli.StringSliceFlag{
|
|
|
|
Sources: cli.EnvVars("WOODPECKER_PLUGINS_TRUSTED_CLONE"),
|
|
|
|
Name: "plugins-trusted-clone",
|
2024-11-30 14:23:44 +00:00
|
|
|
Usage: "plugins that are trusted to handle Git credentials in cloning steps",
|
2024-09-01 18:41:10 +00:00
|
|
|
Value: constant.TrustedClonePlugins,
|
|
|
|
},
|
2024-11-13 15:28:02 +00:00
|
|
|
&cli.BoolFlag{
|
|
|
|
Sources: cli.EnvVars("WOODPECKER_LINT_STRICT"),
|
|
|
|
Name: "strict",
|
|
|
|
Usage: "treat warnings as errors",
|
|
|
|
},
|
2024-09-01 18:41:10 +00:00
|
|
|
},
|
2021-09-27 00:38:15 +00:00
|
|
|
}
|
|
|
|
|
2024-07-17 23:26:35 +00:00
|
|
|
func lint(ctx context.Context, c *cli.Command) error {
|
|
|
|
return common.RunPipelineFunc(ctx, c, lintFile, lintDir)
|
2021-12-13 18:51:53 +00:00
|
|
|
}
|
2021-09-27 00:38:15 +00:00
|
|
|
|
2024-07-17 23:26:35 +00:00
|
|
|
func lintDir(ctx context.Context, c *cli.Command, dir string) error {
|
2022-07-17 16:25:56 +00:00
|
|
|
var errorStrings []string
|
|
|
|
if err := filepath.Walk(dir, func(path string, info os.FileInfo, e error) error {
|
2021-09-27 00:38:15 +00:00
|
|
|
if e != nil {
|
|
|
|
return e
|
|
|
|
}
|
|
|
|
|
|
|
|
// check if it is a regular file (not dir)
|
2023-04-29 08:12:36 +00:00
|
|
|
if info.Mode().IsRegular() && (strings.HasSuffix(info.Name(), ".yaml") || strings.HasSuffix(info.Name(), ".yml")) {
|
2021-09-27 00:38:15 +00:00
|
|
|
fmt.Println("#", info.Name())
|
2024-07-17 23:26:35 +00:00
|
|
|
if err := lintFile(ctx, c, path); err != nil {
|
2022-07-17 16:25:56 +00:00
|
|
|
errorStrings = append(errorStrings, err.Error())
|
|
|
|
}
|
2021-09-27 00:38:15 +00:00
|
|
|
fmt.Println("")
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
2022-07-17 16:25:56 +00:00
|
|
|
}); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(errorStrings) != 0 {
|
|
|
|
return fmt.Errorf("ERRORS: %s", strings.Join(errorStrings, "; "))
|
|
|
|
}
|
|
|
|
return nil
|
2021-09-27 00:38:15 +00:00
|
|
|
}
|
|
|
|
|
2024-09-01 18:41:10 +00:00
|
|
|
func lintFile(_ context.Context, c *cli.Command, file string) error {
|
2022-04-19 08:40:48 +00:00
|
|
|
fi, err := os.Open(file)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer fi.Close()
|
|
|
|
|
2023-11-03 10:44:03 +00:00
|
|
|
buf, err := os.ReadFile(file)
|
2021-09-27 00:38:15 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-11-03 10:44:03 +00:00
|
|
|
rawConfig := string(buf)
|
|
|
|
|
2024-09-01 18:41:10 +00:00
|
|
|
parsedConfig, err := yaml.ParseString(rawConfig)
|
2023-11-03 10:44:03 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-11-04 14:30:47 +00:00
|
|
|
config := &linter.WorkflowConfig{
|
|
|
|
File: path.Base(file),
|
|
|
|
RawConfig: rawConfig,
|
2024-09-01 18:41:10 +00:00
|
|
|
Workflow: parsedConfig,
|
2023-11-04 14:30:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: lint multiple files at once to allow checks for sth like "depends_on" to work
|
2024-09-01 18:41:10 +00:00
|
|
|
err = linter.New(
|
2024-11-01 20:37:31 +00:00
|
|
|
linter.WithTrusted(linter.TrustedConfiguration{
|
|
|
|
Network: true,
|
|
|
|
Volumes: true,
|
|
|
|
Security: true,
|
|
|
|
}),
|
2024-09-02 08:41:20 +00:00
|
|
|
linter.PrivilegedPlugins(c.StringSlice("plugins-privileged")),
|
2024-09-01 18:41:10 +00:00
|
|
|
linter.WithTrustedClonePlugins(c.StringSlice("plugins-trusted-clone")),
|
|
|
|
).Lint([]*linter.WorkflowConfig{config})
|
2023-11-03 10:44:03 +00:00
|
|
|
if err != nil {
|
2024-11-13 15:28:02 +00:00
|
|
|
str, err := FormatLintError(config.File, err, c.Bool("strict"))
|
2023-11-03 10:44:03 +00:00
|
|
|
|
2024-07-03 14:22:09 +00:00
|
|
|
if str != "" {
|
|
|
|
fmt.Print(str)
|
2023-11-03 10:44:03 +00:00
|
|
|
}
|
|
|
|
|
2024-07-03 14:22:09 +00:00
|
|
|
return err
|
2023-11-03 10:44:03 +00:00
|
|
|
}
|
|
|
|
|
2021-09-27 00:38:15 +00:00
|
|
|
fmt.Println("✅ Config is valid")
|
|
|
|
return nil
|
|
|
|
}
|