2023-08-10 09:06:00 +00:00
|
|
|
// Copyright 2023 Woodpecker Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2023-11-04 14:30:47 +00:00
|
|
|
package linter_test
|
2019-04-06 13:44:04 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2023-11-03 10:44:03 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2023-12-07 15:56:13 +00:00
|
|
|
|
2023-12-08 07:15:08 +00:00
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/errors"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/linter"
|
2019-04-06 13:44:04 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestLint(t *testing.T) {
|
2023-08-07 13:39:58 +00:00
|
|
|
testdatas := []struct{ Title, Data string }{{
|
|
|
|
Title: "map", Data: `
|
2024-02-10 16:33:05 +00:00
|
|
|
when:
|
|
|
|
event: push
|
|
|
|
|
2023-06-07 10:04:37 +00:00
|
|
|
steps:
|
2019-04-06 13:44:04 +00:00
|
|
|
build:
|
|
|
|
image: docker
|
|
|
|
volumes:
|
|
|
|
- /tmp:/tmp
|
|
|
|
commands:
|
|
|
|
- go build
|
|
|
|
- go test
|
|
|
|
publish:
|
|
|
|
image: plugins/docker
|
2021-12-04 15:44:18 +00:00
|
|
|
settings:
|
2023-11-03 10:44:03 +00:00
|
|
|
repo: foo/bar
|
2021-12-04 15:44:18 +00:00
|
|
|
foo: bar
|
2019-04-06 13:44:04 +00:00
|
|
|
services:
|
|
|
|
redis:
|
|
|
|
image: redis
|
2023-08-07 13:39:58 +00:00
|
|
|
`,
|
|
|
|
}, {
|
|
|
|
Title: "list", Data: `
|
2024-02-10 16:33:05 +00:00
|
|
|
when:
|
|
|
|
event: push
|
|
|
|
|
2023-06-07 10:04:37 +00:00
|
|
|
steps:
|
2022-06-13 21:13:09 +00:00
|
|
|
- name: build
|
|
|
|
image: docker
|
|
|
|
volumes:
|
|
|
|
- /tmp:/tmp
|
|
|
|
commands:
|
|
|
|
- go build
|
|
|
|
- go test
|
|
|
|
- name: publish
|
|
|
|
image: plugins/docker
|
|
|
|
settings:
|
2023-11-03 10:44:03 +00:00
|
|
|
repo: foo/bar
|
2022-06-13 21:13:09 +00:00
|
|
|
foo: bar
|
2023-12-07 15:56:13 +00:00
|
|
|
services:
|
|
|
|
- name: redis
|
|
|
|
image: redis
|
2023-08-07 13:39:58 +00:00
|
|
|
`,
|
|
|
|
}, {
|
2023-04-29 12:49:41 +00:00
|
|
|
Title: "merge maps", Data: `
|
2024-02-10 16:33:05 +00:00
|
|
|
when:
|
|
|
|
event: push
|
|
|
|
|
2023-04-29 12:49:41 +00:00
|
|
|
variables:
|
|
|
|
step_template: &base-step
|
|
|
|
image: golang:1.19
|
|
|
|
commands:
|
|
|
|
- go version
|
|
|
|
|
2023-06-07 10:04:37 +00:00
|
|
|
steps:
|
2023-04-29 12:49:41 +00:00
|
|
|
test base step:
|
|
|
|
<<: *base-step
|
|
|
|
test base step with latest image:
|
|
|
|
<<: *base-step
|
|
|
|
image: golang:latest
|
|
|
|
`,
|
|
|
|
}}
|
2019-04-06 13:44:04 +00:00
|
|
|
|
2022-06-13 21:13:09 +00:00
|
|
|
for _, testd := range testdatas {
|
|
|
|
t.Run(testd.Title, func(t *testing.T) {
|
|
|
|
conf, err := yaml.ParseString(testd.Data)
|
2024-01-14 18:33:58 +00:00
|
|
|
assert.NoError(t, err)
|
2023-11-03 10:44:03 +00:00
|
|
|
|
2024-01-14 18:33:58 +00:00
|
|
|
assert.NoError(t, linter.New(linter.WithTrusted(true)).Lint([]*linter.WorkflowConfig{{
|
2023-11-04 14:30:47 +00:00
|
|
|
File: testd.Title,
|
|
|
|
RawConfig: testd.Data,
|
|
|
|
Workflow: conf,
|
2024-01-14 18:33:58 +00:00
|
|
|
}}), "expected lint returns no errors")
|
2022-06-13 21:13:09 +00:00
|
|
|
})
|
2019-04-06 13:44:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLintErrors(t *testing.T) {
|
|
|
|
testdata := []struct {
|
|
|
|
from string
|
|
|
|
want string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
from: "",
|
2023-11-03 10:44:03 +00:00
|
|
|
want: "Invalid or missing steps section",
|
2019-04-06 13:44:04 +00:00
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: '' } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Invalid or missing image",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, privileged: true } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use privileged mode",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, shm_size: 10gb } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to override shm_size",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, dns: [ 8.8.8.8 ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use custom dns",
|
|
|
|
},
|
|
|
|
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, dns_search: [ example.com ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use dns_search",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, devices: [ '/dev/tty0:/dev/tty0' ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use devices",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, extra_hosts: [ 'somehost:162.242.195.82' ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use extra_hosts",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, network_mode: host } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use network_mode",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, volumes: [ '/opt/data:/var/lib/mysql' ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use volumes",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, network_mode: 'container:name' } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use network_mode",
|
|
|
|
},
|
2024-07-14 21:35:19 +00:00
|
|
|
{
|
|
|
|
from: "steps: { build: { image: golang, settings: { test: 'true' }, commands: [ 'echo ja', 'echo nein' ] } }",
|
|
|
|
want: "Cannot configure both commands and settings",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
from: "steps: { build: { image: golang, settings: { test: 'true' }, entrypoint: [ '/bin/fish' ] } }",
|
|
|
|
want: "Cannot configure both entrypoint and settings",
|
|
|
|
},
|
|
|
|
{
|
2024-11-17 07:17:09 +00:00
|
|
|
from: "steps: { build: { image: golang, settings: { test: 'true' }, environment: { TEST: 'true' } } }",
|
2024-08-16 15:08:06 +00:00
|
|
|
want: "Should not configure both environment and settings",
|
2024-07-14 21:35:19 +00:00
|
|
|
},
|
2024-09-05 17:30:03 +00:00
|
|
|
{
|
|
|
|
from: "{steps: { build: { image: plugins/docker, settings: { test: 'true' } } }, when: { branch: main, event: push } } }",
|
|
|
|
want: "Cannot use once by default privileged plugin 'plugins/docker', if needed add it too WOODPECKER_PLUGINS_PRIVILEGED",
|
|
|
|
},
|
2024-11-17 07:17:09 +00:00
|
|
|
{
|
|
|
|
from: "steps: { build: { image: golang, environment: [ 'TEST=true' ] } }",
|
|
|
|
want: "List syntax for `environment` is deprecated, use map syntax instead",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
from: "steps: { build: { image: golang, secrets: [ { source: mysql_username, target: mysql_username } ] } }",
|
2024-11-18 20:26:46 +00:00
|
|
|
want: "Secrets are deprecated, use environment with from_secret",
|
2024-11-17 07:17:09 +00:00
|
|
|
},
|
2019-04-06 13:44:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testdata {
|
2023-12-28 13:34:13 +00:00
|
|
|
conf, err := yaml.ParseString(test.from)
|
2024-01-14 18:33:58 +00:00
|
|
|
assert.NoError(t, err)
|
2019-04-06 13:44:04 +00:00
|
|
|
|
2024-09-05 17:30:03 +00:00
|
|
|
lerr := linter.New(
|
|
|
|
linter.PrivilegedPlugins([]string{"woodpeckerci/plugin-docker-buildx"}),
|
|
|
|
).Lint([]*linter.WorkflowConfig{{
|
2023-11-04 14:30:47 +00:00
|
|
|
File: test.from,
|
|
|
|
RawConfig: test.from,
|
|
|
|
Workflow: conf,
|
|
|
|
}})
|
2024-01-14 18:33:58 +00:00
|
|
|
assert.Error(t, lerr, "expected lint error for configuration", test.from)
|
2023-11-03 10:44:03 +00:00
|
|
|
|
|
|
|
lerrors := errors.GetPipelineErrors(lerr)
|
|
|
|
found := false
|
|
|
|
for _, lerr := range lerrors {
|
|
|
|
if lerr.Message == test.want {
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert.True(t, found, "Expected error %q, got %q", test.want, lerrors)
|
2019-04-06 13:44:04 +00:00
|
|
|
}
|
|
|
|
}
|
2024-02-10 16:33:05 +00:00
|
|
|
|
|
|
|
func TestBadHabits(t *testing.T) {
|
|
|
|
testdata := []struct {
|
|
|
|
from string
|
|
|
|
want string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
from: "steps: { build: { image: golang } }",
|
2024-04-24 14:07:16 +00:00
|
|
|
want: "Please set an event filter for all steps or the whole workflow on all items of the when block",
|
2024-02-10 16:33:05 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
from: "when: [{branch: xyz}, {event: push}]\nsteps: { build: { image: golang } }",
|
2024-04-24 14:07:16 +00:00
|
|
|
want: "Please set an event filter for all steps or the whole workflow on all items of the when block",
|
2024-02-10 16:33:05 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testdata {
|
|
|
|
conf, err := yaml.ParseString(test.from)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
lerr := linter.New().Lint([]*linter.WorkflowConfig{{
|
|
|
|
File: test.from,
|
|
|
|
RawConfig: test.from,
|
|
|
|
Workflow: conf,
|
|
|
|
}})
|
|
|
|
assert.Error(t, lerr, "expected lint error for configuration", test.from)
|
|
|
|
|
|
|
|
lerrors := errors.GetPipelineErrors(lerr)
|
|
|
|
found := false
|
|
|
|
for _, lerr := range lerrors {
|
|
|
|
if lerr.Message == test.want {
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert.True(t, found, "Expected error %q, got %q", test.want, lerrors)
|
|
|
|
}
|
|
|
|
}
|