2019-04-06 13:44:04 +00:00
|
|
|
package linter
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2021-09-24 11:18:34 +00:00
|
|
|
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml"
|
2019-04-06 13:44:04 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestLint(t *testing.T) {
|
2022-06-13 21:13:09 +00:00
|
|
|
testdatas := []struct{ Title, Data string }{{Title: "map", Data: `
|
2023-06-07 10:04:37 +00:00
|
|
|
steps:
|
2019-04-06 13:44:04 +00:00
|
|
|
build:
|
|
|
|
image: docker
|
|
|
|
privileged: true
|
|
|
|
network_mode: host
|
|
|
|
volumes:
|
|
|
|
- /tmp:/tmp
|
|
|
|
commands:
|
|
|
|
- go build
|
|
|
|
- go test
|
|
|
|
publish:
|
|
|
|
image: plugins/docker
|
|
|
|
repo: foo/bar
|
2021-12-04 15:44:18 +00:00
|
|
|
settings:
|
|
|
|
foo: bar
|
2019-04-06 13:44:04 +00:00
|
|
|
services:
|
|
|
|
redis:
|
|
|
|
image: redis
|
2022-06-13 21:13:09 +00:00
|
|
|
`}, {Title: "list", Data: `
|
2023-06-07 10:04:37 +00:00
|
|
|
steps:
|
2022-06-13 21:13:09 +00:00
|
|
|
- name: build
|
|
|
|
image: docker
|
|
|
|
privileged: true
|
|
|
|
network_mode: host
|
|
|
|
volumes:
|
|
|
|
- /tmp:/tmp
|
|
|
|
commands:
|
|
|
|
- go build
|
|
|
|
- go test
|
|
|
|
- name: publish
|
|
|
|
image: plugins/docker
|
|
|
|
repo: foo/bar
|
|
|
|
settings:
|
|
|
|
foo: bar
|
2023-04-29 12:49:41 +00:00
|
|
|
`}, {
|
|
|
|
Title: "merge maps", Data: `
|
|
|
|
variables:
|
|
|
|
step_template: &base-step
|
|
|
|
image: golang:1.19
|
|
|
|
commands:
|
|
|
|
- go version
|
|
|
|
|
2023-06-07 10:04:37 +00:00
|
|
|
steps:
|
2023-04-29 12:49:41 +00:00
|
|
|
test base step:
|
|
|
|
<<: *base-step
|
|
|
|
test base step with latest image:
|
|
|
|
<<: *base-step
|
|
|
|
image: golang:latest
|
|
|
|
`,
|
|
|
|
}}
|
2019-04-06 13:44:04 +00:00
|
|
|
|
2022-06-13 21:13:09 +00:00
|
|
|
for _, testd := range testdatas {
|
|
|
|
t.Run(testd.Title, func(t *testing.T) {
|
|
|
|
conf, err := yaml.ParseString(testd.Data)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Cannot unmarshal yaml %q. Error: %s", testd, err)
|
|
|
|
}
|
|
|
|
if err := New(WithTrusted(true)).Lint(conf); err != nil {
|
|
|
|
t.Errorf("Expected lint returns no errors, got %q", err)
|
|
|
|
}
|
|
|
|
})
|
2019-04-06 13:44:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLintErrors(t *testing.T) {
|
|
|
|
testdata := []struct {
|
|
|
|
from string
|
|
|
|
want string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
from: "",
|
|
|
|
want: "Invalid or missing pipeline section",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: '' } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Invalid or missing image",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, privileged: true } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use privileged mode",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, shm_size: 10gb } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to override shm_size",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, dns: [ 8.8.8.8 ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use custom dns",
|
|
|
|
},
|
|
|
|
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, dns_search: [ example.com ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use dns_search",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, devices: [ '/dev/tty0:/dev/tty0' ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use devices",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, extra_hosts: [ 'somehost:162.242.195.82' ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use extra_hosts",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, network_mode: host } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use network_mode",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, networks: [ outside, default ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use networks",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, volumes: [ '/opt/data:/var/lib/mysql' ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use volumes",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, network_mode: 'container:name' } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use network_mode",
|
|
|
|
},
|
|
|
|
{
|
2023-06-07 10:04:37 +00:00
|
|
|
from: "steps: { build: { image: golang, sysctls: [ net.core.somaxconn=1024 ] } }",
|
2019-04-06 13:44:04 +00:00
|
|
|
want: "Insufficient privileges to use sysctls",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testdata {
|
|
|
|
conf, err := yaml.ParseString(test.from)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Cannot unmarshal yaml %q. Error: %s", test.from, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
lerr := New().Lint(conf)
|
|
|
|
if lerr == nil {
|
|
|
|
t.Errorf("Expected lint error for configuration %q", test.from)
|
|
|
|
} else if lerr.Error() != test.want {
|
|
|
|
t.Errorf("Want error %q, got %q", test.want, lerr.Error())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|