From 271d9a0d4f21377cb83739a1d1ec163b287b0647 Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Wed, 19 Aug 2015 11:23:32 -0700
Subject: [PATCH] lint after transform, remove un-needed lint rules, temp hack
 in transform

---
 pkg/yaml/lint.go                | 53 +--------------------------------
 pkg/yaml/lint_test.go           | 31 -------------------
 pkg/yaml/parse.go               | 12 ++++----
 pkg/yaml/transform/transform.go | 10 +++++++
 4 files changed, 18 insertions(+), 88 deletions(-)

diff --git a/pkg/yaml/lint.go b/pkg/yaml/lint.go
index 4584991b6..cb56c2c9a 100644
--- a/pkg/yaml/lint.go
+++ b/pkg/yaml/lint.go
@@ -17,11 +17,6 @@ var lintRules = []lintRule{
 	expectBuild,
 	expectImage,
 	expectCommand,
-	expectTrustedSetup,
-	expectTrustedClone,
-	expectTrustedPublish,
-	expectTrustedDeploy,
-	expectTrustedNotify,
 	expectCloneInWorkspace,
 	expectCacheInWorkspace,
 }
@@ -61,52 +56,6 @@ func expectCommand(c *common.Config) error {
 	return nil
 }
 
-// lint rule that fails when a non-trusted clone plugin is used.
-func expectTrustedClone(c *common.Config) error {
-	if c.Clone != nil && strings.Contains(c.Clone.Image, "/") {
-		return fmt.Errorf("Yaml must use trusted clone plugins")
-	}
-	return nil
-}
-
-// lint rule that fails when a non-trusted setup plugin is used.
-func expectTrustedSetup(c *common.Config) error {
-	if c.Setup != nil && strings.Contains(c.Setup.Image, "/") {
-		return fmt.Errorf("Yaml must use trusted setup plugins")
-	}
-	return nil
-}
-
-// lint rule that fails when a non-trusted publish plugin is used.
-func expectTrustedPublish(c *common.Config) error {
-	for _, step := range c.Publish {
-		if strings.Contains(step.Image, "/") {
-			return fmt.Errorf("Yaml must use trusted publish plugins")
-		}
-	}
-	return nil
-}
-
-// lint rule that fails when a non-trusted deploy plugin is used.
-func expectTrustedDeploy(c *common.Config) error {
-	for _, step := range c.Deploy {
-		if strings.Contains(step.Image, "/") {
-			return fmt.Errorf("Yaml must use trusted deploy plugins")
-		}
-	}
-	return nil
-}
-
-// lint rule that fails when a non-trusted notify plugin is used.
-func expectTrustedNotify(c *common.Config) error {
-	for _, step := range c.Notify {
-		if strings.Contains(step.Image, "/") {
-			return fmt.Errorf("Yaml must use trusted notify plugins")
-		}
-	}
-	return nil
-}
-
 // lint rule that fails if the clone directory is not contained
 // in the root workspace.
 func expectCloneInWorkspace(c *common.Config) error {
@@ -121,7 +70,7 @@ func expectCloneInWorkspace(c *common.Config) error {
 		return fmt.Errorf("No workspace specified")
 	}
 
-  relative, relOk := filepath.Rel("/drone/src", path)
+	relative, relOk := filepath.Rel("/drone/src", path)
 	if relOk != nil {
 		return fmt.Errorf("Path is not relative to root")
 	}
diff --git a/pkg/yaml/lint_test.go b/pkg/yaml/lint_test.go
index cbdbcf5cc..0f1274355 100644
--- a/pkg/yaml/lint_test.go
+++ b/pkg/yaml/lint_test.go
@@ -42,37 +42,6 @@ func Test_Linter(t *testing.T) {
 			g.Assert(expectImage(c) != nil).IsTrue()
 		})
 
-		g.It("Should fail when untrusted setup image", func() {
-			c := &common.Config{Setup: &common.Step{Image: "foo/bar"}}
-			g.Assert(expectTrustedSetup(c) != nil).IsTrue()
-		})
-
-		g.It("Should fail when untrusted clone image", func() {
-			c := &common.Config{Clone: &common.Step{Image: "foo/bar"}}
-			g.Assert(expectTrustedClone(c) != nil).IsTrue()
-		})
-
-		g.It("Should fail when untrusted publish image", func() {
-			c := &common.Config{}
-			c.Publish = map[string]*common.Step{}
-			c.Publish["docker"] = &common.Step{Image: "foo/bar"}
-			g.Assert(expectTrustedPublish(c) != nil).IsTrue()
-		})
-
-		g.It("Should fail when untrusted deploy image", func() {
-			c := &common.Config{}
-			c.Deploy = map[string]*common.Step{}
-			c.Deploy["amazon"] = &common.Step{Image: "foo/bar"}
-			g.Assert(expectTrustedDeploy(c) != nil).IsTrue()
-		})
-
-		g.It("Should fail when untrusted notify image", func() {
-			c := &common.Config{}
-			c.Notify = map[string]*common.Step{}
-			c.Notify["hipchat"] = &common.Step{Image: "foo/bar"}
-			g.Assert(expectTrustedNotify(c) != nil).IsTrue()
-		})
-
 		g.It("Should pass linter when build properly setup", func() {
 			c := &common.Config{}
 			c.Build = &common.Step{}
diff --git a/pkg/yaml/parse.go b/pkg/yaml/parse.go
index 326c1acf7..6b6b7658b 100644
--- a/pkg/yaml/parse.go
+++ b/pkg/yaml/parse.go
@@ -73,11 +73,7 @@ func ParseSingle(raw string, opts *Opts, r *common.Repo) (*common.Config, error)
 	if err != nil {
 		return nil, err
 	}
-	// lint the yaml file
-	err = Lint(conf)
-	if err != nil {
-		return nil, err
-	}
+
 	// apply rules / transforms
 	transform.Defaults(conf)
 	if !opts.Network {
@@ -90,6 +86,12 @@ func ParseSingle(raw string, opts *Opts, r *common.Repo) (*common.Config, error)
 		transform.RemovePrivileged(conf)
 	}
 	transform.Repo(conf, r)
+
+	// lint the yaml file
+	err = Lint(conf)
+	if err != nil {
+		return nil, err
+	}
 	err = LintPlugins(conf, opts)
 	if err != nil {
 		return nil, err
diff --git a/pkg/yaml/transform/transform.go b/pkg/yaml/transform/transform.go
index 2db8f0f26..c14864fa1 100644
--- a/pkg/yaml/transform/transform.go
+++ b/pkg/yaml/transform/transform.go
@@ -80,6 +80,16 @@ func Repo(c *common.Config, r *common.Repo) {
 func transformSetup(c *common.Config) {
 	c.Setup = &common.Step{}
 	c.Setup.Image = "plugins/drone-build"
+
+	// TODO move below code to separate transform
+	if c.Build == nil {
+		c.Build = &common.Step{}
+	}
+	if c.Build.Config == nil {
+		c.Build.Config = map[string]interface{}{}
+	}
+	////
+
 	c.Setup.Config = c.Build.Config
 }