-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This PR introduces [Regal](https://github.com/styrainc/regal) for linting the Rego files of the project. The Rego found here is generally in a good shape, so only a few rules have been either ignored or fixed. The few rules fixed include: * [rule-shadows-builtin](https://docs.styra.com/regal/rules/bugs/rule-shadows-builtin) as there is already an `is_null` function in the standard lib * [custom-has-key-construct](https://docs.styra.com/regal/rules/idiomatic/custom-has-key-construct) as this is handled by `object.keys` and `in` in modern Rego * [use-assignment-operator](https://docs.styra.com/regal/rules/style/use-assignment-operator) as `:=` is preferred over `=` for rule assignment, and using this does not change the semantics of the code in any way. Included is also a new job for checking/linting Rego code as part of CI. Signed-off-by: Anders Eknert <[email protected]>
- Loading branch information
1 parent
cd0c200
commit bc62705
Showing
13 changed files
with
228 additions
and
201 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,3 +27,16 @@ jobs: | |
run: go test -count=1 -shuffle=on -timeout=10m -race $(go list ./... | grep -vE '^github.com/Legit-Labs/legitify/e2e') | ||
- name: Vet | ||
run: go vet -v ./... | ||
check_rego: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
Check failure on line 33 in .github/workflows/build_and_test.yaml Legit Security / Legit Pipeline Scanning.github/workflows/build_and_test.yaml#L33
|
||
- uses: open-policy-agent/setup-opa@v2 | ||
Check failure on line 34 in .github/workflows/build_and_test.yaml Legit Security / Legit Pipeline Scanning.github/workflows/build_and_test.yaml#L34
|
||
with: | ||
version: v0.55.0 | ||
- uses: styrainc/[email protected] | ||
Check failure on line 37 in .github/workflows/build_and_test.yaml Legit Security / Legit Pipeline Scanning.github/workflows/build_and_test.yaml#L37
|
||
with: | ||
version: v0.11.0 | ||
- run: opa check --strict policies/github | ||
- run: opa check --strict policies/gitlab | ||
- run: regal lint --format=github policies |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
rules: | ||
idiomatic: | ||
no-defined-entrypoint: | ||
# OK to ignore for libraries | ||
level: ignore | ||
style: | ||
file-length: | ||
# Override default of 500 as one file has 515 lines | ||
max-file-length: 550 | ||
line-length: | ||
# Violations here mostly from metadata annotation values. | ||
# These could be fixed by using |> and newlines, but we'll | ||
# ignore this for now. | ||
level: ignore | ||
opa-fmt: | ||
# Would mostly changes spaces -> tabs. Safe to ignore. | ||
level: ignore | ||
prefer-snake-case: | ||
# Only a few violations here, so this would be easy to fix. | ||
level: ignore | ||
prefer-some-in-iteration: | ||
# This is mostly a style preference, so safe to ignore. | ||
level: ignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,12 @@ | ||
package common.webhooks | ||
|
||
has_key(x, k) { | ||
_ = x[k] | ||
} | ||
import future.keywords.in | ||
|
||
ssl_enabled(hook) { | ||
has_key(hook.config, "insecure_ssl") | ||
"insecure_ssl" in object.keys(hook.config) | ||
hook.config.insecure_ssl == "0" | ||
} | ||
|
||
has_secret(hook) { | ||
has_key(hook.config, "secret") | ||
} | ||
"secret" in object.keys(hook.config) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.