carson 2.17.2 → 2.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/RELEASE.md +22 -0
- data/VERSION +1 -1
- data/lib/carson/runtime/audit.rb +40 -0
- data/templates/.github/.mega-linter.yml +3 -3
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c9bf941a78e322ebb3086476fe99f2ec31ef59847e94e54de4e8acf3aa2517be
|
|
4
|
+
data.tar.gz: 962ee4ef4b7618bc23d4208d610459030974f8b4482d891f6a27ad7e26d39640
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8f0f970f45b6951ce5b56aeb675f5876e515694c01f005d9182f7a2d39d9e56eb7b428b15fc40d93996229487fc62302a56cf3d3a7b5b6d3f1fc799a100f7e48
|
|
7
|
+
data.tar.gz: 239edae42c9be23c0a273caa110387c090ab33d93f9b2780918e766aeb6aa0d2c837cc85367d22cab139a87e5082e11e245520979d5d6746a50bbb8545e88be9
|
data/RELEASE.md
CHANGED
|
@@ -5,6 +5,28 @@ Release-note scope rule:
|
|
|
5
5
|
- `RELEASE.md` records only version deltas, breaking changes, and migration actions.
|
|
6
6
|
- Operational usage guides live in `MANUAL.md` and `API.md`.
|
|
7
7
|
|
|
8
|
+
## 2.18.0 — Audit Attention Detail
|
|
9
|
+
|
|
10
|
+
### What changed
|
|
11
|
+
|
|
12
|
+
- `carson audit` now enumerates what needs attention in concise (non-verbose) output. Previously the user saw only "Audit: attention" with no detail; now each attention source prints a specific line explaining the problem and next step.
|
|
13
|
+
- Covers all attention sources: main sync errors, PR/check failures and pending, default branch CI baseline (critical and advisory), and scope integrity warnings.
|
|
14
|
+
- Block-level baseline problems also surface concise detail (previously silent in non-verbose mode).
|
|
15
|
+
|
|
16
|
+
### No migration required
|
|
17
|
+
|
|
18
|
+
No configuration or workflow changes needed.
|
|
19
|
+
|
|
20
|
+
## 2.17.3 — Disable DevSkim
|
|
21
|
+
|
|
22
|
+
### What changed
|
|
23
|
+
|
|
24
|
+
- Disabled `REPOSITORY_DEVSKIM` in MegaLinter config. DevSkim floods Rails apps with false-positive security warnings (78 warnings on a fresh Rails 8 scaffold).
|
|
25
|
+
|
|
26
|
+
### No migration required
|
|
27
|
+
|
|
28
|
+
Run `carson refresh` — the updated template propagates automatically.
|
|
29
|
+
|
|
8
30
|
## 2.17.2 — Lint Code, Not Prose
|
|
9
31
|
|
|
10
32
|
### What changed
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.18.0
|
data/lib/carson/runtime/audit.rb
CHANGED
|
@@ -33,6 +33,7 @@ module Carson
|
|
|
33
33
|
puts_verbose "main_vs_remote_main: unknown"
|
|
34
34
|
puts_verbose "WARN: unable to calculate main sync status (#{main_error})."
|
|
35
35
|
audit_state = "attention" if audit_state == "ok"
|
|
36
|
+
audit_concise_problems << "Main sync: unable to determine — check remote connectivity."
|
|
36
37
|
elsif ahead_count.positive?
|
|
37
38
|
puts_verbose "main_vs_remote_main_ahead: #{ahead_count}"
|
|
38
39
|
puts_verbose "main_vs_remote_main_behind: #{behind_count}"
|
|
@@ -54,13 +55,52 @@ module Carson
|
|
|
54
55
|
puts_verbose "[PR and Required Checks (gh)]"
|
|
55
56
|
monitor_report = pr_and_check_report
|
|
56
57
|
audit_state = "attention" if audit_state == "ok" && monitor_report.fetch( :status ) != "ok"
|
|
58
|
+
if monitor_report.fetch( :status ) == "skipped"
|
|
59
|
+
audit_concise_problems << "Checks: skipped (#{monitor_report.fetch( :skip_reason )})."
|
|
60
|
+
elsif monitor_report.fetch( :status ) == "attention"
|
|
61
|
+
checks = monitor_report.fetch( :checks )
|
|
62
|
+
fail_n = checks.fetch( :failing_count )
|
|
63
|
+
pend_n = checks.fetch( :pending_count )
|
|
64
|
+
total = checks.fetch( :required_total )
|
|
65
|
+
if fail_n.positive? && pend_n.positive?
|
|
66
|
+
audit_concise_problems << "Checks: #{fail_n} failing, #{pend_n} pending of #{total} required."
|
|
67
|
+
elsif fail_n.positive?
|
|
68
|
+
audit_concise_problems << "Checks: #{fail_n} of #{total} failing."
|
|
69
|
+
elsif pend_n.positive?
|
|
70
|
+
audit_concise_problems << "Checks: pending (#{total - pend_n} of #{total} complete)."
|
|
71
|
+
elsif checks.fetch( :status ) == "skipped"
|
|
72
|
+
audit_concise_problems << "Checks: skipped (#{checks.fetch( :skip_reason )})."
|
|
73
|
+
end
|
|
74
|
+
end
|
|
57
75
|
puts_verbose ""
|
|
58
76
|
puts_verbose "[Default Branch CI Baseline (gh)]"
|
|
59
77
|
default_branch_baseline = default_branch_ci_baseline_report
|
|
60
78
|
audit_state = "block" if default_branch_baseline.fetch( :status ) == "block"
|
|
61
79
|
audit_state = "attention" if audit_state == "ok" && default_branch_baseline.fetch( :status ) != "ok"
|
|
80
|
+
baseline_st = default_branch_baseline.fetch( :status )
|
|
81
|
+
if baseline_st == "block"
|
|
82
|
+
parts = []
|
|
83
|
+
parts << "#{default_branch_baseline.fetch( :failing_count )} failing" if default_branch_baseline.fetch( :failing_count ).positive?
|
|
84
|
+
parts << "#{default_branch_baseline.fetch( :pending_count )} pending" if default_branch_baseline.fetch( :pending_count ).positive?
|
|
85
|
+
parts << "no check-runs for active workflows" if default_branch_baseline.fetch( :no_check_evidence )
|
|
86
|
+
audit_concise_problems << "Baseline (#{default_branch_baseline.fetch( :default_branch, config.main_branch )}): #{parts.join( ', ' )} — merge blocked."
|
|
87
|
+
elsif baseline_st == "attention"
|
|
88
|
+
parts = []
|
|
89
|
+
parts << "#{default_branch_baseline.fetch( :advisory_failing_count )} advisory failing" if default_branch_baseline.fetch( :advisory_failing_count ).positive?
|
|
90
|
+
parts << "#{default_branch_baseline.fetch( :advisory_pending_count )} advisory pending" if default_branch_baseline.fetch( :advisory_pending_count ).positive?
|
|
91
|
+
audit_concise_problems << "Baseline (#{default_branch_baseline.fetch( :default_branch, config.main_branch )}): #{parts.join( ', ' )}."
|
|
92
|
+
elsif baseline_st == "skipped"
|
|
93
|
+
audit_concise_problems << "Baseline: skipped (#{default_branch_baseline.fetch( :skip_reason )})."
|
|
94
|
+
end
|
|
62
95
|
scope_guard = print_scope_integrity_guard
|
|
63
96
|
audit_state = "attention" if audit_state == "ok" && scope_guard.fetch( :status ) == "attention"
|
|
97
|
+
if scope_guard.fetch( :status ) == "attention"
|
|
98
|
+
if scope_guard.fetch( :split_required )
|
|
99
|
+
audit_concise_problems << "Scope: multiple module groups touched."
|
|
100
|
+
else
|
|
101
|
+
audit_concise_problems << "Scope: unmatched paths — classify via scope.path_groups."
|
|
102
|
+
end
|
|
103
|
+
end
|
|
64
104
|
write_and_print_pr_monitor_report(
|
|
65
105
|
report: monitor_report.merge(
|
|
66
106
|
default_branch_baseline: default_branch_baseline,
|
|
@@ -19,11 +19,11 @@ DISABLE:
|
|
|
19
19
|
- SPELL
|
|
20
20
|
|
|
21
21
|
# Disable linters that are too noisy without per-project configuration.
|
|
22
|
-
# checkov
|
|
23
|
-
#
|
|
24
|
-
# permissive, but MegaLinter needs these to post PR comments.
|
|
22
|
+
# checkov/kics flag Carson workflow permissions as overly permissive.
|
|
23
|
+
# devskim floods Rails apps with false-positive security warnings.
|
|
25
24
|
DISABLE_LINTERS:
|
|
26
25
|
- COPYPASTE_JSCPD
|
|
27
26
|
- HTML_DJLINT
|
|
28
27
|
- REPOSITORY_CHECKOV
|
|
28
|
+
- REPOSITORY_DEVSKIM
|
|
29
29
|
- REPOSITORY_KICS
|