metadata-json-lint 2.0.1 → 2.4.0

data/README.md

@@ -8,8 +8,6 @@ metadata-json-lint is compatible with Ruby versions 2.0.0, 2.1.9, 2.3.1, and 2.4
 
 ## Installation
 
-Puppet 4.9.0 and newer:
-
 via `gem` command:
 ``` shell
 gem install metadata-json-lint
@@ -20,19 +18,6 @@ via Gemfile:
 gem 'metadata-json-lint'
 ```
 
-**Puppet 4.8.x and older:**
-
-via `gem` command:
-``` shell
-gem install metadata-json-lint semantic_puppet
-```
-
-via Gemfile:
-``` ruby
-gem 'metadata-json-lint'
-gem 'semantic_puppet
-```
-
 ## Usage
 
 ### Testing with metadata-json-lint
@@ -56,7 +41,7 @@ rake metadata_lint
 To set options for the Rake task, include them when you define the task:
 
 ```ruby
-require 'metadata-json-lint'
+require 'metadata_json_lint'
 task :metadata_lint do
   MetadataJsonLint.parse('metadata.json') do |options|
       options.strict_license = false
@@ -76,6 +61,22 @@ MetadataJsonLint.options.strict_license = false
 * `--[no-]strict-dependencies`: Whether to fail if module version dependencies are open-ended. Defaults to `false`.
 * `--[no-]strict-license`: Whether to fail on strict license check. Defaults to `true`.
 * `--[no-]fail-on-warnings`: Whether to fail on warnings. Defaults to `true`.
+* `--[no-]strict-puppet-version`: Whether to fail if Puppet version requirements are open-ended or no longer supported. Defaults to `false`.
+
+
+## Make a new release
+
+To make a new release, we need to install the release gem group:
+
+```sh
+bundle install --path .vendor/ --with release
+```
+
+Afterwards export a GitHub access token (otherwise you might run into API rate limits):
+
+```sh
+export CHANGELOG_GITHUB_TOKEN=...
+```
 
 ## Contributors
 

data/Rakefile

@@ -13,3 +13,17 @@ end
 
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
+
+begin
+  require 'github_changelog_generator/task'
+
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.header = "# Changelog\n\nAll notable changes to this project will be documented in this file."
+    config.exclude_labels = %w[duplicate question invalid wontfix wont-fix skip-changelog]
+    config.user = 'voxpupuli'
+    config.project = 'metadata-json-lint'
+    config.future_release = "v#{Gem::Specification.load("#{config.project}.gemspec").version}"
+  end
+rescue LoadError
+  puts 'no github_changelog_generator gem available'
+end

data/lib/metadata-json-lint/schema.rb

@@ -141,10 +141,28 @@ module MetadataJsonLint
 
     private
 
+    def semver_full_regex
+      @semver_full_regex ||= begin
+        # Version string matching regexes
+        numeric = '(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)' # Major . Minor . Patch
+        pre     = '(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?' # Prerelease
+        build   = '(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?' # Build
+        full    = numeric + pre + build
+
+        /\A#{full}\Z/
+      end
+    end
+
     def semver_validator(value)
-      SemanticPuppet::Version.parse(value)
-    rescue SemanticPuppet::Version::ValidationFailure => e
-      raise JSON::Schema::CustomFormatError, "must be a valid semantic version: #{e.message}"
+      if defined?(SemanticPuppet::Version)
+        begin
+          SemanticPuppet::Version.parse(value)
+        rescue SemanticPuppet::Version::ValidationFailure => e
+          raise JSON::Schema::CustomFormatError, "must be a valid semantic version: #{e.message}"
+        end
+      elsif value.match(semver_full_regex).nil?
+        raise JSON::Schema::CustomFormatError, "must be a valid semantic version: Unable to parse '#{value}' as a semantic version identifier"
+      end
     end
   end
 end

data/lib/metadata-json-lint/semantic_puppet_loader.rb

@@ -0,0 +1,47 @@
+module MetadataJsonLint
+  # Attempts the various methods of loading SemanticPuppet.
+  module SemanticPuppetLoader
+    def try_load
+      try_load_puppet
+      return if defined?(SemanticPuppet)
+
+      try_load_semantic
+      return if defined?(SemanticPuppet)
+
+      try_load_semantic_puppet
+      return if defined?(SemanticPuppet)
+
+      warn 'Could not find semantic_puppet gem, falling back to internal functionality. Version checks may be less robust.'
+    end
+    module_function :try_load
+
+    # Most modern Puppet versions have SemanticPuppet vendored in the proper
+    # namespace and automatically load it at require time.
+    def try_load_puppet
+      require 'puppet'
+    rescue LoadError
+      nil
+    end
+    module_function :try_load_puppet
+
+    # Older Puppet 4.x versions have SemanticPuppet vendored but under the
+    # Semantic namespace and require it on demand, so we need to load it
+    # ourselves and then alias it to SemanticPuppet for convenience.
+    def try_load_semantic
+      require 'semantic'
+      Kernel.const_set('SemanticPuppet', Semantic)
+    rescue LoadError
+      nil
+    end
+    module_function :try_load_semantic
+
+    # If Puppet is not available or is a version that does not have
+    # SemanticPuppet vendored, try to load the external gem.
+    def try_load_semantic_puppet
+      require 'semantic_puppet'
+    rescue LoadError
+      nil
+    end
+    module_function :try_load_semantic_puppet
+  end
+end

data/lib/metadata-json-lint/version_requirement.rb

@@ -1,13 +1,16 @@
-require 'puppet'
-require 'semantic_puppet' unless Puppet.version >= '4.9.0'
-
 module MetadataJsonLint
   # Parses a string module version requirement with semantic_puppet and
   # provides methods to analyse it for lint warnings
   class VersionRequirement
     def initialize(requirement)
       @requirement = requirement
-      @range = SemanticPuppet::VersionRange.parse(requirement)
+
+      if defined?(SemanticPuppet::VersionRange)
+        @range = SemanticPuppet::VersionRange.parse(requirement)
+        raise ArgumentError, "Range matches no versions: \"#{requirement}\"" if @range == SemanticPuppet::VersionRange::EMPTY_RANGE
+      elsif requirement.match(/\A[a-z0-9*.\-^~><=|\t ]*\Z/i).nil?
+        raise ArgumentError, "Unparsable version range: \"#{requirement}\""
+      end
     end
 
     # Whether the range uses a comparison operator (e.g. >=) with a wildcard
@@ -26,7 +29,38 @@ module MetadataJsonLint
     end
 
     def open_ended?
-      @range.end == SemanticPuppet::Version::MAX
+      if range
+        range.end == SemanticPuppet::Version::MAX
+      else
+        # Empty requirement strings are open-ended.
+        return true if requirement.strip.empty?
+
+        # Strip superfluous whitespace.
+        range_set = requirement.gsub(/([><=~^])(?:\s+|\s*v)/, '\1')
+
+        # Split on logical OR
+        ranges = range_set.split(/\s*\|\|\s*/)
+
+        # Returns true if any range includes a '>' but not a corresponding '<'
+        # which should be the only way to declare an open-ended range.
+        ranges.select { |r| r.include?('>') }.any? { |r| !r.include?('<') }
+      end
+    end
+
+    def puppet_eol?
+      true if range.begin < SemanticPuppet::Version.parse(MIN_PUPPET_VER)
+    end
+
+    def ver_range
+      range
+    end
+
+    def min
+      range.begin
+    end
+
+    def max
+      range.end
     end
 
     private

data/lib/metadata_json_lint.rb

@@ -2,20 +2,27 @@ require 'json'
 require 'spdx-licenses'
 require 'optparse'
 
+require 'metadata-json-lint/semantic_puppet_loader'
+MetadataJsonLint::SemanticPuppetLoader.try_load
+
 require 'metadata-json-lint/schema'
 require 'metadata-json-lint/version_requirement'
 
 module MetadataJsonLint
+  MIN_PUPPET_VER = '4.10.0'.freeze
+
   def options
     @options ||= Struct.new(
       :fail_on_warnings,
       :strict_license,
       :strict_dependencies,
+      :strict_puppet_version,
       :format
     ).new(
       true, # fail_on_warnings
       true, # strict_license
       false, # strict_dependencies
+      false, # strict_puppet_version
       'text', # format
     )
   end
@@ -37,6 +44,10 @@ module MetadataJsonLint
         options[:fail_on_warnings] = v
       end
 
+      opts.on('--[no-]strict-puppet-version', "Fail on strict Puppet Version check based on current supported Puppet versions. Defaults to '#{options[:strict_puppet_version]}'.") do |v|
+        options[:strict_puppet_version] = v
+      end
+
       opts.on('-f', '--format FORMAT', %i[text json], 'The format in which results will be output (text, json)') do |format|
         options[:format] = format
       end
@@ -126,15 +137,55 @@ module MetadataJsonLint
   end
   module_function :parse
 
+  def validate_requirements_unique(requirements)
+    names = requirements.map { |x| x['name'] }
+    counts = Hash.new(0)
+
+    names.each { |name| counts[name.downcase] += 1 }
+
+    counts.each do |k, v|
+      error :requirements, "Duplicate entries in the 'requirements' list with the name '#{k}'" if v > 1
+    end
+  end
+  module_function :validate_requirements_unique
+
   def validate_requirements!(requirements)
+    return unless requirements.is_a?(Array)
+
     requirements.each do |requirement|
       if requirement['name'] == 'pe'
         warn :requirements, "The 'pe' requirement is no longer supported by the Forge."
       end
+
+      begin
+        puppet_req = VersionRequirement.new(requirement.fetch('version_requirement', ''))
+      rescue ArgumentError => e
+        # Raised when the version_requirement provided could not be parsed
+        error :requirements, "Invalid 'version_requirement' field in metadata.json: #{e}"
+      end
+
+      validate_puppet_ver!(puppet_req) unless puppet_req.instance_variable_get('@requirement').nil?
     end
+
+    validate_requirements_unique(requirements)
   end
   module_function :validate_requirements!
 
+  def validate_puppet_ver!(requirement)
+    if options[:strict_puppet_version] && requirement.open_ended?
+      warn(:requirement, "Puppet has an open ended version requirement #{requirement.ver_range}")
+    end
+
+    if options[:strict_puppet_version] && requirement.puppet_eol?
+      warn(:requirement, "#{requirement.min} is no longer supported. Minimum supported version is #{MIN_PUPPET_VER}")
+    end
+
+    return unless requirement.mixed_syntax?
+    warn(:requirement, 'Mixing "x" or "*" version syntax with operators is not recommended in ' \
+      "metadata.json, use one style in the puppet version: #{requirement.instance_variable_get('@requirement')}")
+  end
+  module_function :validate_puppet_ver!
+
   def validate_dependencies!(deps)
     dep_names = []
     deps.each do |dep|
@@ -148,6 +199,8 @@ module MetadataJsonLint
       rescue ArgumentError => e
         # Raised when the version_requirement provided could not be parsed
         error :dependencies, "Invalid 'version_requirement' field in metadata.json: #{e}"
+        # Skip to the next dependency
+        next
       end
       validate_version_requirement!(dep, requirement)
 
@@ -164,10 +217,10 @@ module MetadataJsonLint
   def validate_version_requirement!(dep, requirement)
     # Open ended dependency
     # From: https://docs.puppet.com/puppet/latest/reference/modules_metadata.html#best-practice-set-an-upper-bound-for-dependencies
-    if requirement.open_ended?
+    if options[:strict_dependencies] && requirement.open_ended?
       msg = "Dependency #{dep['name']} has an open " \
         "ended dependency version requirement #{dep['version_requirement']}"
-      options[:strict_dependencies] == true ? error(:dependencies, msg) : warn(:dependencies, msg)
+      warn(:dependencies, msg)
     end
 
     # Mixing operator and wildcard version syntax

data/metadata-json-lint.gemspec

@@ -2,7 +2,7 @@ require 'date'
 
 Gem::Specification.new do |s|
   s.name        = 'metadata-json-lint'
-  s.version     = '2.0.1'
+  s.version     = '2.4.0'
   s.date        = Date.today.to_s
   s.summary     = 'metadata-json-lint /path/to/metadata.json'
   s.description = 'Utility to verify Puppet metadata.json files'
@@ -19,14 +19,16 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 2.0.0'
   s.add_runtime_dependency 'spdx-licenses', '~> 1.0'
   s.add_runtime_dependency 'json-schema', '~> 2.8'
-  s.add_runtime_dependency 'puppet', '>= 4.7.0', '< 6.0.0'
+  s.add_development_dependency 'pry'
   s.add_development_dependency 'rake'
+  s.add_development_dependency 'semantic_puppet'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'rubocop', '~> 0.50.0'
   s.post_install_message = '
-  -------------------------------------------------
-      semantic_puppet must be installed within
-      your Gemfile if you use Puppet <= 4.8.x!!
-  -------------------------------------------------
-  '
+  ----------------------------------------------------------
+      For the most accurate results, the semantic_puppet
+      gem should be included within your Gemfile if you
+      use Puppet <= 4.8.x
+  ----------------------------------------------------------
+  '.gsub(/^  /, '')
 end

data/spec/metadata_json_lint_spec.rb

@@ -0,0 +1,37 @@
+describe MetadataJsonLint do
+  describe '.validate_requirements!' do
+    context 'empty requirements' do
+      let :requirements do
+        []
+      end
+
+      it { expect { described_class.validate_requirements!(requirements) }.not_to raise_error }
+    end
+
+    context 'with pe' do
+      let :requirements do
+        [
+          { 'name' => 'pe' }
+        ]
+      end
+
+      it do
+        expect(described_class).to receive('warn').with(:requirements, "The 'pe' requirement is no longer supported by the Forge.")
+        expect { described_class.validate_requirements!(requirements) }.not_to raise_error
+      end
+    end
+
+    context 'with invalid requirement' do
+      let :requirements do
+        [
+          { 'name' => 'puppet', 'version_requirement' => 'a' }
+        ]
+      end
+
+      it do
+        expect(described_class).to receive('error').with(:requirements, "Invalid 'version_requirement' field in metadata.json: Unparsable version range: \"a\"")
+        expect { described_class.validate_requirements!(requirements) }.not_to raise_error
+      end
+    end
+  end
+end

data/tests/duplicate-dep/metadata.json

@@ -57,13 +57,9 @@
     }
   ],
   "requirements": [
-    {
-      "name": "pe",
-      "version_requirement": ">= 3.2.0 < 3.4.0"
-    },
     {
       "name": "puppet",
-      "version_requirement": "3.x"
+      "version_requirement": "5.5.1"
     }
   ],
   "dependencies": [

data/tests/duplicate-requirement/Rakefile

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift(File.expand_path('../../../lib', __FILE__))
+require 'metadata-json-lint/rake_task'

data/tests/duplicate-requirement/expected

@@ -0,0 +1 @@
+Duplicate entries in the 'requirements' list with the name 'puppet'

data/tests/duplicate-requirement/metadata.json

@@ -0,0 +1,87 @@
+{
+  "name": "puppetlabs-postgresql",
+  "version": "3.4.1",
+  "author": "Inkling/Puppet Labs",
+  "summary": "PostgreSQL defined resource types",
+  "license": "Apache-2.0",
+  "source": "git://github.com/puppetlabs/puppet-postgresql.git",
+  "project_page": "https://github.com/puppetlabs/puppet-postgresql",
+  "issues_url": "https://github.com/puppetlabs/puppet-postgresql/issues",
+  "operatingsystem_support": [
+    {
+      "operatingsystem": "RedHat",
+      "operatingsystemrelease": [
+        "5",
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "CentOS",
+      "operatingsystemrelease": [
+        "5",
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "OracleLinux",
+      "operatingsystemrelease": [
+        "5",
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "Scientific",
+      "operatingsystemrelease": [
+        "5",
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "Debian",
+      "operatingsystemrelease": [
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "Ubuntu",
+      "operatingsystemrelease": [
+        "10.04",
+        "12.04",
+        "14.04"
+      ]
+    }
+  ],
+  "requirements": [
+    {
+      "name": "puppet",
+      "version_requirement": "5.5.1"
+    },
+    {
+      "name": "puppet",
+      "version_requirement": "6.11.0"
+    }
+  ],
+  "dependencies": [
+    {
+      "name": "puppetlabs/stdlib",
+      "version_requirement": "4.x"
+    },
+    {
+      "name": "puppetlabs/firewall",
+      "version_requirement": ">= 0.0.4"
+    },
+    {
+      "name": "puppetlabs/apt",
+      "version_requirement": ">=1.1.0 <2.0.0"
+    },
+    {
+      "name": "puppetlabs/concat",
+      "version_requirement": ">= 1.1.0 <2.0.0"
+    }
+  ]
+}