package_protections 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1189b0779bbda54403506984a5719d37ac3444776e34150defe591ecb96fc81
-  data.tar.gz: 1006d4722077a1581cf3509358eb4f5b58d5e443bd6c9d203309472bb26f980d
+  metadata.gz: 64a576d5910c24c2f966b5f8db6c025af93a31b866c3956cd98b54adbc7d52da
+  data.tar.gz: e8a696185cdffdb44eb1a136ad4dba73498d249faacadcb731d1559eb7e94847
 SHA512:
-  metadata.gz: 383d9bac29ac9e7be26d41de6d7af08eeb85d635e471f91a1a1ad08fd565aaaa25f42763d9e0bfc75cded4beb6d911bff267744d2a6408651132b93c4a30d70b
-  data.tar.gz: 1fd35343e9db0689656378111537df0369910874f0a59f38dcb2fa1bc712c6233e45e945cccec591c3f6a71da89e64b62aeffaa2cd565146a217aa43d09900a1
+  metadata.gz: 63194b36d9bd8edf9faab0136a58994b9a93dcfb49001ab75d057dbb7bf2522b1b235ffae8352ffbe6b3d3f13c8f5f171a3e7498ade041787ff72cd466762958
+  data.tar.gz: 67417571f0fe028ef5960985518f753de09a7b253ff56dd878f4dec89e3ca0e796a9f928da78db68da1cd29e47bd6bbd56ebff4a4882941bf6635033eb2bf76b

data/README.md

@@ -141,7 +141,7 @@ end
 In this example, `MyCustomProtection` needs to implement the `PackageProtections::ProtectionInterface` (for protections powered by `packwerk` that look at new and existing violations) OR `PackageProtections::RubocopProtectionInterface` (for protections powered by `rubocop` that look at the AST). It's recommended to take a look at the existing protections as examples. If you're having any trouble with this, please file an issue and we'll be glad to help.
 
 ## Incorporating into your CI Pipeline
-Your CI pipeline can execute the public API ta and fail if there are any offenses.
+Your CI pipeline can execute the public API and fail if there are any offenses.
 
 ## Discussions, Issues, Questions, and More
 To keep things organized, here are some recommended homes:

data/lib/package_protections/private/configuration.rb

@@ -28,8 +28,8 @@ module PackageProtections
         [
           Private::OutgoingDependencyProtection.new,
           Private::IncomingPrivacyProtection.new,
-          Private::TypedApiProtection.new,
-          Private::MultipleNamespacesProtection.new,
+          RuboCop::Cop::PackageProtections::TypedPublicApi.new,
+          RuboCop::Cop::PackageProtections::NamespacedUnderPackageName.new,
           Private::VisibilityProtection.new
         ]
       end

data/lib/package_protections/private.rb

@@ -3,11 +3,9 @@
 
 require 'package_protections/private/colorized_string'
 require 'package_protections/private/output'
-require 'package_protections/private/typed_api_protection'
 require 'package_protections/private/incoming_privacy_protection'
 require 'package_protections/private/outgoing_dependency_protection'
 require 'package_protections/private/metadata_modifiers'
-require 'package_protections/private/multiple_namespaces_protection'
 require 'package_protections/private/visibility_protection'
 require 'package_protections/private/configuration'
 

data/lib/package_protections/rubocop_protection_interface.rb

@@ -3,26 +3,6 @@
 # typed: strict
 module PackageProtections
   module RubocopProtectionInterface
-    include ProtectionInterface
-    extend T::Sig
-    extend T::Helpers
-
-    abstract!
-
-    sig do
-      abstract
-        .params(packages: T::Array[ProtectedPackage])
-        .returns(T::Array[CopConfig])
-    end
-    def cop_configs(packages); end
-
-    sig do
-      params(package: ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
-    end
-    def custom_cop_config(package)
-      {}
-    end
-
     class CopConfig < T::Struct
       extend T::Sig
       const :name, String
@@ -46,6 +26,40 @@ module PackageProtections
       end
     end
 
+    include ProtectionInterface
+    extend T::Sig
+    extend T::Helpers
+
+    abstract!
+
+    ###########################################################################
+    # Abstract Methods: These are methods that the client needs to implement
+    ############################################################################
+    sig { abstract.returns(String) }
+    def cop_name; end
+
+    sig do
+      abstract.params(file: String).returns(String)
+    end
+    def message_for_fail_on_any(file); end
+
+    sig { abstract.returns(T::Array[String]) }
+    def included_globs_for_pack; end
+
+    ###########################################################################
+    # Overriddable Methods: These are methods that the client can override,
+    # but a default is provided.
+    ############################################################################
+    sig do
+      params(package: ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
+    end
+    def custom_cop_config(package)
+      {}
+    end
+
+    sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
+    def unmet_preconditions_for_behavior(behavior, package); end
+
     sig do
       override.params(
         new_violations: T::Array[PerFileViolation]
@@ -73,6 +87,66 @@ module PackageProtections
       end
     end
 
+    sig do
+      override.params(
+        protected_packages: T::Array[ProtectedPackage]
+      ).returns(T::Array[Offense])
+    end
+    def get_offenses_for_existing_violations(protected_packages)
+      exclude_list = exclude_for_rule(cop_name)
+      offenses = []
+
+      protected_packages.each do |package|
+        violation_behavior = package.violation_behavior_for(identifier)
+
+        case violation_behavior
+        when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
+          next
+        when ViolationBehavior::FailOnAny
+          # Continue
+        else
+          T.absurd(violation_behavior)
+        end
+
+        package.original_package.directory.glob('**/**/*.*').each do |relative_path_to_file|
+          next unless exclude_list.include?(relative_path_to_file.to_s)
+
+          file = relative_path_to_file.to_s
+          offenses << Offense.new(
+            file: file,
+            message: message_for_fail_on_any(file),
+            violation_type: identifier,
+            package: package.original_package
+          )
+        end
+      end
+
+      offenses
+    end
+
+    sig do
+      params(packages: T::Array[ProtectedPackage])
+      .returns(T::Array[CopConfig])
+    end
+    def cop_configs(packages)
+      include_paths = T.let([], T::Array[String])
+      packages.each do |p|
+        next unless p.violation_behavior_for(identifier).enabled?
+
+        included_globs_for_pack.each do |glob|
+          include_paths << p.original_package.directory.join(glob).to_s
+        end
+      end
+
+      [
+        CopConfig.new(
+          name: cop_name,
+          enabled: include_paths.any?,
+          include_paths: include_paths
+        )
+      ]
+    end
+
     private
 
     sig { params(rule: String).returns(T::Set[String]) }

data/lib/rubocop/cop/package_protections/namespaced_under_package_name.rb

@@ -1,4 +1,4 @@
-# typed: ignore
+# typed: true
 
 # For String#camelize
 require 'active_support/core_ext/string/inflections'
@@ -7,7 +7,10 @@ module RuboCop
   module Cop
     module PackageProtections
       class NamespacedUnderPackageName < Base
+        extend T::Sig
+
         include RangeHelp
+        include ::PackageProtections::RubocopProtectionInterface
 
         def on_new_investigation
           absolute_filepath = Pathname.new(processed_source.file_path)
@@ -39,7 +42,7 @@ module RuboCop
           #
           # Therefore, for our implementation, we substitute out the non-namespace producing portions of the filename to count the number of namespaces.
           # Note this will *not work* properly in applications that have different assumptions about autoloading.
-          package_last_name = package_name.split('/').last
+          package_last_name = T.must(package_name.split('/').last)
           path_without_package_base = relative_filename.gsub(%r{#{package_name}/app/}, '')
           if path_without_package_base.include?('concerns')
             autoload_folder_name = path_without_package_base.split('/').first(2).join('/')
@@ -85,6 +88,77 @@ module RuboCop
           end
         end
 
+        IDENTIFIER = 'prevent_this_package_from_creating_other_namespaces'.freeze
+
+        sig { override.returns(String) }
+        def identifier
+          IDENTIFIER
+        end
+
+        sig { override.params(behavior: ::PackageProtections::ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
+        def unmet_preconditions_for_behavior(behavior, package)
+          if !behavior.enabled? && !package.metadata['global_namespaces'].nil?
+            "Invalid configuration for package `#{package.name}`. `#{identifier}` must be turned on to use `global_namespaces` configuration."
+          else
+            # We don't need to validate if the behavior is currentely fail_never
+            return if behavior.fail_never?
+
+            # The reason for this is precondition is the `MultipleNamespacesProtection` assumes this to work properly.
+            # To remove this precondition, we need to modify `MultipleNamespacesProtection` to be more generalized!
+            if ::PackageProtections::EXPECTED_PACK_DIRECTORIES.include?(Pathname.new(package.name).dirname.to_s) || package.name == ParsePackwerk::ROOT_PACKAGE_NAME
+              nil
+            else
+              "Package #{package.name} must be located in one of #{::PackageProtections::EXPECTED_PACK_DIRECTORIES.join(', ')} (or be the root) to use this protection"
+            end
+          end
+        end
+
+        sig { override.returns(T::Array[String]) }
+        def included_globs_for_pack
+          [
+            'app/**/*',
+            'lib/**/*'
+          ]
+        end
+
+        sig do
+          params(package: ::PackageProtections::ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
+        end
+        def custom_cop_config(package)
+          {
+            'GlobalNamespaces' => package.metadata['global_namespaces']
+          }
+        end
+
+        sig do
+          override.params(file: String).returns(String)
+        end
+        def message_for_fail_on_any(file)
+          "`#{file}` should be namespaced under the package namespace"
+        end
+
+        sig { override.returns(String) }
+        def cop_name
+          'PackageProtections/NamespacedUnderPackageName'
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_name
+          'Multiple Namespaces Violations'
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_description
+          <<~MESSAGE
+            These files cannot have ANY modules/classes that are not submodules of the package's allowed namespaces.
+            This is failing because these files are in `.rubocop_todo.yml` under `#{cop_name}`.
+            If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
+            change `#{IDENTIFIER}` to `#{::PackageProtections::ViolationBehavior::FailOnNew.serialize}`
+
+            See https://go/packwerk_cheatsheet_namespaces for more info.
+          MESSAGE
+        end
+
         private
 
         def get_allowed_namespaces(package_name)

data/lib/rubocop/cop/package_protections/typed_public_api.rb

@@ -1,4 +1,4 @@
-# typed: ignore
+# typed: strict
 
 module RuboCop
   module Cop
@@ -16,6 +16,61 @@ module RuboCop
       # We can apply this same pattern if we want to use other cops in the context of package protections and prevent clashing.
       #
       class TypedPublicApi < Sorbet::StrictSigil
+        extend T::Sig
+
+        include ::PackageProtections::ProtectionInterface
+        include ::PackageProtections::RubocopProtectionInterface
+
+        IDENTIFIER = T.let('prevent_this_package_from_exposing_an_untyped_api'.freeze, String)
+
+        sig { override.returns(String) }
+        def identifier
+          IDENTIFIER
+        end
+
+        sig { override.params(behavior: ::PackageProtections::ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
+        def unmet_preconditions_for_behavior(behavior, package)
+          # We might decide that we should check that `package.enforces_privacy?` is true here too, since that signifies the app has decided they want
+          # a public api in `app/public`. For now, we say there are no preconditions, because the user can still make `app/public` even if they are not yet
+          # ready to enforce privacy, and they might want to enforce a typed API.
+          nil
+        end
+
+        sig { override.returns(String) }
+        def cop_name
+          'PackageProtections/TypedPublicApi'
+        end
+
+        sig { override.returns(T::Array[String]) }
+        def included_globs_for_pack
+          [
+            'app/public/**/*'
+          ]
+        end
+
+        sig do
+          override.params(file: String).returns(String)
+        end
+        def message_for_fail_on_any(file)
+          "#{file} should be `typed: strict`"
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_name
+          'Typed API Violations'
+        end
+
+        sig { override.returns(String) }
+        def humanized_protection_description
+          <<~MESSAGE
+            These files cannot have ANY Ruby files in the public API that are not typed strict or higher.
+            This is failing because these files are in `.rubocop_todo.yml` under `#{cop_name}`.
+            If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
+            change `#{IDENTIFIER}` to `#{::PackageProtections::ViolationBehavior::FailOnNew.serialize}`
+
+            See https://go/packwerk_cheatsheet_typed_api for more info.
+          MESSAGE
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: package_protections
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Gusto Engineers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-06-14 00:00:00.000000000 Z
+date: 2022-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -181,10 +181,8 @@ files:
 - lib/package_protections/private/configuration.rb
 - lib/package_protections/private/incoming_privacy_protection.rb
 - lib/package_protections/private/metadata_modifiers.rb
-- lib/package_protections/private/multiple_namespaces_protection.rb
 - lib/package_protections/private/outgoing_dependency_protection.rb
 - lib/package_protections/private/output.rb
-- lib/package_protections/private/typed_api_protection.rb
 - lib/package_protections/private/visibility_protection.rb
 - lib/package_protections/protected_package.rb
 - lib/package_protections/protection_interface.rb

data/lib/package_protections/private/multiple_namespaces_protection.rb

@@ -1,128 +0,0 @@
-# frozen_string_literal: true
-
-# typed: strict
-
-module PackageProtections
-  module Private
-    class MultipleNamespacesProtection
-      extend T::Sig
-
-      include ProtectionInterface
-      include RubocopProtectionInterface
-
-      IDENTIFIER = 'prevent_this_package_from_creating_other_namespaces'
-      COP_NAME = 'PackageProtections/NamespacedUnderPackageName'
-
-      sig { override.returns(String) }
-      def identifier
-        IDENTIFIER
-      end
-
-      sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
-      def unmet_preconditions_for_behavior(behavior, package)
-        if !behavior.enabled? && !package.metadata['global_namespaces'].nil?
-          "Invalid configuration for package `#{package.name}`. `#{identifier}` must be turned on to use `global_namespaces` configuration."
-        else
-          # We don't need to validate if the behavior is currentely fail_never
-          return if behavior.fail_never?
-
-          # The reason for this is precondition is the `MultipleNamespacesProtection` assumes this to work properly.
-          # To remove this precondition, we need to modify `MultipleNamespacesProtection` to be more generalized!
-          if EXPECTED_PACK_DIRECTORIES.include?(Pathname.new(package.name).dirname.to_s) || package.name == ParsePackwerk::ROOT_PACKAGE_NAME
-            nil
-          else
-            "Package #{package.name} must be located in one of #{EXPECTED_PACK_DIRECTORIES.join(', ')} (or be the root) to use this protection"
-          end
-        end
-      end
-
-      sig do
-        override
-          .params(packages: T::Array[ProtectedPackage])
-          .returns(T::Array[CopConfig])
-      end
-      def cop_configs(packages)
-        include_paths = T.let([], T::Array[String])
-        packages.each do |p|
-          next if p.name == ParsePackwerk::ROOT_PACKAGE_NAME
-
-          if p.violation_behavior_for(identifier).enabled?
-            include_paths << p.original_package.directory.join('app', '**', '*').to_s
-            include_paths << p.original_package.directory.join('lib', '**', '*').to_s
-          end
-        end
-
-        [
-          CopConfig.new(
-            name: COP_NAME,
-            enabled: include_paths.any?,
-            include_paths: include_paths
-          )
-        ]
-      end
-
-      sig do
-        params(package: ProtectedPackage).returns(T::Hash[T.untyped, T.untyped])
-      end
-      def custom_cop_config(package)
-        {
-          'GlobalNamespaces' => package.metadata['global_namespaces']
-        }
-      end
-
-      sig do
-        override.params(
-          protected_packages: T::Array[ProtectedPackage]
-        ).returns(T::Array[Offense])
-      end
-      def get_offenses_for_existing_violations(protected_packages)
-        exclude_list = exclude_for_rule(COP_NAME)
-        offenses = []
-
-        protected_packages.each do |package|
-          violation_behavior = package.violation_behavior_for(identifier)
-
-          case violation_behavior
-          when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
-            next
-          when ViolationBehavior::FailOnAny
-            # Continue
-          else
-            T.absurd(violation_behavior)
-          end
-
-          package.original_package.directory.glob('**/**/*.*').each do |relative_path_to_file|
-            next unless exclude_list.include?(relative_path_to_file.to_s)
-
-            file = relative_path_to_file.to_s
-            offenses << Offense.new(
-              file: file,
-              message: "`#{file}` should be namespaced under the package namespace",
-              violation_type: identifier,
-              package: package.original_package
-            )
-          end
-        end
-
-        offenses
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_name
-        'Multiple Namespaces Violations'
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_description
-        <<~MESSAGE
-          These files cannot have ANY modules/classes that are not submodules of the package's allowed namespaces.
-          This is failing because these files are in `.rubocop_todo.yml` under `#{COP_NAME}`.
-          If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
-          change `#{IDENTIFIER}` to `#{ViolationBehavior::FailOnNew.serialize}`
-
-          See https://go/packwerk_cheatsheet_namespaces for more info.
-        MESSAGE
-      end
-    end
-  end
-end

data/lib/package_protections/private/typed_api_protection.rb

@@ -1,106 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-module PackageProtections
-  module Private
-    class TypedApiProtection
-      extend T::Sig
-
-      include ProtectionInterface
-      include RubocopProtectionInterface
-
-      IDENTIFIER = 'prevent_this_package_from_exposing_an_untyped_api'
-      COP_NAME = 'PackageProtections/TypedPublicApi'
-
-      sig { override.returns(String) }
-      def identifier
-        IDENTIFIER
-      end
-
-      sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
-      def unmet_preconditions_for_behavior(behavior, package)
-        # We might decide that we should check that `package.enforces_privacy?` is true here too, since that signifies the app has decided they want
-        # a public api in `app/public`. For now, we say there are no preconditions, because the user can still make `app/public` even if they are not yet
-        # ready to enforce privacy, and they might want to enforce a typed API.
-        nil
-      end
-
-      sig do
-        override
-          .params(packages: T::Array[ProtectedPackage])
-          .returns(T::Array[CopConfig])
-      end
-      def cop_configs(packages)
-        include_paths = T.let([], T::Array[String])
-        packages.each do |p|
-          if p.violation_behavior_for(identifier).enabled?
-            directory = p.original_package.directory
-            include_paths << directory.join('app', 'public', '**', '*').to_s
-          end
-        end
-
-        [
-          CopConfig.new(
-            name: COP_NAME,
-            enabled: include_paths.any?,
-            include_paths: include_paths
-          )
-        ]
-      end
-
-      sig do
-        override.params(
-          protected_packages: T::Array[ProtectedPackage]
-        ).returns(T::Array[Offense])
-      end
-      def get_offenses_for_existing_violations(protected_packages)
-        exclude_list = exclude_for_rule(COP_NAME)
-
-        offenses = T.let([], T::Array[Offense])
-        protected_packages.flat_map do |protected_package|
-          violation_behavior = protected_package.violation_behavior_for(identifier)
-
-          case violation_behavior
-          when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
-            next
-          when ViolationBehavior::FailOnAny
-            # Continue
-          else
-            T.absurd(violation_behavior)
-          end
-
-          protected_package.original_package.directory.glob('app/public/**/**/*.*').each do |relative_path_to_file|
-            next unless exclude_list.include?(relative_path_to_file.to_s)
-
-            file = relative_path_to_file.to_s
-            offenses << Offense.new(
-              file: file,
-              message: "#{file} should be `typed: strict`",
-              violation_type: identifier,
-              package: protected_package.original_package
-            )
-          end
-        end
-
-        offenses
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_name
-        'Typed API Violations'
-      end
-
-      sig { override.returns(String) }
-      def humanized_protection_description
-        <<~MESSAGE
-          These files cannot have ANY Ruby files in the public API that are not typed strict or higher.
-          This is failing because these files are in `.rubocop_todo.yml` under `#{COP_NAME}`.
-          If you want to be able to ignore these files, you'll need to open the file's package's `package.yml` file and
-          change `#{IDENTIFIER}` to `#{ViolationBehavior::FailOnNew.serialize}`
-
-          See https://go/packwerk_cheatsheet_typed_api for more info.
-        MESSAGE
-      end
-    end
-  end
-end