PyPI - bitwarden_workflow_linter - Versions diffs - 0.0.3__tar.gz → 0.0.4__tar.gz - Mend

bitwarden_workflow_linter 0.0.3tar.gz → 0.0.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.github/CODEOWNERS RENAMED Viewed

@@ -5,4 +5,4 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 # Default file owners
-* @bitwarden/dept-devops
+* @bitwarden/dept-bre

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.github/renovate.json RENAMED Viewed

@@ -2,6 +2,7 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": ["github>bitwarden/renovate-config"],
   "enabledManagers": ["github-actions", "npm", "pipenv"],
+  "labels": ["version:patch"],
   "packageRules": [
     {
       "groupName": "gh minor",

bitwarden_workflow_linter-0.0.4/.github/workflows/_version_type.yml ADDED Viewed

@@ -0,0 +1,57 @@
+name: _version_type
+run-name: Get version type
+on:
+  workflow_call:
+    outputs:
+      version_bump_type:
+        description: "version to be built"
+        value: ${{ jobs.version.outputs.bump_type }}
+jobs:
+  version:
+    name: Calculate Version
+    runs-on: ubuntu-22.04
+    outputs:
+      bump_type: ${{ steps.bump-type.outputs.type }}
+    steps:
+      - name: Get PR ID
+        id: pr
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          commit_message=$(
+            curl -s -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} | \
+            jq -r ".commit.message"
+          )
+          ID=$(echo "$commit_message" | head -1 | grep -o "(#.*)" | grep -o "[0-9]*")
+          echo "id=$ID" >> $GITHUB_OUTPUT
+      - name: Get version bump type
+        id: bump-type
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.pr.outputs.id }}
+        run: |
+          version_tag=$(
+            curl -s -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/${{ github.repository }}/issues/$PR_NUMBER/labels | \
+            jq -r ".[].name" | grep "version"
+          )
+          # Single Version label Enforcement (should go in CI...)
+          if [[ $(echo $version_tag | wc -w) -gt 1 ]]; then
+              echo "[!] multiple version labels found!"
+              exit 1
+          fi
+          version_type=$(echo $version_tag | cut -d ":" -f 2)
+          echo "Version Bump Type: $version_type"
+          echo "type=$version_type" >> $GITHUB_OUTPUT

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.github/workflows/cd.yml RENAMED Viewed

@@ -1,40 +1,50 @@
----
 name: CD
-run-name: CD ${{ inputs.release_type }}
 on:
-  push:
+  pull_request:
+    types:
+      - closed
     branches:
       - main
     paths:
       - "src/**"
-  workflow_dispatch:
-    inputs:
-      release_type:
-        description: 'Release type'
-        required: true
-        type: choice
-        default: 'Dry Run'
-        options:
-          - 'Dry Run'
-          - 'Release'
 jobs:
   version-type:
+    name: Get version type
+    if: github.event.pull_request.merged == true
     uses: ./.github/workflows/_version_type.yml
   version-bump:
     name: Version bump
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-22.04
     needs: version-type
     outputs:
       version: ${{ steps.get-version.outputs.version }}
     steps:
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase,
+            github-pat-bitwarden-devops-bot-repo-scope"
       - name: Check out repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
       - name: Set up Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version-file: ".python-version"
@@ -53,22 +63,8 @@ jobs:
           VERSION=$(hatch version)
           echo "version=$VERSION" >> $GITHUB_OUTPUT
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key,
-            github-gpg-private-key-passphrase,
-            github-pat-bitwarden-devops-bot-repo-scope"
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
         with:
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
@@ -84,41 +80,41 @@ jobs:
         env:
           OLD_VERSION: ${{ env.OLD_VERSION }}
           VERSION: ${{ steps.get-version.outputs.version }}
-        if: ${{ github.event_name == 'push' }} || ${{ inputs.release_type != 'Dry Run' }}
         run: |
           git commit -am "Bump version from $OLD_VERSION to $VERSION"
-          git tag $VERSION
+          git tag v$VERSION
           git push
           git push --tags
   release:
     name: GitHub release
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-22.04
     needs: version-bump
-    if: ${{ github.event_name == 'push' }} || ${{ inputs.release_type != 'Dry Run' }}
     steps:
       - name: Check out repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Create GitHub release
         uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
         with:
           commit: ${{ github.sha }}
-          tag: v${{ steps.version-bump.outputs.version }}
-          name: Version version-bump
+          tag: v${{ steps.get-version.outputs.version }}
+          name: v${{ steps.get-version.outputs.version }}
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: false
   deploy:
     name: Deploy workflow-linter (v2)
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-22.04
     needs: version-bump
     steps:
       - name: Check out repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version-file: ".python-version"
@@ -135,22 +131,13 @@ jobs:
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: "bitwarden-ci"
-          secrets: "pypi-api-token,
-            pypi-test-api-token"
+          secrets: "pypi-api-token"
       - name: Build
         run: hatch build
       - name: Publish
-        if: ${{ github.event_name == 'push' }} || ${{ inputs.release_type != 'Dry Run' }}
         env:
           HATCH_INDEX_USER: __token__
           HATCH_INDEX_AUTH: ${{ steps.retrieve-secret.outputs.pypi-api-token }}
         run: hatch publish
-      - name: Dry Run - Publish
-        if: ${{ github.event_name == 'workflow_dispatch' }} && ${{ inputs.release_type == 'Dry Run' }}
-        env:
-          HATCH_INDEX_USER: __token__
-          HATCH_INDEX_AUTH: ${{ steps.retrieve-secret.outputs.pypi-test-api-token }}
-        run: hatch publish -r test

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.github/workflows/ci.yml RENAMED Viewed

@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check out repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version-file: ".python-version"

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.github/workflows/enforce-labels.yml RENAMED Viewed

@@ -1,4 +1,3 @@
----
 name: Enforce PR labels
 on:
@@ -9,7 +8,7 @@ jobs:
     uses: bitwarden/gh-actions/.github/workflows/_enforce-labels.yml@main
   enforce-version-label:
-    if: ${{ !contains(github.event.*.labels.*.name, 'version') }}
+    if: "!(contains(github.event.pull_request.labels.*.name, 'version:major') || contains(github.event.pull_request.labels.*.name, 'version:minor') || contains(github.event.pull_request.labels.*.name, 'version:patch'))"
     name: Enforce version label
     runs-on: ubuntu-22.04

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.github/workflows/scan.yml RENAMED Viewed

@@ -26,12 +26,12 @@ jobs:
     steps:
       - name: Check out repo
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{  github.event.pull_request.head.sha }}
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@831a8d51a8a0535c0399f9c12728d8d3cc22d850 # 2.0.28
+        uses: checkmarx/ast-github-action@f0869bd1a37fddc06499a096101e6c900e815d81 # 2.0.36
         env:
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
         with:
@@ -46,7 +46,7 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           sarif_file: cx_result.sarif
@@ -60,13 +60,13 @@ jobs:
     steps:
       - name: Check out repo
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           ref: ${{  github.event.pull_request.head.sha }}
       - name: Scan with SonarCloud
-        uses: sonarsource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 # v2.2.0
+        uses: sonarsource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 # v3.1.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/.gitignore RENAMED Viewed

@@ -30,3 +30,8 @@ dist
 ## Dev Environments
 Session.vim
 flake.*
+# Python
+**/__pycache__/**
+*.pyc

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: bitwarden_workflow_linter
-Version: 0.0.3
+Version: 0.0.4
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues
@@ -66,6 +66,7 @@ enabled_rules:
     - bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
     - bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
     - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+    - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
 approved_actions_path: default_actions.json
 ```
@@ -177,6 +178,9 @@ By default, a new Rule needs five things:
 not support Rules that check against multiple objects at a time OR file level formatting (one empty between each step or
 two empty lines between each job)
+To activate a rule after implementing it, add it to `settings.yaml` in the project's base folder
+and `src/bitwarden_workflow_linter/default_settings.yaml` to make the rule default
 ### ToDo
 -   [ ] Add Rule to assert correct format for single line run

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/README.md RENAMED Viewed

@@ -40,6 +40,7 @@ enabled_rules:
     - bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
     - bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
     - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+    - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
 approved_actions_path: default_actions.json
 ```
@@ -151,6 +152,9 @@ By default, a new Rule needs five things:
 not support Rules that check against multiple objects at a time OR file level formatting (one empty between each step or
 two empty lines between each job)
+To activate a rule after implementing it, add it to `settings.yaml` in the project's base folder
+and `src/bitwarden_workflow_linter/default_settings.yaml` to make the rule default
 ### ToDo
 -   [ ] Add Rule to assert correct format for single line run

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/package-lock.json RENAMED Viewed

@@ -10,8 +10,8 @@
       "license": "SEE LICENSE IN LICENSE.txt",
       "devDependencies": {
         "husky": "9.0.11",
-        "lint-staged": "15.2.5",
-        "prettier": "3.2.5"
+        "lint-staged": "15.2.7",
+        "prettier": "3.3.2"
       }
     },
     "node_modules/ansi-escapes": {
@@ -322,9 +322,9 @@
       }
     },
     "node_modules/lint-staged": {
-      "version": "15.2.5",
-      "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.5.tgz",
-      "integrity": "sha512-j+DfX7W9YUvdzEZl3Rk47FhDF6xwDBV5wwsCPw6BwWZVPYJemusQmvb9bRsW23Sqsaa+vRloAWogbK4BUuU2zA==",
+      "version": "15.2.7",
+      "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.7.tgz",
+      "integrity": "sha512-+FdVbbCZ+yoh7E/RosSdqKJyUM2OEjTciH0TFNkawKgvFp1zbGlEC39RADg+xKBG1R4mhoH2j85myBQZ5wR+lw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -543,9 +543,9 @@
       }
     },
     "node_modules/prettier": {
-      "version": "3.2.5",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.2.5.tgz",
-      "integrity": "sha512-3/GWa9aOC0YeD7LUfvOG2NiDyhOWRvt1k+rcKhOuYnMY24iiCphgneUfJDyFXd6rZCAnuLBv6UeAULtrhT/F4A==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.2.tgz",
+      "integrity": "sha512-rAVeHYMcv8ATV5d508CFdn+8/pHPpXeIid1DdrPwXnaAdH7cqjVbpJaT5eq4yRAFU/lsbwYwSF/n5iNrdJHPQA==",
       "dev": true,
       "license": "MIT",
       "bin": {

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/package.json RENAMED Viewed

@@ -14,8 +14,8 @@
   "homepage": "https://bitwarden.com",
   "devDependencies": {
     "husky": "9.0.11",
-    "lint-staged": "15.2.5",
-    "prettier": "3.2.5"
+    "lint-staged": "15.2.7",
+    "prettier": "3.3.2"
   },
   "lint-staged": {
     "!(*.py)": "prettier --cache --write --ignore-unknown",

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/settings.yaml RENAMED Viewed

@@ -4,5 +4,6 @@ enabled_rules:
   - bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
   - bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
   - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+  - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
 approved_actions_path: default_actions.json

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/__about__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
-__version__ = "0.0.3"
+__version__ = "0.0.4"

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/actions.py RENAMED Viewed

@@ -11,13 +11,11 @@ from typing import Optional, Union
 from .utils import Colors, Settings, Action
 class GitHubApiSchemaError(Exception):
     """A generic Exception to catch redefinitions of GitHub Api Schema changes."""
     pass
 class ActionsCmd:
     """Command to manage the pre-approved list of Actions

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/cli.py RENAMED Viewed

@@ -9,10 +9,8 @@ from .actions import ActionsCmd
 from .lint import LinterCmd
 from .utils import Settings
 local_settings = Settings.factory()
 def main(input_args: Optional[List[str]] = None) -> int:
     """CLI utility to lint GitHub Action Workflows.
@@ -50,6 +48,5 @@ def main(input_args: Optional[List[str]] = None) -> int:
     return -1
 if __name__ == "__main__":
     sys.exit(main())

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/default_settings.yaml RENAMED Viewed

@@ -4,5 +4,6 @@ enabled_rules:
   - bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
   - bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
   - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+  - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
 approved_actions_path: default_actions.json

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/lint.py RENAMED Viewed

@@ -10,7 +10,6 @@ from typing import Optional
 from .load import WorkflowBuilder, Rules
 from .utils import LintFinding, Settings
 class LinterCmd:
     """Command to lint GitHub Action Workflow files

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/load.py RENAMED Viewed

@@ -13,16 +13,13 @@ from .models.workflow import Workflow
 from .rule import Rule
 from .utils import Settings
 yaml = YAML()
 class WorkflowBuilderError(Exception):
     """Exception to indicate an error with the WorkflowBuilder."""
     pass
 class WorkflowBuilder:
     """Collection of methods to build Workflow objects."""
@@ -85,13 +82,11 @@ class WorkflowBuilder:
             "The workflow must either be built from a file or from a CommentedMap"
         )
 class LoadRulesError(Exception):
     """Exception to indicate an error with loading rules."""
     pass
 class Rules:
     """A collection of all of the types of rules.

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/models/job.py RENAMED Viewed

@@ -30,6 +30,7 @@ class Job:
     uses_with: Optional[CommentedMap] = field(
         metadata=config(field_name="with"), default=None
     )
+    outputs: Optional[CommentedMap] = None
     @classmethod
     def init(cls: Self, key: str, data: CommentedMap) -> Self:
@@ -39,6 +40,7 @@ class Job:
             "name": data["name"] if "name" in data else None,
             "runs-on": data["runs-on"] if "runs-on" in data else None,
             "env": data["env"] if "env" in data else None,
+            "outputs": data["outputs"] if "outputs" in data else None,
         }
         new_job = cls.from_dict(init_data)

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/rule.py RENAMED Viewed

@@ -7,13 +7,11 @@ from .models.job import Job
 from .models.step import Step
 from .utils import LintFinding, LintLevels, Settings
 class RuleExecutionException(Exception):
     """Exception for the Base Rule class."""
     pass
 class Rule:
     """Base class of a Rule to extend to create a linting Rule."""

bitwarden_workflow_linter-0.0.4/src/bitwarden_workflow_linter/rules/underscore_outputs.py ADDED Viewed

@@ -0,0 +1,111 @@
+import re
+from typing import Optional, Union, Tuple
+from ..models.job import Job
+from ..rule import Rule
+from ..models.workflow import Workflow
+from ..models.step import Step
+from ..utils import LintLevels, Settings
+class RuleUnderscoreOutputs(Rule):
+    """Rule to enforce all GitHub 'outputs' more than one words contain an underscore.
+    A simple standard to ensure uniformity in naming.
+    """
+    def __init__(self, settings: Optional[Settings] = None) -> None:
+        """Constructor for RuleUnderscoreOutputs to override the Rule class.
+        Args:
+          settings:
+            A Settings object that contains any default, overridden, or custom settings
+            required anywhere in the application.
+        """
+        self.message = "outputs with more than one word must use an underscore"
+        self.on_fail = LintLevels.WARNING
+        self.compatibility = [Workflow, Job, Step]
+        self.settings = settings
+    def fn(self, obj: Union[Workflow, Job, Step]) -> Tuple[bool, str]:
+        """Enforces all outputs to have an underscore in the key name.
+        This Rule checks all outputs in a Workflow, Job, or Step to ensure that
+        the key name contains an underscore. This is to ensure that the naming
+        convention is consistent across all outputs in the workflow configuration
+        Example:
+        ---
+        on:
+          workflow_dispatch:
+            outputs:
+              registry:
+                value: 'Test Value'
+              some_registry:
+                value: 'Test Value'
+          workflow_call:
+            outputs:
+              registry:
+                value: 'Test Value'
+              some_registry:
+                value: 'Test Value'
+        jobs:
+          job-key:
+            runs-on: ubuntu-22.04
+            outputs:
+              test_key_job: ${{ steps.test_output_1.outputs.test_key }}
+            steps:
+              - name: Test output in one-line run step
+                id: test_output_1
+                run: echo "test_key_1=Test-Value1" >> $GITHUB_OUTPUT
+              - name: Test output in multi-line run step
+                id: test_output_2
+                run: |
+                  echo
+                  fake-command=Test-Value2
+                  echo "test_key_2=$REF" >> $GITHUB_OUTPUT
+                  echo "deployed_ref=$DEPLOYED_REF" >> $GITHUB_OUTPUT
+              - name: Test step with no run
+                id: test_output_3
+                uses: actions/checkout@v2
+                with:
+                  ref: ${{ github.ref }}
+                  fetch-depth: 0
+        In this example, in workflow level 'registry' and 'some_registry' are outputs
+        that satisfy the rule in both 'workflow_dispatch' and 'workflow_call' events.
+        In job level 'test_key_job' satisfies the rule.
+        In step level 'test_key_1', 'test_key_2', and 'deployed_ref' satisfy the rule.
+        See tests/rules/test_underscore_outputs.py for incorrect examples.
+        """
+        outputs = []
+        if isinstance(obj, Workflow):
+            if obj.on.get("workflow_dispatch"):
+                outputs.extend(obj.on["workflow_dispatch"]["outputs"].keys())
+            if obj.on.get("workflow_call"):
+                outputs.extend(obj.on["workflow_call"]["outputs"].keys())
+        if isinstance(obj, Job):
+            if obj.outputs:
+                outputs.extend(obj.outputs.keys())
+        if isinstance(obj, Step):
+            if obj.run:
+                outputs.extend(re.findall(
+                    r"\b([a-zA-Z0-9_-]+)\s*=\s*[^=]*>>\s*\$GITHUB_OUTPUT",
+                    obj.run))
+        for output_name in outputs:
+            if "-" in output_name:
+                return False, (
+                    f"Hyphen found in {obj.__class__.__name__} output: {output_name}"
+                )
+        return True, ""

{bitwarden_workflow_linter-0.0.3 → bitwarden_workflow_linter-0.0.4}/src/bitwarden_workflow_linter/utils.py RENAMED Viewed

@@ -10,10 +10,8 @@ from typing import Optional, Self, TypeVar
 from ruamel.yaml import YAML
 yaml = YAML()
 @dataclass
 class Colors:
     """Class containing color codes for printing strings to output."""
@@ -27,7 +25,6 @@ class Colors:
     cyan = "36m"
     white = "37m"
 @dataclass
 class LintLevel:
     """Class to contain the numeric level and color of linting."""
@@ -35,7 +32,6 @@ class LintLevel:
     code: int
     color: Colors
 class LintLevels(LintLevel, Enum):
     """Collection of the different types of LintLevels available."""
@@ -43,7 +39,6 @@ class LintLevels(LintLevel, Enum):
     WARNING = 1, Colors.yellow
     ERROR = 2, Colors.red
 class LintFinding:
     """Represents a problem detected by linting."""
@@ -62,7 +57,6 @@ class LintFinding:
             f"{self.description}"
         )
 @dataclass
 class Action:
     """Collection of the metadata associated with a GitHub Action."""
@@ -99,16 +93,13 @@ class Action:
         """
         return not self.__eq__(other)
 class SettingsError(Exception):
     """Custom Exception to indicate an error with loading Settings."""
     pass
 SettingsFromFactory = TypeVar("SettingsFromFactory", bound="Settings")
 class Settings:
     """Class that contains configuration-as-code for any portion of the app."""

bitwarden_workflow_linter-0.0.4/tests/fixtures/test-outputs-incorrect.yml ADDED Viewed

@@ -0,0 +1,45 @@
+---
+name: Test Incorrect Workflow
+on:
+  workflow_dispatch:
+    outputs:
+      registry-1:
+        value: 'Test Value'
+      some_registry-1:
+        value: 'Test Value'
+  workflow-call:
+    outputs:
+      registry-2:
+        value: 'Test Value'
+  push: {}
+jobs:
+  job-key:
+    name: Test Incorrect Job
+    runs-on: ubuntu-22.04
+    outputs:
+      test-key-1: ${{ steps.test_output_1.outputs.test_key }}
+    steps:
+      - name: Test output in one-line run step
+        id: test_output_1
+        run: echo "test-key-1=Test-Value1" >> $GITHUB_OUTPUT
+      - name: Test output in multi-line run step
+        id: test_output_2
+        run: |
+          echo
+          fake-command
+          echo "test-key-2=$REF" >> $GITHUB_OUTPUT
+          echo "deployed-ref=$DEPLOYED_REF" >> $GITHUB_OUTPUT
+      - name: Test step with one-line run and no Output
+        id: test_output_3
+        run: echo "test-key-3"
+      - name: Test step with multi-line run and no Output
+        id: test_output_4
+        run: |
+          echo
+          fake-command=Test-Value4
+          echo "test-key-4"
+          echo "deployed-ref"

bitwarden_workflow_linter-0.0.4/tests/rules/test_underscore_output.py ADDED Viewed

@@ -0,0 +1,259 @@
+"""Test src/bitwarden_workflow_linter/rules/underscore_outputs.py."""
+import pytest
+from ruamel.yaml import YAML
+from src.bitwarden_workflow_linter.load import WorkflowBuilder
+from src.bitwarden_workflow_linter.rules.underscore_outputs import RuleUnderscoreOutputs
+yaml = YAML()
+@pytest.fixture(name="correct_workflow")
+def fixture_correct_workflow():
+    workflow = """\
+---
+name: Test Correct Workflow
+on:
+  workflow_dispatch:
+    outputs:
+      registry:
+        value: 'Test Value'
+      some_registry:
+        value: 'Test Value'
+  workflow_call:
+    outputs:
+      registry:
+        value: 'Test Value'
+      some_registry:
+        value: 'Test Value'
+  push: {}
+jobs:
+  job-key:
+    name: Test Correct Job
+    runs-on: ubuntu-22.04
+    outputs:
+      test_key_job: ${{ steps.test_output_1.outputs.test_key }}
+    steps:
+      - name: Test output in one-line run step
+        id: test_output_1
+        run: echo "test_key_1=Test-Value1" >> $GITHUB_OUTPUT
+      - name: Test output in multi-line run step
+        id: test_output_2
+        run: |
+          echo
+          fake-command=Test-Value2
+          echo "test_key_2=$REF" >> $GITHUB_OUTPUT
+          echo "deployed_ref=$DEPLOYED_REF" >> $GITHUB_OUTPUT
+      - name: Test step with one-line run and no Output
+        id: test_output_3
+        run: echo "test_key_3"
+      - name: Test step with multi-line run and no Output
+        id: test_output_4
+        run: |
+          echo
+          fake-command=Test-Value4
+          echo "test_key_4"
+          echo "deployed_ref"
+      - name: Test step with no run
+        id: test_output_5
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+"""
+    return WorkflowBuilder.build(workflow=yaml.load(workflow), from_file=False)
+@pytest.fixture(name="incorrect_workflow")
+def fixture_incorrect_workflow():
+    workflow = """\
+---
+name: Test Incorrect Workflow
+on:
+  workflow_dispatch:
+    outputs:
+      registry-1:
+        value: 'Test Value'
+      some_registry-1:
+        value: 'Test Value'
+  workflow_call:
+    outputs:
+      registry-2:
+        value: 'Test Value'
+  push: {}
+jobs:
+  job-key:
+    name: Test Incorrect Job
+    runs-on: ubuntu-22.04
+    outputs:
+      test-key-1: ${{ steps.test_output_1.outputs.test_key }}
+    steps:
+      - name: Test output in one-line run step
+        id: test_output_1
+        run: echo "test-key-1=Test-Value1" >> $GITHUB_OUTPUT
+      - name: Test output in multi-line run step
+        id: test_output_2
+        run: |
+          echo
+          fake-command
+          echo "test-key-2=$REF" >> $GITHUB_OUTPUT
+          echo "deployed-ref=$DEPLOYED_REF" >> $GITHUB_OUTPUT
+      - name: Test step with one-line run and no Output
+        id: test_output_3
+        run: echo "test-key-3"
+      - name: Test step with multi-line run and no Output
+        id: test_output_4
+        run: |
+          echo
+          fake-command=Test-Value4
+          echo "test-key-4"
+          echo "deployed-ref"
+"""
+    return WorkflowBuilder.build(workflow=yaml.load(workflow), from_file=False)
+@pytest.fixture(name="push_only_workflow")
+def fixture_push_only_workflow():
+    workflow = """\
+---
+name: Push Only
+on:
+  push: {}
+jobs:
+  job-key:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo test
+"""
+    return WorkflowBuilder.build(workflow=yaml.load(workflow), from_file=False)
+@pytest.fixture(name="misc_workflow")
+def fixture_misc_workflow():
+    workflow = """\
+---
+name: Misc Workflow
+on:
+  push: {}
+jobs:
+  job-key:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Test Step
+        run: |
+          echo "test_value=$does_it_break" >> /tmp/test
+      - name: Test Step 2
+        run: |
+          TEST_FILE=/tmp/test2
+          echo "test_value=$does_it_break" >> $TEST_FILE
+"""
+    return WorkflowBuilder.build(workflow=yaml.load(workflow), from_file=False)
+@pytest.fixture(name="no_output_workflow")
+def fixture_no_output_workflow():
+    workflow = """\
+---
+name: No Output Workflow
+on:
+  workflow_dispatch: {}
+  workflow_call: {}
+jobs:
+  job-key:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo test
+"""
+    return WorkflowBuilder.build(workflow=yaml.load(workflow), from_file=False)
+@pytest.fixture(name="rule")
+def fixture_rule():
+    return RuleUnderscoreOutputs()
+def test_rule_on_correct_workflow(rule, correct_workflow):
+    result, _ = rule.fn(correct_workflow)
+    assert result is True
+def test_rule_on_incorrect_workflow(rule, incorrect_workflow):
+    result, _ = rule.fn(incorrect_workflow)
+    assert result is False
+def test_rule_on_correct_job(rule, correct_workflow):
+    result, _ = rule.fn(correct_workflow.jobs["job-key"])
+    assert result is True
+def test_rule_on_incorrect_job(rule, incorrect_workflow):
+    result, _ = rule.fn(incorrect_workflow.jobs["job-key"])
+    assert result is False
+def test_rule_on_correct_step(rule, correct_workflow):
+    result, _ = rule.fn(correct_workflow.jobs["job-key"].steps[0])
+    assert result is True
+    result, _ = rule.fn(correct_workflow.jobs["job-key"].steps[1])
+    assert result is True
+    result, _ = rule.fn(correct_workflow.jobs["job-key"].steps[2])
+    assert result is True
+    result, _ = rule.fn(correct_workflow.jobs["job-key"].steps[3])
+    assert result is True
+    result, _ = rule.fn(correct_workflow.jobs["job-key"].steps[4])
+    assert result is True
+def test_rule_on_incorrect_step(rule, incorrect_workflow):
+    result, _ = rule.fn(incorrect_workflow.jobs["job-key"].steps[0])
+    assert result is False
+    result, message = rule.fn(incorrect_workflow.jobs["job-key"].steps[1])
+    assert result is False
+    assert message == "Hyphen found in Step output: test-key-2"
+    result, _ = rule.fn(incorrect_workflow.jobs["job-key"].steps[2])
+    assert result is True
+    result, _ = rule.fn(incorrect_workflow.jobs["job-key"].steps[3])
+    assert result is True
+def test_rule_on_push_only_workflow(rule, push_only_workflow):
+    result, _ = rule.fn(push_only_workflow)
+    assert result is True
+def test_rule_on_misc_workflow(rule, misc_workflow):
+    result, _ = rule.fn(misc_workflow.jobs["job-key"].steps[0])
+    assert result is True
+    result, _ = rule.fn(misc_workflow.jobs["job-key"].steps[1])
+    assert result is True
+def test_rule_on_no_output_workflow(rule, no_output_workflow):
+    result, _ = rule.fn(no_output_workflow)
+    assert result is True

bitwarden_workflow_linter-0.0.3/.github/workflows/_version_type.yml DELETED Viewed

@@ -1,60 +0,0 @@
----
-name: _version_type
-run-name: Get version type
-on:
-  workflow_call:
-    outputs:
-      version_bump_type:
-        description: "version to be built"
-        value: ${{ jobs.version.outputs.bump_type }}
-jobs:
-  version:
-    name: Calculate Version
-    runs-on: ubuntu-22.04
-    outputs:
-      bump_type: ${{ steps.bump-type.outputs.type }}
-    steps:
-      # - name: Get PR ID
-      #   id: pr
-      #   env:
-      #     GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #   run: |
-      #     commit_message=$(
-      #       curl -s -L \
-      #         -H "Accept: application/vnd.github+json" \
-      #         -H "Authorization: Bearer $GH_TOKEN" \
-      #         -H "X-GitHub-Api-Version: 2022-11-28" \
-      #         https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} | \
-      #       jq -r ".commit.message"
-      #     )
-      #     ID=$(echo "$commit_message" | head -1 | grep -o "(#.*)" | grep -o "[0-9]*")
-      #     echo "id=$ID" >> $GITHUB_OUTPUT
-      - name: Get version bump type
-        id: bump-type
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ steps.pr.outputs.id }}
-        run: |
-          # version_tag=$(
-          #   curl -s -L \
-          #     -H "Accept: application/vnd.github+json" \
-          #     -H "Authorization: Bearer $GH_TOKEN" \
-          #     -H "X-GitHub-Api-Version: 2022-11-28" \
-          #     https://api.github.com/repos/${{ github.repository }}/issues/$PR_NUMBER/labels | \
-          #   jq -r ".[].name" | grep "version"
-          # )
-          version_tag="version:patch"
-          # Single Version label Enforcement (should go in CI...)
-          if [[ $(echo $version_tag | wc -w) -gt 1 ]]; then
-              echo "[!] multiple version labels found!"
-              exit 1
-          fi
-          version_type=$(echo $version_tag | cut -d ":" -f 2)
-          echo "Version Bump Type: $version_type"
-          echo "type=$version_type" >> $GITHUB_OUTPUT