bitwarden_workflow_linter 0.14.3__py3-none-any.whl → 0.14.5__py3-none-any.whl

bitwarden_workflow_linter/__about__.py

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
 
-__version__ = "0.14.3"
+__version__ = "0.14.5"

bitwarden_workflow_linter/default_settings.yaml

@@ -21,3 +21,4 @@ enabled_rules:
       level: warning
 
 approved_actions_path: default_actions.json
+default_branch: main

bitwarden_workflow_linter/models/job.py

@@ -32,6 +32,7 @@ class Job:
         metadata=config(field_name="with"), default=None
     )
     outputs: Optional[CommentedMap] = None
+    permissions: Optional[object] = None  # This can be a CommentedMap or a string
 
     @classmethod
     def parse_needs(cls: Self, value):
@@ -50,6 +51,7 @@ class Job:
             "env": data["env"] if "env" in data else None,
             "needs": Job.parse_needs(data["needs"]) if "needs" in data else None,
             "outputs": data["outputs"] if "outputs" in data else None,
+            "permissions": data["permissions"] if "permissions" in data else None,
         }
 
         new_job = cls.from_dict(init_data)

bitwarden_workflow_linter/rules/check_pr_target.py

@@ -27,16 +27,12 @@ class RuleCheckPrTarget(Rule):
         self.compatibility = [Workflow]
         self.settings = settings
 
-    def targets_main_branch(self, obj:Workflow) -> bool:
-        if obj.on["pull_request_target"].get("branches"):
-            branches_list = obj.on["pull_request_target"].get("branches")
-            if isinstance(branches_list, str):
-                branches_list = [branches_list]
-            if any(branch != 'main' for branch in branches_list):
-                return False
-        else:
-            return False
-        return True
+    def targets_main_branch(self, obj: Workflow) -> bool:
+        default_branch = self.settings.default_branch
+        branches = obj.on["pull_request_target"].get("branches", [])
+        if isinstance(branches, str):
+            branches = [branches]
+        return len(branches) == 1 and branches[0] == default_branch
 
     def has_check_run(self, obj: Workflow) -> Tuple[bool, str]:
         for name, job in obj.jobs.items():

bitwarden_workflow_linter/rules/permissions_exist.py

@@ -3,6 +3,7 @@
 from typing import Optional, Tuple
 
 from ..models.workflow import Workflow
+from ..models.job import Job
 from ..rule import Rule
 from ..utils import LintLevels, Settings
 
@@ -26,18 +27,24 @@ class RulePermissionsExist(Rule):
         lint_level: Optional[LintLevels] = LintLevels.NONE,
     ) -> None:
         self.message = (
-            "A top-level permissions section must be configured in the workflow."
+            "All workflows must specify permissions on either workflow or job level"
         )
         self.on_fail = lint_level
         self.compatibility = [Workflow]
         self.settings = settings
 
-    def permissions_exist(self, obj: Workflow) -> bool:
-        if obj.permissions is None:
+    def permissions_exist_on_workflow(self, workflow: Workflow) -> bool:
+        if workflow.permissions is None:
             return False
         return True
 
+    def permissions_exist_on_jobs(self, jobs: list[Job]) -> bool:
+        for job in jobs:
+            if job.permissions is None:
+                return False
+        return True
+
     def fn(self, obj: Workflow) -> Tuple[bool, str]:
-        if not self.permissions_exist(obj):
+        if not self.permissions_exist_on_workflow(obj) and not self.permissions_exist_on_jobs(obj.jobs.values()):
             return False, f"{self.message}"
         return True, ""

bitwarden_workflow_linter/utils.py

@@ -113,12 +113,14 @@ class Settings:
     enabled_rules: list[dict[str, str]]
     approved_actions: dict[str, Action]
     actionlint_version: str
+    default_branch: Optional[str]
 
     def __init__(
         self,
         enabled_rules: Optional[list[dict[str, str]]] = None,
         approved_actions: Optional[dict[str, dict[str, str]]] = None,
         actionlint_version: Optional[str] = None,
+        default_branch: Optional[str] = None,
     ) -> None:
         """Settings object that can be overridden in settings.py.
 
@@ -144,6 +146,7 @@ class Settings:
         self.approved_actions = {
             name: Action(**action) for name, action in approved_actions.items()
         }
+        self.default_branch = default_branch
 
     @staticmethod
     def factory() -> SettingsFromFactory:
@@ -189,9 +192,13 @@ class Settings:
             ) as action_file:
                 settings["approved_actions"] = json.load(action_file)
 
-        
+        default_branch = settings.get("default_branch")
+        if default_branch is None or len(default_branch) == 0:
+            raise Exception("The default_branch is not set in the default_settings.yaml file")        
+
         return Settings(
             enabled_rules=settings["enabled_rules"],
             approved_actions=settings["approved_actions"],
             actionlint_version=actionlint_version,
+            default_branch=default_branch,
         )

{bitwarden_workflow_linter-0.14.3.dist-info → bitwarden_workflow_linter-0.14.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 0.14.3
+Version: 0.14.5
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues

{bitwarden_workflow_linter-0.14.3.dist-info → bitwarden_workflow_linter-0.14.5.dist-info}/RECORD

@@ -1,31 +1,31 @@
-bitwarden_workflow_linter/__about__.py,sha256=asem2m4uuYRLXCcugKMxHXyMF_5ZYE9gYC2di9E3gos,60
+bitwarden_workflow_linter/__about__.py,sha256=2-qa0YjKWSCy2VJpGQ8Oyle8DLLT03zz8T-bUmc9qFI,60
 bitwarden_workflow_linter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bitwarden_workflow_linter/actionlint_version.yaml,sha256=CKhiDwaDBNCExOHTlcpiavfEgf01uG_tTPrgLRaj6_k,28
 bitwarden_workflow_linter/actions.py,sha256=LAn3yQeMMmCOvJWeTn3dE1U2nyEJqIBMwESq3TtY9hE,9069
 bitwarden_workflow_linter/cli.py,sha256=wgkK1MlVbo6Zx3f2CZZ_tkSWq_hdsGciHJA1knX6Yuw,1699
 bitwarden_workflow_linter/default_actions.json,sha256=gfnuWVJwBOnig50x4YTUcrseaxaOVGyFDcYfQVK6Two,13650
-bitwarden_workflow_linter/default_settings.yaml,sha256=XCaRFqdJ_lbNUDlPthySZzF0dGjnpW28iNSRQsJaJJE,1044
+bitwarden_workflow_linter/default_settings.yaml,sha256=EoIQVnZ_WXzoaMyXQjtcNatIXRey2HSfe2ROUlyvSwg,1065
 bitwarden_workflow_linter/lint.py,sha256=R0dXkwir0KzXFHWfWlqpH_CyBwa7O8wHSBTy560u94g,6322
 bitwarden_workflow_linter/load.py,sha256=FWxotIlB0vyKzrVw87sOx3qdRiJG_0hVHRbbLXZY4Sc,5553
 bitwarden_workflow_linter/rule.py,sha256=Qb60JiUDAWN3ayrMGoSbbDCSFmw-ql8djzAkxISaob4,3250
-bitwarden_workflow_linter/utils.py,sha256=8FhDq71kOWqoN61H9Iy10HrFSbdaSjb6QlpjPR8YhQ0,5441
+bitwarden_workflow_linter/utils.py,sha256=KV2Vo-hhNVRWOiIq_y-55li-noMt9F-FFgkJK-nUKJo,5823
 bitwarden_workflow_linter/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-bitwarden_workflow_linter/models/job.py,sha256=d4F0QG35DqaqgfbPa2YDRRxOZZakFDktIOsuUa-BbC8,2387
+bitwarden_workflow_linter/models/job.py,sha256=oqFq8A4JGQplBlaDjUUFV9kWT5rh9A0V6FYGf0IaGg0,2553
 bitwarden_workflow_linter/models/step.py,sha256=j81iWYWcNI9x55n1MOR0N6ogKaQ_4-CKu9LnI_fwEOE,1814
 bitwarden_workflow_linter/models/workflow.py,sha256=lIgGI2cDwC2lTOM-k3fqKgceLdSJ6vhTLCAhaeoD-fc,1645
 bitwarden_workflow_linter/rules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-bitwarden_workflow_linter/rules/check_pr_target.py,sha256=9BHztMzSedmIiFil_qVb3h93-6ku8X8vx06s2FozxHo,3547
+bitwarden_workflow_linter/rules/check_pr_target.py,sha256=lleDloCukjRAI0d54Ne8-yVMw9aNEqB5pGb9cNBuC8k,3430
 bitwarden_workflow_linter/rules/job_environment_prefix.py,sha256=bdE8l4B5DQiCFVmblXTs4ptsHPGvjhJrR5ONo2kRY2U,2757
 bitwarden_workflow_linter/rules/name_capitalized.py,sha256=lGHPi_Ix0DVSzGEdrUm2vAEQD4qQ8dxU1hddsCdqA2w,2126
 bitwarden_workflow_linter/rules/name_exists.py,sha256=kdMIURN3u8qdDvw6YKxg7VF5bkzGxVVXAO3KAqY1-54,1826
-bitwarden_workflow_linter/rules/permissions_exist.py,sha256=_qOonJ0tyIH3Wp0e-0cppyVIbY9Sr7DuZPZdwxjYMaI,1432
+bitwarden_workflow_linter/rules/permissions_exist.py,sha256=vjqyNF9il73JHlvKKlb9vzZ_g4LEPNKOO4-4OnHGCQ8,1737
 bitwarden_workflow_linter/rules/pinned_job_runner.py,sha256=VPQfMu3SgIFdl-B8wOXzzK6tMx2hWWSJbKL5KG3xcaI,1751
 bitwarden_workflow_linter/rules/run_actionlint.py,sha256=m6SaejtkUz704exAiq_ti0d1a0wtDBb7QJE0EsFINv4,4712
 bitwarden_workflow_linter/rules/step_approved.py,sha256=4pUCrOlWomo43bwGBunORphv1RJzc3spRKgZ4VLtDS0,3304
 bitwarden_workflow_linter/rules/step_pinned.py,sha256=MagV8LNdgRKyncmSdH9V-TlIcsdjzoDHDWqovzWon9E,3559
 bitwarden_workflow_linter/rules/underscore_outputs.py,sha256=LoCsDN_EfQ8H9n5BfZ5xCe7BeHqJGPMcV0vo1c9YJcw,4275
-bitwarden_workflow_linter-0.14.3.dist-info/METADATA,sha256=EDCJTrnCsTcKhBsjsXgHO-LHVAqclyJXvj2DwwWZlw8,9797
-bitwarden_workflow_linter-0.14.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-bitwarden_workflow_linter-0.14.3.dist-info/entry_points.txt,sha256=SA_yF9CwL4VMUvdcmCd7k9rjsQNzfeOUBuDnMnaO8QQ,60
-bitwarden_workflow_linter-0.14.3.dist-info/licenses/LICENSE.txt,sha256=uY-7N9tbI7xc_c0WeTIGpacSCnsB91N05eCIg3bkaRw,35140
-bitwarden_workflow_linter-0.14.3.dist-info/RECORD,,
+bitwarden_workflow_linter-0.14.5.dist-info/METADATA,sha256=zzLK5AYnhzG9jd9U62TztYNHmt1vPEXTW4Z0M9DDRbo,9797
+bitwarden_workflow_linter-0.14.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+bitwarden_workflow_linter-0.14.5.dist-info/entry_points.txt,sha256=SA_yF9CwL4VMUvdcmCd7k9rjsQNzfeOUBuDnMnaO8QQ,60
+bitwarden_workflow_linter-0.14.5.dist-info/licenses/LICENSE.txt,sha256=uY-7N9tbI7xc_c0WeTIGpacSCnsB91N05eCIg3bkaRw,35140
+bitwarden_workflow_linter-0.14.5.dist-info/RECORD,,