PyPI - bitwarden_workflow_linter - Versions diffs - 0.14.3__tar.gz → 0.14.4__tar.gz - Mend

bitwarden_workflow_linter 0.14.3tar.gz → 0.14.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/.github/workflows/examples/ci.yaml RENAMED Viewed

@@ -6,11 +6,13 @@ name: CI
 on:
   workflow_dispatch:  # Allows you to run this workflow manually from the Actions tab
+  workflow_call: # Allows this workflow to be called from another workflow
   pull_request:  # When a pull request event occurs
 permissions:  # Sets permissions of the GITHUB_TOKEN
   checks: write  # Permits an action to create a check run
   contents: read  # For actions to fetch code and list commits
+  packages: read  # For actions to fetch packages
   id-token: write  # Required to fetch an OpenID Connect (OIDC) token
   pull-requests: write  # Permits an action to add a label to a pull request

bitwarden_workflow_linter-0.14.4/.github/workflows/examples/pull_request_target.yml ADDED Viewed

@@ -0,0 +1,33 @@
+# This workflow is intended to be run when we need to build the client and produce artifacts that require secrets
+# when the PR source branch does not have access to secrets (e.g. a fork).
+# This workflow will run in the context of the target of the PR and have access to secrets.
+# This should only be done after reviewing the PR to ensure that no malicious code has been introduced,
+# as it could allow the code on the forked branch to have access to workflow secrets.
+name: Build Thing on PR Target
+permissions:
+  checks: read
+  contents: read
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+defaults:
+  run:
+    shell: bash
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+  run-workflow:
+    name: Build Thing
+    needs: check-run
+    if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+    uses: ./.github/workflows/examples/ci.yaml
+    secrets: inherit

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 0.14.3
+Version: 0.14.4
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/settings.yaml RENAMED Viewed

@@ -21,3 +21,4 @@ enabled_rules:
       level: warning
 approved_actions_path: default_actions.json
+default_branch: main

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/src/bitwarden_workflow_linter/__about__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
-__version__ = "0.14.3"
+__version__ = "0.14.4"

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/src/bitwarden_workflow_linter/default_settings.yaml RENAMED Viewed

@@ -21,3 +21,4 @@ enabled_rules:
       level: warning
 approved_actions_path: default_actions.json
+default_branch: main

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/src/bitwarden_workflow_linter/rules/check_pr_target.py RENAMED Viewed

@@ -27,16 +27,12 @@ class RuleCheckPrTarget(Rule):
         self.compatibility = [Workflow]
         self.settings = settings
-    def targets_main_branch(self, obj:Workflow) -> bool:
-        if obj.on["pull_request_target"].get("branches"):
-            branches_list = obj.on["pull_request_target"].get("branches")
-            if isinstance(branches_list, str):
-                branches_list = [branches_list]
-            if any(branch != 'main' for branch in branches_list):
-                return False
-        else:
-            return False
-        return True
+    def targets_main_branch(self, obj: Workflow) -> bool:
+        default_branch = self.settings.default_branch
+        branches = obj.on["pull_request_target"].get("branches", [])
+        if isinstance(branches, str):
+            branches = [branches]
+        return len(branches) == 1 and branches[0] == default_branch
     def has_check_run(self, obj: Workflow) -> Tuple[bool, str]:
         for name, job in obj.jobs.items():

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/src/bitwarden_workflow_linter/utils.py RENAMED Viewed

@@ -113,12 +113,14 @@ class Settings:
     enabled_rules: list[dict[str, str]]
     approved_actions: dict[str, Action]
     actionlint_version: str
+    default_branch: Optional[str]
     def __init__(
         self,
         enabled_rules: Optional[list[dict[str, str]]] = None,
         approved_actions: Optional[dict[str, dict[str, str]]] = None,
         actionlint_version: Optional[str] = None,
+        default_branch: Optional[str] = None,
     ) -> None:
         """Settings object that can be overridden in settings.py.
@@ -144,6 +146,7 @@ class Settings:
         self.approved_actions = {
             name: Action(**action) for name, action in approved_actions.items()
         }
+        self.default_branch = default_branch
     @staticmethod
     def factory() -> SettingsFromFactory:
@@ -189,9 +192,13 @@ class Settings:
             ) as action_file:
                 settings["approved_actions"] = json.load(action_file)
+        default_branch = settings.get("default_branch")
+        if default_branch is None or len(default_branch) == 0:
+            raise Exception("The default_branch is not set in the default_settings.yaml file")
         return Settings(
             enabled_rules=settings["enabled_rules"],
             approved_actions=settings["approved_actions"],
             actionlint_version=actionlint_version,
+            default_branch=default_branch,
         )

{bitwarden_workflow_linter-0.14.3 → bitwarden_workflow_linter-0.14.4}/tests/rules/test_check_pr_target.py RENAMED Viewed

@@ -3,11 +3,14 @@
 import pytest
 from ruamel.yaml import YAML
+from unittest.mock import patch
 from src.bitwarden_workflow_linter.load import WorkflowBuilder
 from src.bitwarden_workflow_linter.rules.check_pr_target import (
     RuleCheckPrTarget,
 )
+from src.bitwarden_workflow_linter.models.workflow import Workflow
+from src.bitwarden_workflow_linter.utils import Settings
 yaml = YAML()
 message = "A check-run job must be included as a direct job dependency when pull_request_target is used and the workflow may only apply to runs on the main branch"
@@ -232,14 +235,65 @@ jobs:
 @pytest.fixture(name="rule")
 def fixture_rule():
-    return RuleCheckPrTarget()
+  settings= Settings(default_branch="main")
+  return RuleCheckPrTarget(settings=settings)
+@pytest.fixture
+def mock_workflow():
+    return Workflow(
+        on={
+            "pull_request_target": {
+                "branches": ["main"]
+            }
+        },
+        jobs={}
+    )
+def test_targets_main_branch_with_settings_yaml(mock_workflow):
+    settings = Settings(default_branch="main")
+    rule = RuleCheckPrTarget(settings=settings)
+    assert rule.targets_main_branch(mock_workflow) is True
+def test_targets_custom_default_branch(mock_workflow):
+    settings = Settings(
+        enabled_rules=[],
+        approved_actions={},
+        actionlint_version="",
+        default_branch="production"
+    )
+    rule = RuleCheckPrTarget(settings=settings)
+    mock_workflow.on["pull_request_target"]["branches"] = ["production"]
+    assert rule.targets_main_branch(mock_workflow) is True
+def test_targets_main_branch_no_default_branch(mock_workflow):
+    # Mock the factory method to simulate loading default settings
+    with patch("src.bitwarden_workflow_linter.utils.Settings.factory") as mock_factory:
+        # Simulate the default settings returned by the factory
+        mock_factory.return_value = Settings(default_branch="main")
+        # Use the mocked factory to create the Settings instance
+        settings = Settings.factory()
+        rule = RuleCheckPrTarget(settings=settings)
+        # Assert that the workflow targets the main branch
+        assert rule.targets_main_branch(mock_workflow) is True
+def test_targets_main_branch_incorrect_branch(mock_workflow):
+    settings = Settings({"default_branch": "main"})
+    rule = RuleCheckPrTarget(settings=settings)
+    mock_workflow.on["pull_request_target"]["branches"] = ["feature"]
+    assert rule.targets_main_branch(mock_workflow) is False
+def test_targets_main_branch_no_branches_specified(mock_workflow):
+    settings = Settings({"default_branch": "main"})
+    rule = RuleCheckPrTarget(settings=settings)
+    mock_workflow.on["pull_request_target"].pop("branches")
+    assert rule.targets_main_branch(mock_workflow) is False
 def test_rule_on_correct_workflow(rule, correct_workflow):
     result, message = rule.fn(correct_workflow)
     assert result is True
     assert message == ""
 def test_rule_on_no_checkworkflow(rule, no_check_workflow):
     result, message = rule.fn(no_check_workflow)
     assert result is False