PyPI - bitwarden_workflow_linter - Versions diffs - 0.4.6__tar.gz → 0.5.0__tar.gz - Mend

bitwarden_workflow_linter 0.4.6tar.gz → 0.5.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/.gitignore RENAMED Viewed

@@ -12,7 +12,7 @@ Thumbs.db
 *.sublime-workspace
 # Visual Studio Code
-.vscode/*
+.vscode
 !.vscode/settings.json
 !.vscode/tasks.json
 !.vscode/launch.json
@@ -35,3 +35,6 @@ flake.*
 # Python
 **/__pycache__/**
 *.pyc
+.venv/
+.pytest_cache
+.pytype

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 0.4.6
+Version: 0.5.0
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues
@@ -27,9 +27,8 @@ Description-Content-Type: text/markdown
 # Bitwarden Workflow Linter
 Bitwarden's Workflow Linter is an extensible linter to apply opinionated organization-specific
-GitHub Action standards. It was designed to be used alongside tools like
-[action-lint](https://github.com/rhysd/actionlint) and
-[yamllint](https://github.com/adrienverge/yamllint) to check for correct Action syntax and enforce
+GitHub Action standards. It was designed to be used alongside
+[yamllint](https://github.com/adrienverge/yamllint) to enforce
 specific YAML standards.
 To see an example of Workflow Linter in practice in GitHub Action, see the
@@ -90,6 +89,8 @@ options:
 -   Python 3.11
 -   pipenv
+-   Windows systems: Chocolatey package manager
+-   Mac OS systems: Homebrew package manager
 ### Setup

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/README.md RENAMED Viewed

@@ -1,9 +1,8 @@
 # Bitwarden Workflow Linter
 Bitwarden's Workflow Linter is an extensible linter to apply opinionated organization-specific
-GitHub Action standards. It was designed to be used alongside tools like
-[action-lint](https://github.com/rhysd/actionlint) and
-[yamllint](https://github.com/adrienverge/yamllint) to check for correct Action syntax and enforce
+GitHub Action standards. It was designed to be used alongside
+[yamllint](https://github.com/adrienverge/yamllint) to enforce
 specific YAML standards.
 To see an example of Workflow Linter in practice in GitHub Action, see the
@@ -64,6 +63,8 @@ options:
 -   Python 3.11
 -   pipenv
+-   Windows systems: Chocolatey package manager
+-   Mac OS systems: Homebrew package manager
 ### Setup

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/settings.yaml RENAMED Viewed

@@ -6,5 +6,6 @@ enabled_rules:
   - bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
   - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
   - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
+  - bitwarden_workflow_linter.rules.run_actionlint.RunActionlint
 approved_actions_path: default_actions.json

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/src/bitwarden_workflow_linter/__about__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
-__version__ = "0.4.6"
+__version__ = "0.5.0"

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/src/bitwarden_workflow_linter/default_actions.json RENAMED Viewed

@@ -244,6 +244,11 @@
     "sha": "1482605bfc5719782e1267fd0c0cc350fe7646b8",
     "version": "v1"
   },
+  "fastly/compute-actions": {
+    "name": "fastly/compute-actions",
+    "sha": "ca26cccf1fa541576c6fbdf50d62feb6db6ba181",
+    "version": "v10"
+  },
   "futureware-tech/simulator-action": {
     "name": "futureware-tech/simulator-action",
     "sha": "dab10d813144ef59b48d401cd95da151222ef8cd",
@@ -329,16 +334,16 @@
     "sha": "d33c176a9b784876d966f80fb1b461808edc0641",
     "version": "v2.1.1"
   },
-  "slackapi/slack-github-action": {
-    "name": "slackapi/slack-github-action",
-    "sha": "485a9d42d3a73031f12ec201c457e2162c45d02d",
-    "version": "v2.0.0"
-  },
   "sigstore/cosign-installer": {
     "name": "sigstore/cosign-installer",
     "sha": "dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da",
     "version": "v3.7.0"
   },
+  "slackapi/slack-github-action": {
+    "name": "slackapi/slack-github-action",
+    "sha": "485a9d42d3a73031f12ec201c457e2162c45d02d",
+    "version": "v2.0.0"
+  },
   "snapcore/action-build": {
     "name": "snapcore/action-build",
     "sha": "3bdaa03e1ba6bf59a65f84a751d943d549a54e79",
@@ -384,4 +389,4 @@
     "sha": "a3c219da6b8fa73f6ba62b68ff09c469b3a1c024",
     "version": "2.2.2"
   }
-}
+}

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/src/bitwarden_workflow_linter/default_settings.yaml RENAMED Viewed

@@ -6,5 +6,6 @@ enabled_rules:
   - bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
   - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
   - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
+  - bitwarden_workflow_linter.rules.run_actionlint.RunActionlint
 approved_actions_path: default_actions.json

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/src/bitwarden_workflow_linter/load.py RENAMED Viewed

@@ -39,20 +39,32 @@ class WorkflowBuilder:
           objects (depending on their location in the file).
         """
         with open(filename, encoding="utf8") as file:
-            return yaml.load(file)
+            if not file:
+                raise WorkflowBuilderError(f"Could not load {filename}")
+            try:
+                return yaml.load(file)
+            except Exception as e:
+                raise WorkflowBuilderError(f"Error loading YAML file {filename}: {e}")
     @classmethod
-    def __build_workflow(cls, loaded_yaml: CommentedMap) -> Workflow:
+    def __build_workflow(cls, filename: str, loaded_yaml: CommentedMap) -> Workflow:
         """Parse the YAML and build out the workflow to run Rules against.
         Args:
+          filename:
+            The name of the file that the YAML was loaded from
           loaded_yaml:
             YAML that was loaded from either code or a file
         Returns
           A Workflow to run linting Rules against
         """
-        return Workflow.init("", loaded_yaml)
+        try:
+            if not loaded_yaml:
+                raise WorkflowBuilderError("No YAML loaded")
+            return Workflow.init("", filename, loaded_yaml)
+        except Exception as e:
+            raise WorkflowBuilderError(f"Error building workflow: {e}")
     @classmethod
     def build(
@@ -76,9 +88,11 @@ class WorkflowBuilder:
             be loaded from disk
         """
         if from_file and filename is not None:
-            return cls.__build_workflow(cls.__load_workflow_from_file(filename))
+            return cls.__build_workflow(
+                filename, cls.__load_workflow_from_file(filename)
+            )
         elif not from_file and workflow is not None:
-            return cls.__build_workflow(workflow)
+            return cls.__build_workflow("", workflow)
         raise WorkflowBuilderError(
             "The workflow must either be built from a file or from a CommentedMap"

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/src/bitwarden_workflow_linter/models/workflow.py RENAMED Viewed

@@ -23,14 +23,16 @@ class Workflow:
     """
     key: str = ""
+    filename: Optional[str] = None
     name: Optional[str] = None
     on: Optional[CommentedMap] = None
     jobs: Optional[Dict[str, Job]] = None
     @classmethod
-    def init(cls: Self, key: str, data: CommentedMap) -> Self:
+    def init(cls: Self, key: str, filename: str, data: CommentedMap) -> Self:
         init_data = {
             "key": key,
+            "filename": filename,
             "name": data["name"] if "name" in data else None,
             "on": data["on"] if "on" in data else None,
         }

bitwarden_workflow_linter-0.5.0/src/bitwarden_workflow_linter/rules/run_actionlint.py ADDED Viewed

@@ -0,0 +1,108 @@
+"""A Rule to run actionlint on workflows."""
+from typing import Optional, Tuple
+import subprocess
+import platform
+import urllib.request
+import os
+from ..rule import Rule
+from ..models.workflow import Workflow
+from ..utils import LintLevels, Settings
+def install_actionlint(platform_system: str) -> Tuple[bool, str]:
+    """If actionlint is not installed, detects OS platform
+    and installs actionlint"""
+    error = f"An error occurred when installing Actionlint on {platform_system}"
+    if platform_system.startswith("Linux"):
+        return install_actionlint_source(error)
+    elif platform_system == "Darwin":
+        try:
+            subprocess.run(["brew", "install", "actionlint"], check=True)
+            return True, ""
+        except (FileNotFoundError, subprocess.CalledProcessError):
+            return False, f"{error} : check Brew installation"
+    elif platform_system.startswith("Win"):
+        try:
+            subprocess.run(["choco", "install", "actionlint", "-y"], check=True)
+            return True, ""
+        except (FileNotFoundError, subprocess.CalledProcessError):
+            return False, f"{error} : check Choco installation"
+    return False, error
+def install_actionlint_source(error) -> Tuple[bool, str]:
+    """Install Actionlint Binary from provided script"""
+    url = "https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash"
+    version = "1.6.17"
+    request = urllib.request.urlopen(url)
+    with open("download-actionlint.bash", "wb+") as fp:
+        fp.write(request.read())
+    try:
+        subprocess.run(["bash", "download-actionlint.bash", version], check=True)
+        return True, os.getcwd()
+    except (FileNotFoundError, subprocess.CalledProcessError):
+        return False, error
+def check_actionlint(platform_system: str) -> Tuple[bool, str]:
+    """Check if the actionlint is in the system's PATH."""
+    try:
+        subprocess.run(
+            ["actionlint", "--version"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            check=True,
+        )
+        return True, ""
+    except subprocess.CalledProcessError:
+        return (
+            False,
+            "Failed to install Actionlint, \
+please check your package installer or manually install it",
+        )
+    except FileNotFoundError:
+        return install_actionlint(platform_system)
+class RunActionlint(Rule):
+    """Rule to run actionlint as part of workflow linter V2."""
+    def __init__(self, settings: Optional[Settings] = None) -> None:
+        self.message = "Actionlint must pass without errors"
+        self.on_fail = LintLevels.WARNING
+        self.compatibility = [Workflow]
+        self.settings = settings
+    def fn(self, obj: Workflow) -> Tuple[bool, str]:
+        if not obj or not obj.filename:
+            raise AttributeError(
+                "Running actionlint without a filename is not currently supported"
+            )
+        installed, location = check_actionlint(platform.system())
+        if installed:
+            if location:
+                result = subprocess.run(
+                    [location + "/actionlint", obj.filename],
+                    capture_output=True,
+                    text=True,
+                    check=False,
+                )
+            else:
+                result = subprocess.run(
+                    ["actionlint", obj.filename],
+                    capture_output=True,
+                    text=True,
+                    check=False,
+                )
+            if result.returncode == 1:
+                return False, result.stdout
+            if result.returncode > 1:
+                return False, result.stdout
+            return True, ""
+        else:
+            return False, self.message

bitwarden_workflow_linter-0.5.0/tests/fixtures/test_workflow.yaml ADDED Viewed

@@ -0,0 +1,32 @@
+name: test
+on:
+  workflow_dispatch:
+  pull_request:
+jobs:
+  job-key:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Test
+        run: echo test
+  call-workflow:
+    uses: bitwarden/server/.github/workflows/workflow-linter.yml@master
+  test-normal-action:
+    name: Download Latest
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - run: |
+          echo test
+  test-local-action:
+    name: Testing a local action call
+    runs-on: ubuntu-20.04
+    steps:
+      - name: local-action
+        uses: ./version-bump

bitwarden_workflow_linter-0.5.0/tests/fixtures/test_workflow_incorrect.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+name: test
+on:
+  push:
+    branches:
+      -
+    path:
+      - "src/**"
+  workflow_dispatch:
+jobs:
+  job-key:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Test
+        run: echo test
+  call-workflow:
+    uses: bitwarden/server/.github/workflows/workflow-linter.yml@master
+  test-normal-action:
+    name: Download Latest
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - run: |
+          echo test
+  test-local-action:
+    name: Testing a local action call
+    runs-on: ubuntu-20.04
+    steps:
+      - name: local-action
+        uses: ./version-bump

bitwarden_workflow_linter-0.5.0/tests/rules/test_run_actionlint.py ADDED Viewed

@@ -0,0 +1,181 @@
+"""Test src/bitwarden_workflow_linter/rules/run_actionlint."""
+import pytest
+import subprocess
+from ruamel.yaml import YAML
+from src.bitwarden_workflow_linter.load import WorkflowBuilder
+from src.bitwarden_workflow_linter.rules.run_actionlint import (
+    RunActionlint,
+    install_actionlint_source,
+    check_actionlint,
+    install_actionlint,
+)
+yaml = YAML()
+@pytest.fixture(name="rule")
+def fixture_rule():
+    return RunActionlint()
+def test_rule_on_correct_workflow(rule):
+    correct_workflow = WorkflowBuilder.build("tests/fixtures/test_workflow.yaml")
+    result, _ = rule.fn(correct_workflow)
+    assert result is True
+def test_rule_on_incorrect_workflow(rule):
+    incorrect_workflow = WorkflowBuilder.build(
+        "tests/fixtures/test_workflow_incorrect.yaml"
+    )
+    result, _ = rule.fn(incorrect_workflow)
+    assert result is False
+def test_pass_install_actionlint_linux():
+    result, _ = install_actionlint("Linux")
+    assert result is True
+def test_install_actionlint_darwin(monkeypatch):
+    def mock_run(*args, **kwargs):
+        return subprocess.CompletedProcess(args, 0)
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, _ = install_actionlint("Darwin")
+    assert result is True
+def test_failed_install_actionlint_darwin(monkeypatch):
+    def mock_run(*args, **kwargs):
+        raise subprocess.CalledProcessError(1, "cmd")
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, error = install_actionlint("Darwin")
+    assert result is False
+    assert "An error occurred" in error
+def test_install_actionlint_windows(monkeypatch):
+    def mock_run(*args, **kwargs):
+        return subprocess.CompletedProcess(args, 0)
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, _ = install_actionlint("Windows")
+    assert result is True
+def test_failed_install_actionlint_windows(monkeypatch):
+    def mock_run(*args, **kwargs):
+        raise subprocess.CalledProcessError(1, "cmd")
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, error = install_actionlint("Windows")
+    assert result is False
+    assert "An error occurred" in error
+def test_install_actionlint_source(monkeypatch):
+    def mock_run(*args, **kwargs):
+        return subprocess.CompletedProcess(args, 0)
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, _ = install_actionlint_source("An error occurred")
+    assert result is True
+def test_failed_install_actionlint_source(monkeypatch):
+    def mock_run(*args, **kwargs):
+        raise subprocess.CalledProcessError(1, "cmd")
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, error = install_actionlint_source("An error occurred")
+    assert result is False
+    assert "An error occurred" in error
+def test_check_actionlint_installed(monkeypatch):
+    def mock_run(*args, **kwargs):
+        return subprocess.CompletedProcess(args, 0)
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, _ = check_actionlint("Linux")
+    assert result is True
+def test_failed_check_actionlint_installed(monkeypatch):
+    def mock_run(*args, **kwargs):
+        raise subprocess.CalledProcessError(1, "cmd")
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, _ = check_actionlint("Linux")
+    assert result is False
+def test_check_actionlint_not_installed(monkeypatch):
+    def mock_run(*args, **kwargs):
+        raise FileNotFoundError
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    result, _ = check_actionlint("Linux")
+    assert result is False
+def test_run_actionlint_installed(monkeypatch, rule):
+    def mock_check_actionlint(*args, **kwargs):
+        return True, "/mock/location"
+    def mock_run(*args, **kwargs):
+        return subprocess.CompletedProcess(args, 0, stdout="")
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    monkeypatch.setattr(
+        "src.bitwarden_workflow_linter.rules.run_actionlint.check_actionlint",
+        mock_check_actionlint,
+    )
+    workflow = WorkflowBuilder.build("tests/fixtures/test_workflow.yaml")
+    result, _ = rule.fn(workflow)
+    assert result is True
+def test_run_actionlint_not_installed(monkeypatch, rule):
+    def mock_check_actionlint(*args, **kwargs):
+        return False, ""
+    monkeypatch.setattr(
+        "src.bitwarden_workflow_linter.rules.run_actionlint.check_actionlint",
+        mock_check_actionlint,
+    )
+    workflow = WorkflowBuilder.build("tests/fixtures/test_workflow.yaml")
+    result, error = rule.fn(workflow)
+    assert result is False
+    assert "Actionlint must pass" in error
+def test_run_actionlint_installed_error(monkeypatch, rule):
+    def mock_check_actionlint(*args, **kwargs):
+        return True, "/mock/location"
+    def mock_run(*args, **kwargs):
+        return subprocess.CompletedProcess(args, 110, stdout="An error occurred")
+    monkeypatch.setattr(subprocess, "run", mock_run)
+    monkeypatch.setattr(
+        "src.bitwarden_workflow_linter.rules.run_actionlint.check_actionlint",
+        mock_check_actionlint,
+    )
+    workflow = WorkflowBuilder.build("tests/fixtures/test_workflow.yaml")
+    result, error = rule.fn(workflow)
+    assert result is False
+    assert "An error occurred" in error

{bitwarden_workflow_linter-0.4.6 → bitwarden_workflow_linter-0.5.0}/tests/test_workflow.py RENAMED Viewed

@@ -72,7 +72,7 @@ jobs:
 def test_simple_workflow(simple_workflow_yaml):
-    workflow = Workflow.init("", simple_workflow_yaml)
+    workflow = Workflow.init("", None, simple_workflow_yaml)
     assert workflow.name == "test"
     assert len(workflow.on.keys()) == 1
@@ -80,7 +80,7 @@ def test_simple_workflow(simple_workflow_yaml):
 def test_complex_workflow(complex_workflow_yaml):
-    workflow = Workflow.init("", complex_workflow_yaml)
+    workflow = Workflow.init("", None, complex_workflow_yaml)
     assert workflow.name == "test"
     assert len(workflow.on.keys()) == 2
@@ -91,7 +91,7 @@ def test_workflow_extra_kwargs(simple_workflow_yaml):
     extra_data_workflow = simple_workflow_yaml
     extra_data_workflow["extra"] = "This should not exist"
-    workflow = Workflow.init("", extra_data_workflow)
+    workflow = Workflow.init("", None, extra_data_workflow)
     with pytest.raises(Exception):
         assert workflow.extra == "test"