docker-image-pin 0.4.1__py3-none-any.whl → 0.4.2__py3-none-any.whl

docker_image_pin/__init__.py

@@ -35,7 +35,95 @@ def parse_args() -> Args:
     return parser.parse_args(namespace=Args())
 
 
-def main() -> int:  # noqa: C901, PLR0912, PLR0915, FIX002, TD003  # TODO(GideonBear): extract line to function
+def process_line(file: Path, lnr: int, line: str) -> int:  # noqa: C901, PLR0911, PLR0912
+    def log(msg: str) -> None:
+        print(f"({file}:{lnr + 1}) {msg}")
+
+    def invalid(msg: str) -> int:
+        log(f"Invalid: {msg}")
+        return 1
+
+    def warn(msg: str) -> None:
+        log(f"Warning: {msg}")
+
+    line = line.strip()
+    if not (line.startswith(("image:", "FROM"))):
+        return 0
+
+    allow = None
+    if "#" in line:
+        line, comment = line.split("#")
+        line = line.strip()
+        comment = comment.strip()
+        if comment.startswith("allow-"):
+            allow = comment.removeprefix("allow-")
+
+    if allow == "all":
+        return 0
+
+    line = line.removeprefix("image:").strip()
+    line = line.removeprefix("FROM").strip()
+    try:
+        rest, sha = line.split("@")
+    except ValueError:
+        return invalid("no '@'")
+    try:
+        image, version = rest.split(":")
+    except ValueError:
+        return invalid("no ':' in leading part")
+
+    default_allow = default_allows.get(image)
+    if default_allow:
+        if allow:
+            warn(
+                "allow comment specified while "
+                "there is a default allow for this image. "
+                f"(specified '{allow}', default '{default_allow}')"
+            )
+        allow = default_allow
+
+    if version in {"latest", "stable"}:
+        if allow != version:
+            return invalid(
+                f"[{version}] uses dynamic tag '{version}' instead of pinned version"
+            )
+    else:
+        if "-" in version:
+            version, _extra = version.split("-")
+        version = version.removeprefix("v")  # Optional prefix
+        parts = version.split(".")
+        if len(parts) > 3 and allow != "weird-version":  # noqa: PLR2004
+            # major.minor.patch.???
+            return invalid(
+                "[weird-version] version contains more than three parts "
+                "(major.minor.patch.???)"
+            )
+        if len(parts) == 2 and allow != "major-minor":  # noqa: PLR2004
+            # major.minor
+            return invalid(
+                "[major-minor] version contains only two parts (major.minor). "
+                "Can the version be pinned further?"
+            )
+        if len(parts) == 1 and allow != "major":
+            # major
+            return invalid(
+                "[major] version contains only one part (major). "
+                "Can the version be pinned further?"
+            )
+        if len(parts) == 0:
+            msg = "Unreachable"
+            raise AssertionError(msg)
+
+    if not sha.startswith("sha256:"):
+        return invalid("invalid hash (doesn't start with 'sha256:'")
+    sha = sha.removeprefix("sha256:")
+    if not is_valid_sha256(sha):
+        return invalid("invalid sha256 digest")
+
+    return 0
+
+
+def main() -> int:
     args = parse_args()
 
     retval = 0
@@ -43,100 +131,9 @@ def main() -> int:  # noqa: C901, PLR0912, PLR0915, FIX002, TD003  # TODO(Gideon
         content = file.read_text()
 
         for lnr, line in enumerate(content.splitlines()):
-
-            def log(msg: str) -> None:
-                print(f"({file}:{lnr + 1}) {msg}")  # noqa: B023
-
-            def invalid(msg: str) -> None:
-                nonlocal retval
+            line_retval = process_line(file, lnr, line)
+            if line_retval == 1:
                 retval = 1
-                log(f"Invalid: {msg}")
-
-            def warn(msg: str) -> None:
-                log(f"Warning: {msg}")
-
-            line = line.strip()
-            if not (line.startswith(("image:", "FROM"))):
-                continue
-
-            allow = None
-            if "#" in line:
-                line, comment = line.split("#")
-                line = line.strip()
-                comment = comment.strip()
-                if comment.startswith("allow-"):
-                    allow = comment.removeprefix("allow-")
-
-            line = line.removeprefix("image:").strip()
-            line = line.removeprefix("FROM").strip()
-            try:
-                rest, sha = line.split("@")
-            except ValueError:
-                invalid("no '@'")
-                continue
-            try:
-                image, version = rest.split(":")
-            except ValueError:
-                invalid("no ':' in leading part")
-                continue
-
-            default_allow = default_allows.get(image)
-            if default_allow:
-                if allow:
-                    warn(
-                        "allow comment specified while "
-                        "there is a default allow for this image. "
-                        f"(specified '{allow}', default '{default_allow}')"
-                    )
-                allow = default_allow
-
-            if version in {"latest", "stable"}:
-                if allow != version:
-                    invalid(
-                        f"[{version}] uses dynamic tag '{version}' "
-                        f"instead of pinned version"
-                    )
-                    continue
-            else:
-                if "-" in version:
-                    version, _extra = version.split("-")
-                version = version.removeprefix("v")  # Optional prefix
-                parts = version.split(".")
-                if len(parts) == 3:  # noqa: PLR2004
-                    # major.minor.patch
-                    continue
-                if len(parts) > 3 and allow != "weird-version":  # noqa: PLR2004
-                    # major.minor.patch.???0
-                    invalid(
-                        "[weird-version] version contains more than three parts "
-                        "(major.minor.patch.???)"
-                    )
-                    continue
-                if len(parts) == 2 and allow != "major-minor":  # noqa: PLR2004
-                    # major.minor
-                    invalid(
-                        "[major-minor] version contains only two parts (major.minor). "
-                        "Can the version be pinned further?"
-                    )
-                    continue
-                if len(parts) == 1 and allow != "major":
-                    # major
-                    invalid(
-                        "[major] version contains only one part (major). "
-                        "Can the version be pinned further?"
-                    )
-                    continue
-                if len(parts) == 0:
-                    msg = "Unreachable"
-                    raise AssertionError(msg)
-
-            if not sha.startswith("sha256:"):
-                invalid("invalid hash (doesn't start with 'sha256:'")
-                continue
-            sha = sha.removeprefix("sha256:")
-            if not is_valid_sha256(sha):
-                invalid("invalid sha256 digest")
-                continue
 
     return retval
 

{docker_image_pin-0.4.1.dist-info → docker_image_pin-0.4.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: docker-image-pin
-Version: 0.4.1
+Version: 0.4.2
 Summary: Checks if Docker images are properly pinned in docker-compose.yml and Dockerfile files
 Author: GideonBear
 License-Expression: GPL-3.0-only

docker_image_pin-0.4.2.dist-info/RECORD

@@ -0,0 +1,5 @@
+docker_image_pin/__init__.py,sha256=y0EjMSxXGMmwSzO_ctOiVCHyJOBvwxNDu63gmU_O3E4,3925
+docker_image_pin-0.4.2.dist-info/WHEEL,sha256=eh7sammvW2TypMMMGKgsM83HyA_3qQ5Lgg3ynoecH3M,79
+docker_image_pin-0.4.2.dist-info/entry_points.txt,sha256=xbY6M80EH8T623wyl6-X7VsLB0iPGx517EGocTvsVco,60
+docker_image_pin-0.4.2.dist-info/METADATA,sha256=-Nw6HCBvEA500-7TWe7GCSJ0N0NvaXYBoGM7TOgi7ow,1454
+docker_image_pin-0.4.2.dist-info/RECORD,,

{docker_image_pin-0.4.1.dist-info → docker_image_pin-0.4.2.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: uv 0.8.15
+Generator: uv 0.8.24
 Root-Is-Purelib: true
 Tag: py3-none-any

docker_image_pin-0.4.1.dist-info/RECORD

@@ -1,5 +0,0 @@
-docker_image_pin/__init__.py,sha256=qk_1IOY27zduyHk6t-1SsTDGodzsLVmcfXbIjir7cxE,4692
-docker_image_pin-0.4.1.dist-info/WHEEL,sha256=Jb20R3Ili4n9P1fcwuLup21eQ5r9WXhs4_qy7VTrgPI,79
-docker_image_pin-0.4.1.dist-info/entry_points.txt,sha256=xbY6M80EH8T623wyl6-X7VsLB0iPGx517EGocTvsVco,60
-docker_image_pin-0.4.1.dist-info/METADATA,sha256=WpXq4F1IYXCiA8VRNDwPAc_r9W3vsF696OZjrSxPVAc,1454
-docker_image_pin-0.4.1.dist-info/RECORD,,