[BRE-410] - FIX: unwanted files in workflow dir, allowed env vars, un…

…derscore output bug (#33)
bitwarden · Nov 29, 2024 · 88464c9 · 88464c9
1 parent cf602ef
commit 88464c9
Show file tree

Hide file tree

Showing 8 changed files with 34 additions and 19 deletions.
diff --git a/src/bitwarden_workflow_linter/default_settings.yaml b/src/bitwarden_workflow_linter/default_settings.yaml
@@ -4,6 +4,7 @@ enabled_rules:
   - bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
   - bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
   - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+  - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
   - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
 
 approved_actions_path: default_actions.json
diff --git a/src/bitwarden_workflow_linter/lint.py b/src/bitwarden_workflow_linter/lint.py
@@ -54,6 +54,7 @@ def extend_parser(
         )
         parser_lint.add_argument("-f", "--files", action="append", help="files to lint")
         parser_lint.add_argument(
+            "-o",
             "--output",
             action="store",
             help="output format: [stdout|json|md]",
@@ -137,9 +138,10 @@ def generate_files(self, files: list[str]) -> list[str]:
             if os.path.isfile(path):
                 workflow_files.append(path)
             elif os.path.isdir(path):
-                for subdir, _, files in os.walk(path):
-                    for filename in files:
-                        filepath = subdir + os.sep + filename
+                for dirpath, dirnames, filenames in os.walk(path):
+                    dirnames[:] = []
+                    for file in filenames:
+                        filepath = dirpath + os.sep + file
                         if filepath.endswith((".yml", ".yaml")):
                             workflow_files.append(filepath)
 

diff --git a/src/bitwarden_workflow_linter/rules/job_environment_prefix.py b/src/bitwarden_workflow_linter/rules/job_environment_prefix.py
@@ -58,11 +58,12 @@ def fn(self, obj: Job) -> Tuple[bool, str]:
         incorrectly named environment variables.
         """
         correct = True
+        allowed_envs = {"NODE_OPTION", "NUGET_PACKAGES", "MINT_PATH", "MINT_LINK_PATH"}
 
         if obj.env:
             offending_keys = []
             for key in obj.env.keys():
-                if key[0] != "_":
+                if key not in allowed_envs and key[0] != "_":
                     offending_keys.append(key)
                     correct = False
 

diff --git a/src/bitwarden_workflow_linter/rules/step_approved.py b/src/bitwarden_workflow_linter/rules/step_approved.py
@@ -41,8 +41,8 @@ def skip(self, obj: Step) -> bool:
         if "@" not in obj.uses:
             return True
 
-        ## Force pass for any bitwarden/gh-actions
-        if obj.uses.startswith("bitwarden/gh-actions"):
+        ## Force pass for any bitwarden/
+        if obj.uses.startswith("bitwarden/"):
             return True
 
         return False

diff --git a/src/bitwarden_workflow_linter/rules/step_pinned.py b/src/bitwarden_workflow_linter/rules/step_pinned.py
@@ -82,7 +82,7 @@ def fn(self, obj: Step) -> Tuple[bool, str]:
 
         path, ref = obj.uses.split("@")
 
-        if path.startswith("bitwarden/gh-actions"):
+        if path.startswith("bitwarden/"):
             if ref == "main":
                 return True, ""
             return False, "Please pin to main"

diff --git a/src/bitwarden_workflow_linter/rules/underscore_outputs.py b/src/bitwarden_workflow_linter/rules/underscore_outputs.py
@@ -25,7 +25,7 @@ def __init__(self, settings: Optional[Settings] = None) -> None:
             A Settings object that contains any default, overridden, or custom settings
             required anywhere in the application.
         """
-        self.message = "outputs with more than one word must use an underscore"
+        self.message = "outputs with more than one word should use an underscore"
         self.on_fail = LintLevels.WARNING
         self.compatibility = [Workflow, Job, Step]
         self.settings = settings
@@ -90,15 +90,18 @@ def fn(self, obj: Union[Workflow, Job, Step]) -> Tuple[bool, str]:
         if isinstance(obj, Workflow):
             if obj.on.get("workflow_dispatch"):
                 if obj.on["workflow_dispatch"].get("outputs"):
-                    outputs.extend(obj.on["workflow_dispatch"]["outputs"].keys())
+                    for output, _ in obj.on["workflow_dispatch"]["outputs"].items():
+                        outputs.append(output)
 
             if obj.on.get("workflow_call"):
                 if obj.on["workflow_call"].get("outputs"):
-                    outputs.extend(obj.on["workflow_call"]["outputs"].keys())
+                    for output, _ in obj.on["workflow_call"]["outputs"].items():
+                        outputs.append(output)
 
         if isinstance(obj, Job):
             if obj.outputs:
-                outputs.extend(obj.outputs.keys())
+                for output in obj.outputs.keys():
+                    outputs.append(output)
 
         if isinstance(obj, Step):
             if obj.run:
@@ -108,10 +111,18 @@ def fn(self, obj: Union[Workflow, Job, Step]) -> Tuple[bool, str]:
                     )
                 )
 
-        for output_name in outputs:
-            if "-" in output_name:
-                return False, (
-                    f"Hyphen found in {obj.__class__.__name__} output: {output_name}"
-                )
+        correct = True
+        offending_keys = []
+
+        for name in outputs:
+            if "-" in name:
+                offending_keys.append(name)
+                correct = False
+
+        if correct:
+            return True, ""
 
-        return True, ""
+        return (
+            False,
+            f"{obj.__class__.__name__} {self.message}: ({' ,'.join(offending_keys)})",
+        )
diff --git a/tests/rules/test_step_pinned.py b/tests/rules/test_step_pinned.py
@@ -25,7 +25,7 @@ def fixture_correct_workflow():
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Test Internal Action
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        uses: bitwarden/ios/.github/actions/dispatch-and-download@main
 
       - name: Test Local Action
         uses: ./actions/test-action

diff --git a/tests/rules/test_underscore_output.py b/tests/rules/test_underscore_output.py
@@ -234,7 +234,7 @@ def test_rule_on_incorrect_step(rule, incorrect_workflow):
 
     result, message = rule.fn(incorrect_workflow.jobs["job-key"].steps[1])
     assert result is False
-    assert message == "Hyphen found in Step output: test-key-2"
+    assert "outputs with more than one word should use an underscore" in message
 
     result, _ = rule.fn(incorrect_workflow.jobs["job-key"].steps[2])
     assert result is True