Skip to content

Commit

Permalink
Implement allowlist for puppet module content
Browse files Browse the repository at this point in the history 
This implements puppetlabs/puppet-specifications#157

* By default every file is ignored
* Only files from the official specification for puppet modules are
  added to the allowlist
* support for .pdkignore, .pmtignore and .gitignore is removed
  • Loading branch information
@bastelfreak
bastelfreak committed Jul 23, 2024
1 parent 1a7a0f0 commit 664c914
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 101 deletions.
14 changes: 7 additions & 7 deletions .rubocop_todo.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2024-06-28 12:03:58 UTC using RuboCop version 1.64.1.
# on 2024-07-05 11:25:28 UTC using RuboCop version 1.64.1.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
Expand All @@ -11,7 +11,7 @@ Lint/MixedRegexpCaptureTypes:
Exclude:
- 'Gemfile'

# Offense count: 4
# Offense count: 2
# Configuration parameters: Prefixes, AllowedPatterns.
# Prefixes: when, with, without
RSpec/ContextWording:
Expand All @@ -34,24 +34,24 @@ RSpec/MessageSpies:
RSpec/MultipleExpectations:
Max: 11

# Offense count: 13
# Offense count: 8
# Configuration parameters: AllowSubject.
RSpec/MultipleMemoizedHelpers:
Max: 8

# Offense count: 8
# Offense count: 5
# Configuration parameters: EnforcedStyle, IgnoreSharedExamples.
# SupportedStyles: always, named_only
RSpec/NamedSubject:
Exclude:
- 'spec/unit/puppet/modulebuilder/builder_spec.rb'

# Offense count: 3
# Offense count: 1
# Configuration parameters: AllowedGroups.
RSpec/NestedGroups:
Max: 5
Max: 4

# Offense count: 32
# Offense count: 28
RSpec/SubjectStub:
Exclude:
- 'spec/unit/puppet/modulebuilder/builder_spec.rb'
Expand Down
61 changes: 25 additions & 36 deletions lib/puppet/modulebuilder/builder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,29 @@
module Puppet::Modulebuilder
# Class to build Puppet Modules from source
class Builder
DEFAULT_IGNORED = [
# Due to the way how PathSpec generates the regular expression,
# `/*` doesn't match directories starting with a dot,
# so we need `/.*` as well.
IGNORED = [
'/**',
'/.*',
'/pkg/',
'~*',
'/coverage',
'/checksums.json',
'/REVISION',
'/spec/fixtures/modules/',
'/vendor/',
'!/CHANGELOG*',
'!/LICENSE',
'!/README*',
'!/REFERENCE.md',
'!/bolt_plugin.json',
'!/data/**',
'!/docs/**',
'!/files/**',
'!/hiera.yaml',
'!/locales/**',
'!/manifests/**',
'!/metadata.json',
'!/plans/**',
'!/scripts/**',
'!/tasks/**',
'!/templates/**',
'!/types/**',
].freeze

attr_reader :destination, :logger
Expand Down Expand Up @@ -168,21 +182,6 @@ def warn_symlink(path)
from: symlink_path.relative_path_from(module_path), to: symlink_path.realpath.relative_path_from(module_path))
end

# Select the most appropriate ignore file in the module directory.
#
# In order of preference, we first try `.pdkignore`, then `.pmtignore`
# and finally `.gitignore`.
#
# @return [String] The path to the file containing the patterns of file
# paths to ignore.
def ignore_file
@ignore_file ||= [
File.join(source, '.pdkignore'),
File.join(source, '.pmtignore'),
File.join(source, '.gitignore'),
].find { |file| file_exists?(file) && file_readable?(file) }
end

# Checks if the path contains any non-ASCII characters.
#
# Java will throw an error when it encounters a path containing
Expand Down Expand Up @@ -251,20 +250,10 @@ def build_package
def ignored_files
require 'pathspec'

@ignored_files ||=
begin
ignored = if ignore_file.nil?
PathSpec.new
else
PathSpec.new(read_file(ignore_file, open_args: 'rb:UTF-8'))
end

ignored = ignored.add("/#{File.basename(destination)}/") if File.realdirpath(destination).start_with?(File.realdirpath(source))
ignored = PathSpec.new(IGNORED)
ignored.add("/#{File.basename(destination)}/") if File.realdirpath(destination).start_with?(File.realdirpath(source))

DEFAULT_IGNORED.each { |r| ignored.add(r) }

ignored
end
ignored
end

# Create a temporary build directory where the files to be included in
Expand Down
58 changes: 0 additions & 58 deletions spec/unit/puppet/modulebuilder/builder_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,64 +300,6 @@
end
end

describe '#ignore_file' do
subject { builder.ignore_file }

let(:module_source) { File.join(root_dir, 'tmp', 'my-module') }
let(:possible_files) do
[
'.pdkignore',
'.pmtignore',
'.gitignore',
]
end
let(:available_files) { [] }

before do
available_files.each do |file|
file_path = File.join(module_source, file)

allow(builder).to receive(:file_exists?).with(file_path).and_return(true)
allow(builder).to receive(:file_readable?).with(file_path).and_return(true)
end

(possible_files - available_files).each do |file|
file_path = File.join(module_source, file)

allow(builder).to receive(:file_exists?).with(file_path).and_return(false)
allow(builder).to receive(:file_readable?).with(file_path).and_return(false)
end
end

context 'when none of the possible ignore files are present' do
it { is_expected.to be_nil }
end

context 'when .gitignore is present' do
let(:available_files) { ['.gitignore'] }

it 'returns the path to the .gitignore file' do
expect(subject).to eq(File.join(module_source, '.gitignore'))
end

context 'and .pmtignore is present' do
let(:available_files) { ['.gitignore', '.pmtignore'] }

it 'returns the path to the .pmtignore file' do
expect(subject).to eq(File.join(module_source, '.pmtignore'))
end

context 'and .pdkignore is present' do
let(:available_files) { possible_files }

it 'returns the path to the .pdkignore file' do
expect(subject).to eq(File.join(module_source, '.pdkignore'))
end
end
end
end
end

describe '#ignored_files' do
subject { builder.ignored_files }

Expand Down

0 comments on commit 664c914

Please sign in to comment.