Skip to content

Commit

Permalink
feat: add a policy action_shell_is_required (#281)
Browse files Browse the repository at this point in the history
  • Loading branch information
suzuki-shunsuke authored Dec 9, 2023
1 parent d343948 commit d91c201
Show file tree
Hide file tree
Showing 7 changed files with 111 additions and 4 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ ghalint is a command line tool to check GitHub Actions Workflows anc action.yaml
1. [action_ref_should_be_full_length_commit_sha](docs/policies/008.md): action's ref should be full length commit SHA
1. [github_app_should_limit_repositories](docs/policies/009.md): GitHub Actions issueing GitHub Access tokens from GitHub Apps should limit repositories
1. [github_app_should_limit_permissions](docs/policies/010.md): GitHub Actions issueing GitHub Access tokens from GitHub Apps should limit permissions
1. [action_shell_is_required](docs/policies/011.md): `shell` is required if `run` is set

## How to install

Expand Down
24 changes: 24 additions & 0 deletions docs/policies/011.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# action_shell_is_required

`shell` is required if `run` is set

## Examples

:x:

```yaml
- run: echo hello
```
```yaml
- run: echo hello
shell: bash
```
## Why?
> Required if run is set.
https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsstepsshell
1 change: 1 addition & 0 deletions pkg/controller/act/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ func (c *Controller) Run(_ context.Context, logE *logrus.Entry, cfgFilePath stri
stepPolicies := []controller.StepPolicy{
&policy.GitHubAppShouldLimitRepositoriesPolicy{},
&policy.GitHubAppShouldLimitPermissionsPolicy{},
&policy.ActionShellIsRequiredPolicy{},
policy.NewActionRefShouldBeSHA1Policy(),
}
failed := false
Expand Down
26 changes: 26 additions & 0 deletions pkg/policy/action_shell_is_required.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package policy

import (
"errors"

"github.com/sirupsen/logrus"
"github.com/suzuki-shunsuke/ghalint/pkg/config"
"github.com/suzuki-shunsuke/ghalint/pkg/workflow"
)

type ActionShellIsRequiredPolicy struct{}

func (p *ActionShellIsRequiredPolicy) Name() string {
return "action_shell_is_required"
}

func (p *ActionShellIsRequiredPolicy) ID() string {
return "011"
}

func (p *ActionShellIsRequiredPolicy) ApplyStep(_ *logrus.Entry, _ *config.Config, _ *StepContext, step *workflow.Step) error {
if step.Run != "" && step.Shell == "" {
return errors.New("shell is required if run is set")
}
return nil
}
50 changes: 50 additions & 0 deletions pkg/policy/action_shell_is_required_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package policy_test

import (
"testing"

"github.com/sirupsen/logrus"
"github.com/suzuki-shunsuke/ghalint/pkg/policy"
"github.com/suzuki-shunsuke/ghalint/pkg/workflow"
)

func TestActionShellIsRequiredPolicy_ApplyStep(t *testing.T) {
t.Parallel()
data := []struct {
name string
step *workflow.Step
isErr bool
}{
{
name: "pass",
step: &workflow.Step{
Run: "echo hello",
Shell: "bash",
},
},
{
name: "step error",
isErr: true,
step: &workflow.Step{
Run: "echo hello",
},
},
}
p := &policy.ActionShellIsRequiredPolicy{}
logE := logrus.NewEntry(logrus.New())
for _, d := range data {
d := d
t.Run(d.name, func(t *testing.T) {
t.Parallel()
if err := p.ApplyStep(logE, nil, nil, d.step); err != nil {
if d.isErr {
return
}
t.Fatal(err)
}
if d.isErr {
t.Fatal("error must be returned")
}
})
}
}
10 changes: 6 additions & 4 deletions pkg/workflow/workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@ type Job struct {
}

type Step struct {
Uses string
ID string
Name string
With map[string]string
Uses string
ID string
Name string
Run string
Shell string
With map[string]string
}

type Action struct {
Expand Down
3 changes: 3 additions & 0 deletions test-action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,6 @@ runs:
with:
app-id: ${{vars.APP_ID}}
private-key: ${{secrets.PRIVATE_KEY}}

- run: echo hello
# action_shell_is_required

0 comments on commit d91c201

Please sign in to comment.