lint: version stream

Dentrax · Dentrax · commit 6ae5eaa0c37e · 2024-07-13T15:26:23.000+03:00
Signed-off-by: Dentrax &lt;furkan.turkal@chainguard.dev&gt;
diff --git a/pkg/lint/rules.go b/pkg/lint/rules.go
@@ -439,6 +439,50 @@ var AllRules = func(l *Linter) Rules { //nolint:gocyclo
 				return fmt.Errorf("no main package or subpackage test found")
 			},
 		},
+		{
+			Name:        "valid-version-stream",
+			Description: "check the provides and tag filter if version stream suffix is passed to package name",
+			Severity:    SeverityError,
+			LintFunc: func(c config.Configuration) error {
+				// This regex captures a string that ends with a semantic version (semver) suffix.
+				// It returns two groups:
+				// - Group 1: The prefix part of the string before the semver.
+				// - Group 2: The semver (major.minor or major.minor.patch).
+				// If there is no semver suffix, the string will not match.
+				re := regexp.MustCompile(`^(.*?)-(\d+\.\d+(?:\.\d+)?)$`)
+
+				// It means that the package is not a version streamed, so early return.
+				if !re.MatchString(c.Package.Name) {
+					return nil
+				}
+
+				matches := re.FindStringSubmatch(c.Package.Name)
+				if len(matches) != 3 {
+					return fmt.Errorf("invalid package name %s for version stream, regex matches %+v", c.Package.Name, matches)
+				}
+
+				packageName := matches[1]
+				versionStream := matches[2]
+
+				// package-name=${{package.full-version}}
+				provides := fmt.Sprintf("%s=%s-r%d", packageName, c.Package.Version, c.Package.Epoch)
+				// Some packages does not have ${{package.full-version}}, instead they have PACKAGE=VERSION.999. This is for backward compatibility.
+				provides999 := fmt.Sprintf("%s=%s.999", packageName, versionStream)
+				if !slices.Contains(c.Package.Dependencies.Provides, provides) && !slices.Contains(c.Package.Dependencies.Provides, provides999) {
+					return fmt.Errorf("package is version streamed but %s=${{package.full-version}} is missing on dependencies.provides", packageName)
+				}
+
+				if c.Update.Enabled && !c.Update.Manual && c.Update.GitHubMonitor != nil {
+					// package-name-X.Y, package-name-X.Y., X.Y, vX.Y, X.Y., vX.Y., release-X.Y, release-X.Y.
+					filtersToCheck := []string{c.Package.Name, c.Package.Name + ".", versionStream, "v" + versionStream, versionStream + ".", "v" + versionStream + ".", "release-" + versionStream, "release-" + versionStream + "."}
+
+					if !slices.Contains(filtersToCheck, c.Update.GitHubMonitor.TagFilter) && !slices.Contains(filtersToCheck, c.Update.GitHubMonitor.TagFilterPrefix) {
+						return fmt.Errorf("package is version streamed but tag filter %s is missing on update.github", versionStream)
+					}
+				}
+				return nil
+			},
+		},
 	}
 }
 
diff --git a/pkg/lint/rules_test.go b/pkg/lint/rules_test.go
@@ -397,6 +397,60 @@ func TestLinter_Rules(t *testing.T) {
 			wantErr: false,
 			matches: 0,
 		},
+		{
+			file:        "version-stream-missing-provides-1.2.yaml",
+			minSeverity: SeverityError,
+			want: EvalResult{
+				File: "version-stream-missing-provides-1.2",
+				Errors: EvalRuleErrors{
+					{
+						Rule: Rule{
+							Name:     "valid-version-stream",
+							Severity: SeverityError,
+						},
+						Error: fmt.Errorf("[valid-version-stream]: package is version streamed but version-stream-missing-provides=${{package.full-version}} is missing on dependencies.provides (ERROR)"),
+					},
+				},
+			},
+			wantErr: false,
+			matches: 1,
+		},
+		{
+			file:        "version-stream-missing-update-tagfilter-1.2.yaml",
+			minSeverity: SeverityError,
+			want: EvalResult{
+				File: "version-stream-missing-update-tagfilter-1.2",
+				Errors: EvalRuleErrors{
+					{
+						Rule: Rule{
+							Name:     "valid-version-stream",
+							Severity: SeverityError,
+						},
+						Error: fmt.Errorf("[valid-version-stream]: package is version streamed but tag filter 1.2 is missing on update.github (ERROR)"),
+					},
+				},
+			},
+			wantErr: false,
+			matches: 1,
+		},
+		{
+			file:        "version-stream-missing-update-tagfilter-1.2-999.yaml",
+			minSeverity: SeverityError,
+			want: EvalResult{
+				File: "version-stream-missing-update-tagfilter-1.2",
+				Errors: EvalRuleErrors{
+					{
+						Rule: Rule{
+							Name:     "valid-version-stream",
+							Severity: SeverityError,
+						},
+						Error: fmt.Errorf("[valid-version-stream]: package is version streamed but tag filter 1.2 is missing on update.github (ERROR)"),
+					},
+				},
+			},
+			wantErr: false,
+			matches: 1,
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/pkg/lint/testdata/files/version-stream-missing-provides-1.2.yaml b/pkg/lint/testdata/files/version-stream-missing-provides-1.2.yaml
@@ -0,0 +1,15 @@
+package:
+  name: version-stream-missing-provides-1.2
+  version: 1.2.3
+  epoch: 0
+  description: "a version-streamed package with no dependencies.provides"
+
+pipeline:
+  - uses: fetch
+    with:
+      uri: https://test.com/version-stream-missing-provides/${{package.version}}.tar.gz
+      expected-sha256: ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
+
+test:
+  pipeline:
+    - runs: "echo 'test'"
diff --git a/pkg/lint/testdata/files/version-stream-missing-update-tagfilter-1.2-999.yaml b/pkg/lint/testdata/files/version-stream-missing-update-tagfilter-1.2-999.yaml
@@ -0,0 +1,24 @@
+package:
+  name: version-stream-missing-update-tagfilter-1.2
+  version: 1.2.3
+  epoch: 0
+  description: "a version-streamed package with no dependencies.provides"
+  dependencies:
+    provides:
+      - version-stream-missing-update-tagfilter=1.2.999
+
+pipeline:
+  - uses: fetch
+    with:
+      uri: https://test.com/version-stream-missing-update-tagfilter/${{package.version}}.tar.gz
+      expected-sha256: ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
+
+test:
+  pipeline:
+    - runs: "echo 'test'"
+
+update:
+  enabled: true
+  github:
+    identifier: test/version-stream-missing-update-tagfilter
+    use-tag: true
diff --git a/pkg/lint/testdata/files/version-stream-missing-update-tagfilter-1.2.yaml b/pkg/lint/testdata/files/version-stream-missing-update-tagfilter-1.2.yaml
@@ -0,0 +1,24 @@
+package:
+  name: version-stream-missing-update-tagfilter-1.2
+  version: 1.2.3
+  epoch: 0
+  description: "a version-streamed package with no dependencies.provides"
+  dependencies:
+    provides:
+      - version-stream-missing-update-tagfilter=${{package.full-version}}
+
+pipeline:
+  - uses: fetch
+    with:
+      uri: https://test.com/version-stream-missing-update-tagfilter/${{package.version}}.tar.gz
+      expected-sha256: ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
+
+test:
+  pipeline:
+    - runs: "echo 'test'"
+
+update:
+  enabled: true
+  github:
+    identifier: test/version-stream-missing-update-tagfilter
+    use-tag: true
