1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-01-17 17:45:03 +02:00

120 lines
2.8 KiB
Go
Raw Normal View History

2017-03-05 18:56:08 +11:00
package linter
import (
"fmt"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types"
2017-03-05 18:56:08 +11:00
)
2017-07-21 17:52:52 -04:00
const (
blockClone uint8 = iota
blockPipeline
blockServices
)
2017-03-05 18:56:08 +11:00
// A Linter lints a pipeline configuration.
type Linter struct {
trusted bool
}
// New creates a new Linter with options.
func New(opts ...Option) *Linter {
linter := new(Linter)
for _, opt := range opts {
opt(linter)
}
return linter
}
// Lint lints the configuration.
func (l *Linter) Lint(c *types.Workflow) error {
if len(c.Steps.ContainerList) == 0 {
2017-07-21 17:52:52 -04:00
return fmt.Errorf("Invalid or missing pipeline section")
}
if err := l.lint(c.Clone.ContainerList, blockClone); err != nil {
2017-07-21 17:52:52 -04:00
return err
}
if err := l.lint(c.Steps.ContainerList, blockPipeline); err != nil {
2017-07-21 17:52:52 -04:00
return err
}
return l.lint(c.Services.ContainerList, blockServices)
2017-07-21 17:52:52 -04:00
}
2017-03-05 18:56:08 +11:00
func (l *Linter) lint(containers []*types.Container, _ uint8) error {
2017-03-05 18:56:08 +11:00
for _, container := range containers {
if err := l.lintImage(container); err != nil {
return err
}
if !l.trusted {
2017-03-05 18:56:08 +11:00
if err := l.lintTrusted(container); err != nil {
return err
}
}
2017-07-21 17:52:52 -04:00
if err := l.lintCommands(container); err != nil {
return err
}
2017-03-05 18:56:08 +11:00
}
return nil
}
func (l *Linter) lintImage(c *types.Container) error {
2017-03-05 18:56:08 +11:00
if len(c.Image) == 0 {
return fmt.Errorf("Invalid or missing image")
}
return nil
}
func (l *Linter) lintCommands(c *types.Container) error {
2017-07-21 17:52:52 -04:00
if len(c.Commands) == 0 {
return nil
}
if len(c.Settings) != 0 {
2017-07-21 17:52:52 -04:00
var keys []string
for key := range c.Settings {
2017-07-21 17:52:52 -04:00
keys = append(keys, key)
}
return fmt.Errorf("Cannot configure both commands and custom attributes %v", keys)
}
2017-03-05 18:56:08 +11:00
return nil
}
func (l *Linter) lintTrusted(c *types.Container) error {
2017-03-05 18:56:08 +11:00
if c.Privileged {
return fmt.Errorf("Insufficient privileges to use privileged mode")
}
if c.ShmSize != 0 {
return fmt.Errorf("Insufficient privileges to override shm_size")
}
if len(c.DNS) != 0 {
return fmt.Errorf("Insufficient privileges to use custom dns")
}
if len(c.DNSSearch) != 0 {
return fmt.Errorf("Insufficient privileges to use dns_search")
}
if len(c.Devices) != 0 {
return fmt.Errorf("Insufficient privileges to use devices")
}
if len(c.ExtraHosts) != 0 {
return fmt.Errorf("Insufficient privileges to use extra_hosts")
}
if len(c.NetworkMode) != 0 {
return fmt.Errorf("Insufficient privileges to use network_mode")
}
2017-09-07 17:43:33 -07:00
if len(c.IpcMode) != 0 {
return fmt.Errorf("Insufficient privileges to use ipc_mode")
}
2017-11-17 14:49:01 -08:00
if len(c.Sysctls) != 0 {
return fmt.Errorf("Insufficient privileges to use sysctls")
}
2017-03-05 18:56:08 +11:00
if c.Networks.Networks != nil && len(c.Networks.Networks) != 0 {
return fmt.Errorf("Insufficient privileges to use networks")
}
if c.Volumes.Volumes != nil && len(c.Volumes.Volumes) != 0 {
return fmt.Errorf("Insufficient privileges to use volumes")
}
2017-09-07 17:43:33 -07:00
if len(c.Tmpfs) != 0 {
return fmt.Errorf("Insufficient privileges to use tmpfs")
}
2017-03-05 18:56:08 +11:00
return nil
}