Google Git
Sign in
fuchsia / shac-project / shac / 0db297bd1ace83ca9db966e59902dc614203bdd8
commit0db297bd1ace83ca9db966e59902dc614203bdd8[log] [tgz]
authorOliver Newman <olivernewman@google.com>Fri Jul 14 23:54:09 2023 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Jul 14 23:54:09 2023 +0000
tree0fe25926431074e20944e6446f738ab3adaac14d
parent822e10a0aadf6a7fb0e73ecefd07a2df55da3db2 [diff]
[engine] Add support for ignoring files in shac.textproto

It's useful to exclude files from ever being analyzed by shac. For
example, any formatting/linting issues in vendored third-party code
should generally be ignored (or fixed upstream) so that the code stays
in sync with upstream, rather than modifying the vendored version.

Ignored files are configured with a repeated `ignore` field in
shac.textproto. Each `ignore` element is a string that uses
fully-featured gitignore syntax.

We use the gitignore library from https://github.com/go-git/go-git to
parse the ignore fields, as it seemed to be the most well-maintained and
high-quality of the various available gitignore-parsing libraries for
Go. However, the library does contain a lot of things we don't need and
pulls in a number of dependencies, so at some point we should probably
reimplement the gitignore parsing ourselves and remove the dependency.

Change-Id: If0ad914a0754a1cb203eed620f3fd26c9a220fdb
Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/879285
Reviewed-by: Marc-Antoine Ruel <maruel@google.com>
Commit-Queue: Oliver Newman <olivernewman@google.com>
7 files changed
tree: 0fe25926431074e20944e6446f738ab3adaac14d
  1. .github/
  2. doc/
  3. images/
  4. internal/
  5. scripts/
  6. .gitignore
  7. AUTHORS
  8. check_doc.star
  9. codecov.yml
  10. CONTRIBUTING.md
  11. go.mod
  12. go.star
  13. go.sum
  14. LICENSE
  15. licenses.star
  16. main.go
  17. OWNERS
  18. PATENTS
  19. README.md
  20. shac.star
  21. shac.textproto
README.md

shac

Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.

Shac checks are written in Starlark.

usage demonstration

Usage

go install go.fuchsia.dev/shac-project/shac@latest
shac check
shac doc shac.star | less

Documentation

Road map

Planned features/changes, in descending order by priority:

  • [ ] Automatic fix application with handling for conflicting suggestions
  • [ ] Configuring files to exclude from shac analysis in shac.textproto
  • [ ] Include unstaged files in analysis, including respecting unstaged shac.star files
  • [ ] Provide a .shac cache directory that checks can write to
  • [ ] Mount checkout directory read-only
  • [ ] Give checks access to the commit message via ctx.scm
  • [ ] Built-in formatting of Starlark files
  • [ ] Configurable “pass-throughs” - non-default environment variables and mounts that can optionally be passed through to the sandbox
  • [ ] Add glob arguments to ctx.scm.{all,affected}_files() functions for easier filtering
  • [ ] Filesystem sandboxing on MacOS
  • [ ] Windows sandboxing

Contributing

⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.

See CONTRIBUTING.md to submit changes.