commit | 426b05fac6fab71fa78befcfab86c530062646c6 | [log] [tgz] |
---|---|---|
author | Oliver Newman <olivernewman@google.com> | Wed Sep 13 15:38:55 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Sep 13 15:38:55 2023 +0000 |
tree | 3625e032abf15fc532890a7b2182ce4df8318d84 | |
parent | ce2f0cff74c384f56457b1959fac40e9bab1b16a [diff] |
[engine] Expose runtime-configurable variables to checks Makes a new `ctx.vars.get()` field available to checks that is used to retrieve optional runtime-configurable values passed into shac via `--var name=value` command-line flags. In order to be set at runtime, a var must be declared beforehand in shac.textproto with an optional default value. Centralizating the list of allowed variables differs from the strategies taken by lucicfg and GN, which both allow any file to declare arbitrary runtime-configurable variables. However, that approach makes it much harder to discover the list of allowed variables, and makes it much easier to add new runtime-configurable variables. A proliferation of runtime-configurable variables is not desired for shac because it would open the door to divergence between local workflows and CI, e.g. if CI sets many variables to non-default values then it would become difficult to accurately reproduce CI results locally. Therefore, vars should only be used when absolutely necessary and only for passing through opaque parameters rather than tweaking behavior. The most immediate use case is for passing in the path to a repository's build directory into shac so shac can run executables and read artifacts from the build directory. Bug: 82386 Change-Id: I18cacfc8d9800e4d784c108389e697b5d6b12bc1 Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/915494 Reviewed-by: Anthony Fandrianto <atyfto@google.com> Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com> Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.
Shac checks are written in Starlark.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
Planned features/changes, in descending order by priority:
shac.textproto
shac.star
files.shac
cache directory that checks can write toctx.scm
glob
arguments to ctx.scm.{all,affected}_files()
functions for easier filtering⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.