Google Git
Sign in
fuchsia / shac-project / shac / 58a9bb92f28d29d01971e4f97a6ff0f6be192a5c
commit58a9bb92f28d29d01971e4f97a6ff0f6be192a5c[log] [tgz]
authorOliver Newman <olivernewman@google.com>Mon Jul 17 15:07:58 2023 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Jul 17 15:07:58 2023 +0000
tree28b8e22543e94411f71b2721c87e8849101afc5b
parent0db297bd1ace83ca9db966e59902dc614203bdd8 [diff]
[go] Vendor all dependencies

Otherwise some checks like `ineffassign` will try to download
dependencies at runtime.

Generated by running `go mod vendor`.

Also add the vendor/ directory to the files ignored by shac, since we
don't want to block on linting/formatting issues in upstream code.

For some reason, this caused ineffassign to fail with "error obtaining
VCS status: exit status 128" on infra linux machines. I'm not sure why
this is happening and can't reproduce locally, so taking the approach of
setting GOFLAGS=-buildvcs=false for all checks.

Change-Id: Icc5cdd5fc107b3f1373ef6dff64920e0fc4628c5
Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/879279
Commit-Queue: Oliver Newman <olivernewman@google.com>
Reviewed-by: Marc-Antoine Ruel <maruel@google.com>
Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com>
1032 files changed
tree: 28b8e22543e94411f71b2721c87e8849101afc5b
  1. .github/
  2. doc/
  3. images/
  4. internal/
  5. scripts/
  6. vendor/
  7. .gitignore
  8. AUTHORS
  9. check_doc.star
  10. codecov.yml
  11. CONTRIBUTING.md
  12. go.mod
  13. go.star
  14. go.sum
  15. LICENSE
  16. licenses.star
  17. main.go
  18. OWNERS
  19. PATENTS
  20. README.md
  21. shac.star
  22. shac.textproto
README.md

shac

Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.

Shac checks are written in Starlark.

usage demonstration

Usage

go install go.fuchsia.dev/shac-project/shac@latest
shac check
shac doc shac.star | less

Documentation

Road map

Planned features/changes, in descending order by priority:

  • [ ] Automatic fix application with handling for conflicting suggestions
  • [ ] Configuring files to exclude from shac analysis in shac.textproto
  • [ ] Include unstaged files in analysis, including respecting unstaged shac.star files
  • [ ] Provide a .shac cache directory that checks can write to
  • [ ] Mount checkout directory read-only
  • [ ] Give checks access to the commit message via ctx.scm
  • [ ] Built-in formatting of Starlark files
  • [ ] Configurable “pass-throughs” - non-default environment variables and mounts that can optionally be passed through to the sandbox
  • [ ] Add glob arguments to ctx.scm.{all,affected}_files() functions for easier filtering
  • [ ] Filesystem sandboxing on MacOS
  • [ ] Windows sandboxing

Contributing

⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.

See CONTRIBUTING.md to submit changes.