Google Git
Sign in
fuchsia / shac-project / shac / 62acf29a492b8cf23136a3deb549843acd56bb58
commit62acf29a492b8cf23136a3deb549843acd56bb58[log] [tgz]
authorOliver Newman <olivernewman@google.com>Wed Sep 27 17:26:08 2023 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Sep 27 17:26:08 2023 +0000
tree7e296634ec4f1d131724f8f8340144326f509a4b
parente96454eb5f41b95446b2e0f728f344ac2c6ad6c2 [diff]
[go.mod] Update protobuf-go

... to pull in the following commit, which fixes parsing of unknown
repeated message fields in textproto files:
https://github.com/protocolbuffers/protobuf-go/commit/6352deccdb59bcc074db0ab49f4d8ba8f3cdb7ee

Previously, if shac.textproto contained a repeated message field that
was only introduced in a later version of shac, and `min_shac_version`
was updated appropriately, `shac check` would produce an error like:

  shac: proto: syntax error (line 41:1): unexpected token: ]

Now protobuf parsing no longer fails, and we get the expected error
message:

  shac: min_shac_version specifies unsupported version "0.1.9", running 0.1.8

Generated by running:
1. go get google.golang.org/protobuf@6352deccdb59bcc074db0ab49f4d8ba8f3cdb7ee
2. go mod tidy
3. go mod vendor

Change-Id: I7a32f61967a10bc72ef0eace18aac9d1b726a945
Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/922812
Reviewed-by: Anthony Fandrianto <atyfto@google.com>
Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com>
40 files changed
tree: 7e296634ec4f1d131724f8f8340144326f509a4b
  1. .github/
  2. checks/
  3. doc/
  4. images/
  5. internal/
  6. scripts/
  7. vendor/
  8. .gitignore
  9. AUTHORS
  10. codecov.yml
  11. CONTRIBUTING.md
  12. go.mod
  13. go.sum
  14. LICENSE
  15. main.go
  16. OWNERS
  17. PATENTS
  18. README.md
  19. shac.star
  20. shac.textproto
README.md

shac

Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.

Shac checks are written in Starlark.

usage demonstration

Usage

go install go.fuchsia.dev/shac-project/shac@latest
shac check
shac doc shac.star | less

Documentation

Road map

Planned features/changes, in descending order by priority:

  • [x] Configuring files to exclude from shac analysis in shac.textproto
  • [x] Include unstaged files in analysis, including respecting unstaged shac.star files
  • [x] Automatic fix application with handling for conflicting suggestions
  • [ ] Provide a .shac cache directory that checks can write to
  • [ ] Mount checkout directory read-only
    • [x] By default
    • [ ] Unconditionally
  • [ ] Give checks access to the commit message via ctx.scm
  • [ ] Built-in formatting of Starlark files
  • [ ] Configurable “pass-throughs” - non-default environment variables and mounts that can optionally be passed through to the sandbox
  • [ ] Add glob arguments to ctx.scm.{all,affected}_files() functions for easier filtering
  • [ ] Filesystem sandboxing on MacOS
  • [ ] Windows sandboxing
  • [ ] Testing framework for checks

Contributing

⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.

See CONTRIBUTING.md to submit changes.