)]}' { "log": [ { "commit": "e9114d8dab60946655f0fd7dbbb58acf6e9f00aa", "tree": "93fbadbca50830d1bb94e35b68808dc3ec064dd6", "parents": [ "452157ac7c265a4481c4f269b73ea348447695b2" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue May 05 13:05:00 2026 -0700" }, "committer": { "name": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue May 05 13:05:00 2026 -0700" }, "message": "Use errors.AsType instead of errors.As\n\nThe new generic `errors.AsType` is more ergonomic and concise to use.\n\nChange-Id: If430c83ae9ddd92db6c7b020fe0dfe871ad8fa3d\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1599809\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "452157ac7c265a4481c4f269b73ea348447695b2", "tree": "3d878a7089b5e9138f3c44296d70273fb7637178", "parents": [ "acc21917ebf554719f64a70e1d9cf5b3a4197393" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue May 05 13:00:55 2026 -0700" }, "committer": { "name": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue May 05 13:00:55 2026 -0700" }, "message": "Suppress errors when shac is interrupted by Ctrl-C\n\nWhen shac is interrupted by Ctrl-C it sends SIGINT to any running\nsubprocesses, causing them to exit with `exec.ExitError`s which get\nprinted to stderr, since shac only supresses context errors when\nprinting errors.\n\nModify execsupport.Run to take a context and return ctx.Err() if the\ncontext was canceled and the command failed. This causes shac to return\ncontext.Canceled, which main.go suppresses when running in a terminal.\n\nChange-Id: I9875cbff4f3ed6317c1c86326b4e29d82560c755\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1599808\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\n" }, { "commit": "acc21917ebf554719f64a70e1d9cf5b3a4197393", "tree": "44bcdc025b365fa85d6fdc103bcec082b50e63c3", "parents": [ "1dcbbe9d460addba12da014a4ed364940d1bb82e" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri Apr 17 14:27:35 2026 -0700" }, "committer": { "name": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 17 14:27:35 2026 -0700" }, "message": "[engine] Freeze file metadata to fix data race\n\nThe recent update to go.starlark.net in commit\n1dcbbe9d460addba12da014a4ed364940d1bb82e exposed a data race in shac.\nThe new version of Starlark added a `frozen` field to `Struct` and\nmutates it in `Freeze()`.\n\nshac shares `fileImpl` instances across concurrent checks. When a check\ncalls a builtin like `ctx.scm.affected_files()`, it returns a\ndictionary containing these shared file metadata structs. The\n`builtinWrapper` function that wraps all the shac built-in functions\nthen calls `Freeze()` on the dictionary, which recursively freezes all\nits elements. This resulted in concurrent calls to `Freeze()` on the\nsame shared metadata struct, causing a data race.\n\nFix this by freezing the metadata struct immediately after creation\nwhile holding the lock, making it immutable before it can be shared.\n`Freeze()` is idempotent so it\u0027s safe to call multiple times, just not\nconcurrently.\n\nAlso enable race detection in `scripts/tests.sh` on platforms that\nsupport CGO (which is required for race detection) so we can catch these\ntypes of issues before they land.\n\nChange-Id: I6676610a13f763c56709286ca7ff8c80d3fd03d3\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1579273\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "1dcbbe9d460addba12da014a4ed364940d1bb82e", "tree": "af9d23c0dd6704559f3da294a358eecbdfffd8be", "parents": [ "7166088451d840cf260f03ad4fd595c4b7620766" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Apr 16 14:31:18 2026 -0700" }, "committer": { "name": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Apr 16 14:31:18 2026 -0700" }, "message": "[go] Update luci-go\n\nJust one small change required to accommodate a new argument to the\nstarlark `ast.ParseModule()` function.\n\nChange-Id: If5006a708f573bbd5c09b1419ce313d5e30a19ef\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1578293\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\n" }, { "commit": "7166088451d840cf260f03ad4fd595c4b7620766", "tree": "6b734665b7695fde80b210889decb862dc552aae", "parents": [ "8e1138076e8b1aa1bfddf47477e24c1109b3d56e" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Apr 14 10:30:07 2026 -0700" }, "committer": { "name": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 14 10:30:07 2026 -0700" }, "message": "[engine] Always cache scm calls\n\nPreviously `shac check \u003cfile\u003e` was very slow when running in a large\nrepository against a file with many findings. The SCM caching layer\ndidn\u0027t apply when running against a single file, so the `scm.allFiles()`\nmethod got called every time the user code called `ctx.emit.finding()`,\nresulting in very slow calls (~1 second per `ctx.emit.finding()` call in\nfuchsia.git).\n\nThis change improves the situation by unconditionally caching SCM\nresults. The very first `ctx.emit.finding()` call will still be slow\nsince it needs to populate the cache, but every subsequent call will be\nmuch faster.\n\nChange-Id: I632b1eebcd0a80212270659913c8cceb9732fea9\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1573856\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "8e1138076e8b1aa1bfddf47477e24c1109b3d56e", "tree": "ce6097dc4dcd4940054bb16fc59ff1b474074895", "parents": [ "d95f9d16b04e11f20ac278164d5aab620da85fec" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Apr 08 13:54:13 2026 -0700" }, "committer": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Apr 08 13:54:13 2026 -0700" }, "message": "[engine] Make symlink handling configurable in affected_files \u0026 all_files\n\nAdd an `include_symlinks` parameter to `ctx.scm.affected_files()` and\n`ctx.scm.all_files()`, defaulting to `False`. This gives users explicit\ncontrol over whether to include symlinks to files. The vast majority of\nthe time users probably don\u0027t want to analyze symlinks since the symlink\ntarget will already be analyzed, but there are possible exceptions.\n\nRegardless of this setting, symlinks pointing to directories are still\nstrictly excluded to prevent downstream crashes from tools expecting\nonly regular files.\n\nChange-Id: I775f630938fa83a96ed666db271a41325b39ca76\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1568873\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "d95f9d16b04e11f20ac278164d5aab620da85fec", "tree": "a8ead2301aa1b7ee83838a7eb26b45bdd64bf716", "parents": [ "2832cc0b82890f5fd5f066e9b8a06b9c4c41eaf5" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Apr 08 13:14:28 2026 -0700" }, "committer": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Apr 08 13:14:28 2026 -0700" }, "message": "[shac] Add GEMINI.md\n\nChange-Id: I0f916e2d594f00caf3c71f97fcce2841ef336ece\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1569173\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "2832cc0b82890f5fd5f066e9b8a06b9c4c41eaf5", "tree": "da2548af7fc4f7de9fd5467c80dc71805c5399ba", "parents": [ "828d606f114e63b9d1243368a3316cb22bd4d3c5" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Apr 07 12:37:07 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 07 12:37:07 2026 -0700" }, "message": "[engine] Optimize git submodule checks to avoid syscalls\n\nUpdate affectedFilesImpl to use git diff --raw instead of\n--name-status to retrieve file modes, allowing submodule detection\n(mode 160000) without os.Stat syscalls.\n\nUpdate allFiles to use git ls-files -s to retrieve file modes for\ntracked files, also avoiding os.Stat for them.\n\nChange-Id: Ifcf059710416ba3c87b18d5ae58f2243e2a019b6\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1567473\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "828d606f114e63b9d1243368a3316cb22bd4d3c5", "tree": "b541c04cb803f71a0b40ad132d84c1d963473f39", "parents": [ "bbca022a5cf75eb4d68f8789f7b57c077c556568" ], "author": { "name": "Jiaming Li", "email": "lijiaming@google.com", "time": "Tue Apr 07 12:14:55 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 07 12:14:55 2026 -0700" }, "message": "[cog] Resolve symbolic links before calculating relative paths.\n\nThis ensures that the relative path is calculated against the real file system path, preventing issues when the input file is a symbolic link.\n\nBug: 499411286\nChange-Id: Ib4a474d25d7692ab93577f72800e527079c40025\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1567013\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Jiaming Li \u003clijiaming@google.com\u003e\nCommit-Queue: Jiaming Li \u003clijiaming@google.com\u003e\n" }, { "commit": "bbca022a5cf75eb4d68f8789f7b57c077c556568", "tree": "31370ecef65cfe02cdc9c0f678db1e31e7025d6b", "parents": [ "f5a2c8ee3702a40ec88047233343a5255505ab7d" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Apr 06 16:06:42 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Apr 06 16:06:42 2026 -0700" }, "message": "[engine] Add glob support to ctx.scm functions\n\nAdd a \u0027glob\u0027 argument to ctx.scm.all_files() and\nctx.scm.affected_files() using gitignore glob syntax for more convenient\nfiltering of files.\n\nI also considered using regexes (by comparison, pre-commit uses regexes\nfor selecting which files to check) but decided on globs because they\u0027re\nmore user-friendly, albeit less powerful. Since shac checks use\nimperative Starlark (whereas pre-commit uses declarative JSON) it\u0027s easy\nto fall back to using Starlark filtering for trickier use cases that\naren\u0027t satisfied by globs.\n\nChange-Id: I63ab1a3e56cfcdf10ad3d70f19dcd42f908ac5fd\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1566815\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "f5a2c8ee3702a40ec88047233343a5255505ab7d", "tree": "e0eb45aea6349836e293f564c5df08d727bfc2a7", "parents": [ "dfc5c35d5c129b008d4fda55344f8237117c83bc" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Apr 06 15:07:04 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Apr 06 15:07:04 2026 -0700" }, "message": "[go] Update to go 1.26\n\n- Fixed a couple errors that came from passing non-constant format\n strings to `fmt.Errorf` and `fmt.Sprintf`\n- Ran `go fix ./...` to modernize code, in this case replacing\n `strings.Split` with `strings.SplitSeq` when the indices are not\n needed.\n- Updated an error message check in a test for an error whose wording\n changed on Windows.\n\nChange-Id: Ib3dd1ea8e901b0b062cbadf0302aed4e9c0ee363\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1566773\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\n" }, { "commit": "dfc5c35d5c129b008d4fda55344f8237117c83bc", "tree": "52df6d31dc768360b937d0e7c76279b46ac5798e", "parents": [ "440d19fb4fb47ca4c74b94069164acc6af21e08d" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Apr 06 14:01:08 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Apr 06 14:01:08 2026 -0700" }, "message": "Update deps\n\nGitHub\u0027s Dependabot was reporting some vulnerabilities in our versions\nof gRPC and go-git. I don\u0027t think shac was actually affected by them but\ncan\u0027t hurt to update to newer versions.\n\nChange-Id: I7e54482df12b9982e5dd75082a77eb3be38eb77d\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1566814\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "440d19fb4fb47ca4c74b94069164acc6af21e08d", "tree": "7331391f8717092face47d15629a9ed8b455591b", "parents": [ "8e3416572f5e7cb762445f6dc3abc8993369fee6" ], "author": { "name": "Aidan Wolter", "email": "awolter@google.com", "time": "Mon Apr 06 13:54:21 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Apr 06 13:54:21 2026 -0700" }, "message": "[shac] Support git worktrees and external symlinks in sandbox\n\nTo support running shac in git worktrees, several adjustments were\nnecessary to handle symlinks pointing outside the worktree root and to\nensure SCM operations return correct results.\n\n1. Sandbox Symlink Resolution:\n In `fuse_unix.go`, we now detect if a symlink points outside the\n root directory. If it does, or if it\u0027s a FUSE filesystem, we mount\n the real path. This is crucial for worktrees where the `.git` file\n or other shared resources may point outside the worktree root.\n Without this, sandboxed tools would fail to access these files.\n\n2. SCM `allFiles` Delegation:\n In `runtime_ctx_scm.go`, `specifiedFilesOnly` now delegates\n `allFiles` to the base SCM instead of returning just the specified\n files. This ensures that even when running shac on specific files,\n checks that rely on `ctx.scm.all_files()` can still see the full\n repository context, which is often required for discovery or global\n checks.\n\n3. Sandbox Mounts:\n Added `/usr/share` to the default sandbox mounts in\n `runtime_ctx_os.go` to ensure tools can access shared system data.\n\nTest: Added `NotFuseSymlinkOutside` test in `fuse_unix_test.go`.\n Updated `TestRun_SpecificFiles` in `run_test.go`.\n Ran `go test ./...` and all tests passed.\nChange-Id: I2ee69b5be3bafd3429a70954786d382518dad270\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1566154\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Aidan Wolter \u003cawolter@google.com\u003e\nCommit-Queue: Aidan Wolter \u003cawolter@google.com\u003e\n" }, { "commit": "8e3416572f5e7cb762445f6dc3abc8993369fee6", "tree": "9de24980b68f68d80a7479931ccf334058e3e480", "parents": [ "0fdb11faebb6cf1cf2cf696c746d160dbe8a956b" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Mar 23 13:15:30 2026 -0700" }, "committer": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Mar 23 13:15:30 2026 -0700" }, "message": "[tests] Fix github pipelines\n\n- The macOS tests were failing due to `t.TempDir()` returning a path\n within a symlinked directory. The symlink was being resolved by the\n code under test but not by the test itself, causing failing\n assertions.\n- The Linux tests were failing with permissions errors from nsjail.\n Gemini suggested enabling unprivileged user namespaces in the github\n workflow, which seems to fix the issue.\n\nChange-Id: I7f631f4df8cc516d6061dcbfc882d54713eb055d\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1550880\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "0fdb11faebb6cf1cf2cf696c746d160dbe8a956b", "tree": "f9981511643c2bf4d49933da7ff15e774c05b166", "parents": [ "1bd41f71d977b37fa4cc05570bded8d589104a65" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Mar 19 06:43:22 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 19 06:43:22 2026 -0700" }, "message": "[engine] Fix check existence validation across multiple shac.star files\n\nPreviously, the `--only` and `--exclude` check validation was performed\nindividually for each parsed `shac.star` file. This caused commands like\n`shac check --only buildifier` to fail with a \"check does not exist\"\nerror if the repository contained any nested `shac.star` file that\ndidn\u0027t also define that specific check.\n\nThis commit separates the Starlark parsing phase and the check execution\nphase. Check filtering validation is now deferred until all `shac.star`\nfiles have been loaded. The allowlist and denylist are validated against\nthe global pool of discovered checks across the entire codebase.\n\nI also added:\n- A test to verify the fix.\n- A benchmark that loads a shac.star file with 1,000 checks to ensure\n that separating the parsing and check execution phases doesn\u0027t\n materially impact shac\u0027s runtime (it doesn\u0027t).\n\nChange-Id: Ie2dce6f69a47bd33b11adeed68a48c08ee5ae17c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1545121\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Carver Forbes \u003ccarverforbes@google.com\u003e\n" }, { "commit": "1bd41f71d977b37fa4cc05570bded8d589104a65", "tree": "b555133cc31573dd426dcc2d317e031297171c88", "parents": [ "e70a7440b3c646308ca115406ae33c5ce922afe7" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Mar 19 06:41:28 2026 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 19 06:41:28 2026 -0700" }, "message": "[engine] Ensure standard binary directories are mounted in sandbox\n\nShac\u0027s sandboxing tests had been broken in infra since the Debian 12\nrollout. This is because Debian 12 includes a merged `/usr` layout, with\n`/bin` and `/sbin` as symlinks pointing to `/usr/bin` and `/usr/sbin`.\nAnd `$PATH` on infra machines only includes `/usr/bin` while omitting\n`/bin` entirely.\n\nPreviously, Shac\u0027s nsjail sandbox configuration only bind-mounted the\ndirectories that were explicitly listed in the host\u0027s `$PATH`. Because\nof this, if `/bin` was missing from `$PATH`, the sandbox wouldn\u0027t create\na `/bin` directory or the symlink. This caused any shell scripts using a\nstandard `#!/bin/sh` shebang to fail with an `execve` \"No such file or\ndirectory\" error.\n\nThis commit updates the sandbox configuration to explicitly mount\n`/bin`, `/usr/bin`, `/sbin`, and `/usr/sbin` if they exist on the host\nsystem. This ensures that standard shebangs and basic utilities are\nalways resolvable, regardless of how the CI environment configures\n`$PATH`.\n\nChange-Id: Id79edbc70e801dbd547c0d735c9a1feb2ca9e53e\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1545660\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Carver Forbes \u003ccarverforbes@google.com\u003e\n" }, { "commit": "e70a7440b3c646308ca115406ae33c5ce922afe7", "tree": "4c65ecc4403ed31b7f536a979a2be5c635d39525", "parents": [ "ef3b0318ff010952fc7ec0b8fe310de6eb0369f3" ], "author": { "name": "Colin Nelson", "email": "colnnelson@google.com", "time": "Thu Feb 05 14:44:01 2026 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Feb 05 14:44:01 2026 -0800" }, "message": "fix: emit file if no changes\n\nWhen running `Fix`, if there is a single file, and we are instructed to emit,\nAND there are no findings (aka the file is \"just fine\"), write the file out to\nstdout.\n\nFixes a case in some tools where when the file is \"correct\", they clear\nthe contents of the file as `shac` writes nothing to stdout.\n\nChange-Id: Ifaf7a90c525a69a79b1eba8eab8f690e6a6a6964\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1495327\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Colin Nelson \u003ccolnnelson@google.com\u003e\nCommit-Queue: Colin Nelson \u003ccolnnelson@google.com\u003e\n" }, { "commit": "ef3b0318ff010952fc7ec0b8fe310de6eb0369f3", "tree": "ce10584104f49eb4a05b2de83f54ac8d9c6a9d0b", "parents": [ "14b338085fb79f8c8cbfb397cb0c71932a3f285a" ], "author": { "name": "Colin Nelson", "email": "colnnelson@google.com", "time": "Wed Jan 28 14:46:44 2026 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Jan 28 14:46:44 2026 -0800" }, "message": "[fix] support file input on stdin\n\nFor tools like `jj` to work with their internal formatters (e.g. `jj fix`),\nthe contract is that the formatter takes input of the file on stdin and\noutputs it on stdout.\n\nChange-Id: Iab8d7ccd140ca51e1c26413ae8057e6e6a6a6964\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1486739\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Colin Nelson \u003ccolnnelson@google.com\u003e\n" }, { "commit": "14b338085fb79f8c8cbfb397cb0c71932a3f285a", "tree": "e5ce970eaf18d7e614b90442d226954f1be4b6b6", "parents": [ "dbb1f8727cc13ef01c2607d7bcbc4d52c142f61b" ], "author": { "name": "Colin Nelson", "email": "colnnelson@google.com", "time": "Mon Jan 26 15:31:20 2026 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Jan 26 15:31:20 2026 -0800" }, "message": "[fix]: add option to output to stdout\n\nAdds new CLI flag `--emit` to `fix` which emits the file diffs to stdout\nas opposed to writing the files.\n\nBug: b/478922736\nFixed: b/478922736\nChange-Id: Ifd3fa361a790e46c9b1dd6b0c9d6ac836a6a6964\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1485280\nFuchsia-Auto-Submit: Colin Nelson \u003ccolnnelson@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Colin Nelson \u003ccolnnelson@google.com\u003e\n" }, { "commit": "dbb1f8727cc13ef01c2607d7bcbc4d52c142f61b", "tree": "66d8d08611a78241622655efc7129229ff983179", "parents": [ "0661e13549326be026a124ede89f3437791ece26" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Jan 06 16:16:14 2026 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Jan 06 16:16:14 2026 -0800" }, "message": "Remove `x :\u003d x` instances\n\n... and apply some other modernizations, by running:\n\n go run golang.org/x/tools/go/analysis/passes/modernize/cmd/modernize@latest -fix ./...\n\nChange-Id: I7a303239301cd758f2412c09cb44285f21a7a02c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1468348\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "0661e13549326be026a124ede89f3437791ece26", "tree": "8a0e512c64a3a67b66891a9633b9c3b9eabb04b0", "parents": [ "12f4bbe1d428fdf7a36dabd88a0b8131dafef490" ], "author": { "name": "Chase Latta", "email": "chaselatta@google.com", "time": "Tue Jan 06 13:28:36 2026 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Jan 06 13:28:36 2026 -0800" }, "message": "Update Mounts to work correctly in FUSE\n\nWhen running shac from within a FUSE filesystem, symlinks pointing\noutside the FUSE root (like tool prebuilts) are often broken inside the\nsandbox because the target real paths are not mounted by default. Additionally, binding\nFUSE paths directly can fail with \"Invalid argument\" if the filesystem\ndoesn\u0027t support certain mount flags (e.g. MS_RDONLY).\n\nThis change implements `resolveFuseMounts` to handle these FUSE scenarios by:\n\n1. **Resolving Recursive Symlinks**: Walking up the directory tree of\n each mount (and the command executable) to find and resolve parent\n symlinks. This ensures that tools relying on sibling directories (e.g.,\n Python needing `../lib` relative to `.../bin/python`) work correctly\n by reconstructing the necessary directory structure inside the sandbox.\n\n2. **Mounting Real Paths**: Instead of binding the FUSE path\n directly, it resolves paths to their underlying physical locations and mounts both:\n * `Real -\u003e Real`: To ensure internal validity of symlinks (target exists).\n * `Real -\u003e Virtual`: To overlay the FUSE path with real content, satisfying\n the user\u0027s request while bypassing FUSE bind-mount limitations.\n\n3. **Including Command Executable**: Explicitly scanning the command executable\n path for external symlinks, ensuring required binaries and their\n dependencies are mounted even if they weren\u0027t explicitly requested in\n the config.\n\n4. **Enforcing Sorting by Destination**: Updating the mount sorting logic to\n sort by *Destination* path. This is critical for the overlay strategy,\n ensuring that parent directories (e.g., the workspace root) are mounted\n before their specific subdirectory overlays.\n\nThis resolves errors like:\n- `remountPt(): ... Invalid argument` (FUSE bind failure)\n- `statvfs(...): No such file or directory` (Mounting over broken symlinks)\n- `ModuleNotFoundError` (Python missing libraries due to missing sibling mounts)\n\nBug: 460750712\nChange-Id: I2f44461b8b3e7d4d3b0f7404024d21d31d60d8f7\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1460776\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Chase Latta \u003cchaselatta@google.com\u003e\n" }, { "commit": "12f4bbe1d428fdf7a36dabd88a0b8131dafef490", "tree": "c06a71ee9ea0b1b0a42fbae486305bcbf2a8c9e1", "parents": [ "ad84ec8dd63868e1d210eca3f527f282404c4b6d" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Aug 28 15:31:40 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Aug 28 15:31:40 2025 -0700" }, "message": "[shac] Log full command before running\n\n... when the verbose `-v` flag is set. This will help debug nsjail\nissues since it will print the full nsjail command line.\n\nChange-Id: I8bc557c28c833821c2a985334cc9551c2a3c9c5f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1356847\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "ad84ec8dd63868e1d210eca3f527f282404c4b6d", "tree": "348b9fd864a4e789b83970c451ffbcffe188aa2e", "parents": [ "253a8655f7705723355be629dd058c0ab51bf3fe" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Jul 07 12:33:42 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Jul 07 12:33:42 2025 -0700" }, "message": "[shac] Allow col\u003d\u003dend_col for findings\n\nIf a finding happens due to some missing text that needs to be inserted\nto fix it (but doesn\u0027t require deleting any existing characters) then\nthe finding will have col\u003d\u003dend_col. This is perfectly valid and should\nbe allowed.\n\nChange-Id: I79fec4e589f30cbf4fcec1640a2c6b114de61c75\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1316185\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "253a8655f7705723355be629dd058c0ab51bf3fe", "tree": "48efa93537a4d7ac5cb7f5a025654c2171f6d97d", "parents": [ "28c0266d9df7334844a162e48cb6f96a97b35f6e" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Jul 07 11:59:24 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Jul 07 11:59:24 2025 -0700" }, "message": "[shac] Update golang.org/x/net\n\nFixes a couple moderate security issues reported by GitHub\u0027s dependabot.\n\nSteps:\n1. `go get -u golang.org/x/net`\n2. `go mod vendor`\n3. `go mod tidy`\n\nChange-Id: I594e643fdf3055c214b5b79dc1d717d72b30ce89\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1316184\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "28c0266d9df7334844a162e48cb6f96a97b35f6e", "tree": "3f4594558bcf29bcd5aeef82b10df384d160b4cc", "parents": [ "06d3fb33656f89bdf30c8447b1b02865b7c50981" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon May 12 11:28:15 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon May 12 11:28:15 2025 -0700" }, "message": "[shac] Add --skip flag to check\n\nThis will be useful for things like skipping especially slow checks when\nrunning pre-commit git hooks.\n\nBug: 416713101\nChange-Id: I647341de0a2adf1d6703156ec56c401e2263600c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1272844\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "06d3fb33656f89bdf30c8447b1b02865b7c50981", "tree": "a3ffa8a2767dd4b4774e6806068529208d848a8d", "parents": [ "295efabaf6bcf922f02a42d00d51c5d0dfb64607" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Apr 15 12:40:00 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 15 12:40:00 2025 -0700" }, "message": "[engine] Use result of slices.Compact\n\nslices.Compact returns a value instead of mutating the input, so the old\ncode was not actually removing duplicates.\n\nThis only mattered when files were based as positional arguments to\n`shac check`, which is not super common, and even less common that\nsomeone would list the same file twice, hence why we didn\u0027t notice it\nuntil it started being raised by the \"lint\" GitHub workflow.\n\nI also updated the `govet` shac check to include the analyzer that was\ncatching this in the GitHub workflow.\n\nChange-Id: I4a0eb6014d9d9dc1edc225ea60bf76d1fcc3f950\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1252105\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "295efabaf6bcf922f02a42d00d51c5d0dfb64607", "tree": "ef8cc5afe4ad3680189f82de8c51aadcaece6716", "parents": [ "73b01ea24fcb006f1b0a9911c4fc445418b29eeb" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Apr 15 12:35:03 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 15 12:35:03 2025 -0700" }, "message": "[go] Update go version in github workflows\n\n... to correspond to what\u0027s declared in go.mod. Also add Gerrit\nif-this-then-that blocks to reduce the likelihood of these versions\ngetting out of sync again.\n\nChange-Id: Ied3f995b4f4d2640ea1d5fe513082162481ae501\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1252104\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "73b01ea24fcb006f1b0a9911c4fc445418b29eeb", "tree": "01beb550f88282e961a455f8723a8da003e2871c", "parents": [ "4e34b9f9fb6cd2f108d94046add0afb0a6c4a812" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Apr 09 11:39:11 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Apr 09 11:39:11 2025 -0700" }, "message": "[reporting] Use lower-level difflib output\n\nUse the lower-level `GetGroupedOpCodes()` difflib function, which\nreturns a list of structs representing the diff output, instead of\nusing `GetUnifiedDiffString()` which returns a human-readable output\nthat then needs to be parsed into the Sarif format.\n\nThis greatly simplifies the conversion code and also fixes a bug caused\nby the string parsing logic: if the old code didn\u0027t have a trailing\nnewline on the last line, and the new code added one, the diff would\nsquash the + and - lines into one because of the lack of a newline\n(basically conflating newlines in source versus newlines to separate the\ndiff lines).\n\nBug: 408229390\nChange-Id: Id6277274ccb089bb32cce620cc65c43f8997c599\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1248984\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "4e34b9f9fb6cd2f108d94046add0afb0a6c4a812", "tree": "bfc7a4a8765dbdf156d70acb4f7890cd7d1d39cd", "parents": [ "a192667c60311c8c2a4e4de8542bdc0c264cb250" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Apr 08 19:31:28 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 08 19:31:28 2025 -0700" }, "message": "[reporting] Split full-file diffs for readability\n\nIt\u0027s common for findings from code formatters to have suggested\nreplacements that cover the entire file. However, the resulting diff as\nshown in Gerrit is not very readable because it shows the entire file\ncontents twice even when only a small number of lines would change.\n\nNow we use a diffing library to split full-file diffs into small chunks,\nso we don\u0027t show large unchanged parts of the file in Gerrit.\n\nThis is especially important now that we\u0027re migrating from Gerrit robot\ncomments to Gerrit findings for showing these results. Gerrit findings\npresent the suggested diff much more prominently than did robot\ncomments, so it\u0027s more important that the diff not be huge and\nunhelpful.\n\nBug: 408229390\nChange-Id: I39eb10348c8b9d466e1eebe8e1d688a26b2cae24\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1245364\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "a192667c60311c8c2a4e4de8542bdc0c264cb250", "tree": "e458e01c28f9895f2647e8b647c082478c58a0b2", "parents": [ "bf297ac0d953130343d4be68ddec06ac3b1897c2" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri Apr 04 11:41:51 2025 -0700" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 04 11:41:51 2025 -0700" }, "message": "[checks] Fix gosec and shadow\n\nChange-Id: Id4215c6470f820df9533ee7efd570959230a102c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1245384\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "bf297ac0d953130343d4be68ddec06ac3b1897c2", "tree": "fa727259c1b60f254a26e95f1405c49edaf7adfd", "parents": [ "f304272c4bfcac068054fec859415f7bc1d158ae" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Jan 07 11:11:53 2025 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Jan 07 11:11:53 2025 -0800" }, "message": "Update go to 1.23.4\n\nChange-Id: I4a660623799dc3bb172f05a0bd5d60e4ff1c8154\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1183852\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "f304272c4bfcac068054fec859415f7bc1d158ae", "tree": "6a39e3f0617611798ea896283a9cbeede35423d5", "parents": [ "1952693c35413e08784683e50557ba0654476ecc" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Jan 07 11:09:33 2025 -0800" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Jan 07 11:09:33 2025 -0800" }, "message": "[go.mod] Update go-git\n\nBy running:\n\n1. go get -u github.com/go-git/go-git/v5\n2. go mod tidy\n3. go mod vendor\n\nFixed: 388112436\nChange-Id: I7d2f4da6a4d76644244b0b8c926d0cfb27ffcdc6\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1183374\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "1952693c35413e08784683e50557ba0654476ecc", "tree": "6dcc0576ac6bff293701ded0464f85b123c26909", "parents": [ "3b5f780911445d7371d8df77176d2a0e72affb79" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Aug 01 22:15:32 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Aug 01 22:15:32 2024 +0000" }, "message": "[scm] Use correct action when returning all files\n\nPreviously, every file returned by `ctx.scm.all_files()` or (when the\n`--all` flag was set) `ctx.scm.affected_files()` would have a \"A\" in its\naction field, falsely implying that all files were newly added, and thus\nmaking it impossible for checks to accurately determine whether a file\nwas new or not.\n\nNow files will have the correct action value even when all files are\nreturned.\n\nTo test, I ran a locally compiled version of shac with this change\nthrough the static-checks builder in led and confirmed that a check that\nonly checks files with action\u003d\"A\" no longer reports any findings:\nhttps://ci.chromium.org/ui/p/fuchsia/builders/try.shadow/static-checks/b8740770129818037905/test-results?q\u003dExactID%3Ashac%2Funderscore_vs_dash+VHash%3Ae3b0c44298fc1c14\n\nChange-Id: I4dfd50386d6de9659eb9f8d91647fb22ce7a6c84\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1092836\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "3b5f780911445d7371d8df77176d2a0e72affb79", "tree": "8ce501c4c1ead9d4d72d41adf4ebb12315a57bb5", "parents": [ "a9d602b39816adfb217fcbf36a3424e73ca297af" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri May 31 20:19:29 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri May 31 20:19:29 2024 +0000" }, "message": "Update go-git to v5\n\nGenerated by adding \"/v5\" to the import paths and then running:\n\n $ go get -t ./...\n $ go mod tidy\n $ go mod vendor\n\nChange-Id: I41ce6e7fac0a104c5a1bea1c3965019c5b74f134\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1057575\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Danielle Kay \u003cdanikay@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "a9d602b39816adfb217fcbf36a3424e73ca297af", "tree": "83598bab7ea33ae23d203304c4a8380116101f90", "parents": [ "3c781e6f8d723ad2856e407b98d53f2deaa0d4bc" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri May 31 20:18:50 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri May 31 20:18:50 2024 +0000" }, "message": "Update Go dependencies\n\nGenerated by running:\n\n $ go get -u -t ./...\n $ go mod tidy\n $ go mod vendor\n\nThis should fix some Dependabot alerts in GitHub.\n\nThe only code change required was a fix for a test\u0027s expected error\nmessage, likely resulting from a minor change to starlark-go\u0027s parsing\nlogic.\n\nRunning `go get` with Go 1.22 caused Go to add a `toolchain` directive\nto go.mod, which in turn caused Go commands to try to download the\nspecified toolchain version on-the-fly if it differed from the currently\ninstalled version. This is overly pedantic in most cases, so I set the\n`GOTOOLCHAIN` env var on Go checks to point to the currently installed\nversion to prevent internet accesses.\n\nChange-Id: If9581d7dc5aab23a1acaebe0304d7b9bf417a89d\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1052073\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Rob Mohr \u003cmohrr@google.com\u003e\n" }, { "commit": "3c781e6f8d723ad2856e407b98d53f2deaa0d4bc", "tree": "628474ac3dea8a72367d8ac121f8e4443cb44e47", "parents": [ "d2ee6f43f9ef0be1d59771b4cddc771fad981744" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri May 31 20:18:19 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri May 31 20:18:19 2024 +0000" }, "message": "[checks] Set GOWORK\u003doff\n\nThis ensures that Go commands always use the versions of libraries\nspecified in go.mod, and thus that are vendored in the /vendor\ndirectory. Otherwise, when working in a Go workspace, Go commands would\ntry to use the version of each library from the workspace, which\nwouldn\u0027t necessary be in the /vendor directory, and would fall back to\ntrying to download from the internet.\n\nAlso set `GOPROXY\u003doff` for better error messages in the future - it\nshould now indicate better *why* it\u0027s trying to connect to the internet,\nrather than trying to connect and failing.\n\nFinally, update the `gosec` and `shadow` versions since the old versions\nseem to be crashing on newer code.\n\nChange-Id: I14b22ef9565a1181fc54d3c5cacf0573844358a5\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1058532\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Danielle Kay \u003cdanikay@google.com\u003e\n" }, { "commit": "d2ee6f43f9ef0be1d59771b4cddc771fad981744", "tree": "792a4f32e89384787512b8035a889d25d21cdb8b", "parents": [ "7148098779af3c64634e2c34a15458137bee25f5" ], "author": { "name": "Rob Mohr", "email": "mohrr@google.com", "time": "Wed May 22 14:17:03 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed May 22 14:17:03 2024 +0000" }, "message": "[doc] Fix argument name in example\n\nChange-Id: If06c7131933720a457416bd98f19438ecf8737ba\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1052124\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Rob Mohr \u003cmohrr@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "7148098779af3c64634e2c34a15458137bee25f5", "tree": "379548e67f0bf63250c61e00c71ec3a156b63c67", "parents": [ "7e0cb4c2338fcd5005876da9ef0ddf4df29e1be1" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed May 22 14:13:35 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed May 22 14:13:35 2024 +0000" }, "message": "Fix link in CONTRIBUTING.md\n\nIt previously referenced a file in the main fuchsia repository that\ndoesn\u0027t exist here. The referenced file in the fuchsia repo also\ncontains fuchsia-specific instructions that aren\u0027t relevant for shac, so\ninstead I chose to link to the generic Gerrit docs.\n\nChange-Id: Id2cfc157d5ce8a031ca48728b7a26462d334f766\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1050514\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Rob Mohr \u003cmohrr@google.com\u003e\n" }, { "commit": "7e0cb4c2338fcd5005876da9ef0ddf4df29e1be1", "tree": "4a7cb39d725fe5fe3db2adef02b872f6411ff8e3", "parents": [ "f2f79afd3b329a6ce556f97f73931138e1235808" ], "author": { "name": "Rob Mohr", "email": "mohrr@google.com", "time": "Tue May 21 22:34:38 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue May 21 22:34:38 2024 +0000" }, "message": "[README] Expand no_trailing_whitespace example\n\nExpand the no_trailing_whitespace example to work with \u0027shac fmt\u0027.\n\nChange-Id: Ib029169cf5e01519e7bc7877d64e17d94f11c26f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/1051018\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Rob Mohr \u003cmohrr@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "f2f79afd3b329a6ce556f97f73931138e1235808", "tree": "9f31747a9a93bea49100bb9ec5f6a430b7838895", "parents": [ "adb70a5f398a89191aa1d425b4dd8b24bf2f0b84" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@gmail.com", "time": "Tue Feb 20 16:11:51 2024 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Feb 20 16:11:51 2024 +0000" }, "message": "Update pinned dependencies\n\nThis permits to use the stock google.golang.org/protobuf\nThis add BugComponent to ResultDB.\n\nChange-Id: I9c17184a966943bc6fd919b44637effb7b7d5c1c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/992852\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: David Fang \u003cfangism@google.com\u003e\n" }, { "commit": "adb70a5f398a89191aa1d425b4dd8b24bf2f0b84", "tree": "8e273f7bfbec4e99dfed16981a31eb9cb5a6a444", "parents": [ "4a57f93c781074d2857b851ed6ef31e03292676e" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@gmail.com", "time": "Mon Oct 16 21:20:54 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Oct 16 21:20:54 2023 +0000" }, "message": "Fix shac check on Windows\n\nShare the Go modules across installation, while using separate sumdb\n(via separate GOPATH) to work around race conditions.\n\nChange-Id: Iae8ae78a2cbd2cc8aa7c4d76ba35a8d8e5812c50\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/931379\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "4a57f93c781074d2857b851ed6ef31e03292676e", "tree": "8637c4dc2f15869cfb5e42cd0c888003119eea90", "parents": [ "308e5025c1d28d3834643bc76a2cd7094a268a79" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@gmail.com", "time": "Mon Oct 16 21:18:51 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Oct 16 21:18:51 2023 +0000" }, "message": "Fix tests on Windows\n\n- Use echo hello world consistently.\n- Use cmd.exe /c echo hello world on Windows.\n- Stop using os.Clearenv() and instead selectively clear environment\n variables.\n\nDoes not fix \"shac check\" on Windows yet. It will be done in a follow\nup.\n\nChange-Id: I366f42dabf6bc5899ba98c7a38c0afea519a28b2\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/931712\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "308e5025c1d28d3834643bc76a2cd7094a268a79", "tree": "c108685eb4cfd4b14dbefcc2bb0409881767627d", "parents": [ "d9d4a62eebe77b1fdd6143e9c633625b87e1cdf1" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Oct 16 15:47:51 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Oct 16 15:47:51 2023 +0000" }, "message": "[engine] Include arguments in `emit` errors\n\nThis will make debugging slightly easier when encountering these errors.\n\nChange-Id: Ie9c671889c715dd64fb045aed057d451c437cd13\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/931036\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "d9d4a62eebe77b1fdd6143e9c633625b87e1cdf1", "tree": "df94b73dba612863dece735302ec555f4b94cf49", "parents": [ "523a1d3723ebc7e7068bc0c0d76a79ba7e2551a7" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 12 15:08:14 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 12 15:08:14 2023 +0000" }, "message": "[engine] Update starlark-go\n\nThe latest version of starlark-go deprecates the global `resolve.Allow*`\nfields in favor of a `syntax.FileOptions` object that gets passed into\nthe parsing function.\n\nI added a test to make sure the optional features are still enabled. I\ndidn\u0027t include a test for `while` because it\u0027s not supported by\nbuildifier.\n\nChange-Id: I5495674963624c2d303a95615ea7942a625aa645\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/930355\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "523a1d3723ebc7e7068bc0c0d76a79ba7e2551a7", "tree": "439bd566110969fa378f157b17433cd866c456d5", "parents": [ "505bdf3fc42854ce1e89795f1f9a06c65dbc80c2" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 12 14:32:18 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 12 14:32:18 2023 +0000" }, "message": "Update Go deps\n\nThis resolves 2 GitHub security dependabot alerts for golang.org/x/net\nthat aren\u0027t actually relevant to shac but cause noise.\n\nThe only dep I didn\u0027t update to the latest version is go.starlark.net\nsince the latest version deprecates several fields, which breaks\nstaticcheck, so I\u0027ll update it in a follow-up.\n\nGenerated by running:\n\n1. `go get -u ./...`\n2. `go get go.starlark.net@v0.0.0-20230807144010-2aa75752d1da`\n3. `go mod vendor`\n4. `go mod tidy`\n\nChange-Id: I31a188133c578bb230282e8d8ddc454b0f3ab4dd\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929897\nReviewed-by: Yuping Zhai \u003cyupingz@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "505bdf3fc42854ce1e89795f1f9a06c65dbc80c2", "tree": "db53da01974b96f94688fe152f3f81e366cad6bf", "parents": [ "1f0699b92d3cf42902ae326cd24807ccf0cfd2c7" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 12 13:46:52 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 12 13:46:52 2023 +0000" }, "message": "[tests] Fix breakage on Windows\n\nThe Windows equivalent of $HOME is $LocalAppData, we need to give checks\naccess to that var as well or else `go` commands fail because they can\u0027t\nevaluate a cache directory, which has broken the tests in the Windows\nGitHub workflow.\n\nAlso be more consistent about not using trailing commas after textproto\nfields, since they\u0027re unnecessary.\n\nChange-Id: Ia3c396bd78f2d72eff18ebb2b1e1394eb878fefe\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/930374\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "1f0699b92d3cf42902ae326cd24807ccf0cfd2c7", "tree": "9ca35157ba6dafe3d4867f5093fea13ab88a1973", "parents": [ "8c21becb480d4c1536001dfc8590b6ea7cc4f621" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 12 06:46:58 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 12 06:46:58 2023 +0000" }, "message": "[engine] Simplify subprocess running code\n\nSeparate calls to Start() and Wait() can be collapsed into Run().\n\nChange-Id: I89cb2324d2210617914aeb3f88ff6978d9f8eb49\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/930375\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "8c21becb480d4c1536001dfc8590b6ea7cc4f621", "tree": "ed343f7b6876a327d738bdd07f4d9a08a6280fbd", "parents": [ "9a096d6659b0a2853f2132843de80402335b2771" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Oct 11 18:01:47 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Oct 11 18:01:47 2023 +0000" }, "message": "Reland \"[engine] Limit number of active subprocesses\"\n\nThis reverts commit 0dae038b1f9471122d08633e0e246f8436c24275.\n\nReason for revert: There was a potential for deadlocks in the first\nversion of this change. Previously, the semaphore used to limit the\nnumber of running subprocesses wouldn\u0027t get released, allowing another\nsubproces to start, until the subprocess completed *and* the `wait()`\nStarlark function was called on the subprocess object.\n\nThis meant that it was not safe to launch a large number of subprocesses\nand then call `wait()` on them in any order other than the same order in\nwhich they were started. Otherwise the code would run the risk of\ncalling `wait()` on a subprocess that couldn\u0027t start until another\nsubprocess had `wait()` called on it, leading to a deadlock.\n\nNow the semaphore gets released by a separate goroutine immediately\nafter the subprocess completes, even if the Starlark code hasn\u0027t called\n`wait()` yet, making this class of deadlock impossible.\n\nOriginal change\u0027s description:\n\u003e Revert \"[engine] Limit number of active subprocesses\"\n\u003e\n\u003e This reverts commit 612779b564d2ba08167db3f63f4166fa012729bd.\n\u003e\n\u003e Reason for revert: `shac check --all` is hanging in large repos:\n\u003e https://ci.chromium.org/b/8767597391211255425\n\u003e\n\u003e Original change\u0027s description:\n\u003e \u003e [engine] Limit number of active subprocesses\n\u003e \u003e\n\u003e \u003e Previously the number of concurrent subprocess invocations launched by\n\u003e \u003e `ctx.os.exec()` was unbounded, which could place a strain on the system.\n\u003e \u003e Now there\u0027s effectively a pool of NumCPU+2 workers for running\n\u003e \u003e subprocesses.\n\u003e \u003e\n\u003e \u003e `ctx.os.exec()` returns immediately, but the underlying subprocess is\n\u003e \u003e started asynchronously.\n\u003e \u003e\n\u003e \u003e `ba -against main` showed no significant difference in the results of\n\u003e \u003e the `ctx.os.exec()` benchmarks.\n\u003e \u003e\n\u003e \u003e Change-Id: I76e4542249783c9a503f0f927e327e9f90f8bb04\n\u003e \u003e Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/867979\n\u003e \u003e Reviewed-by: Ina Huh \u003cihuh@google.com\u003e\n\u003e \u003e Commit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n\u003e\n\u003e Change-Id: Icfd3611825b1995948c856170ddc353b7ebfb1eb\n\u003e No-Presubmit: true\n\u003e No-Tree-Checks: true\n\u003e No-Try: true\n\u003e Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929633\n\u003e Fuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n\u003e Commit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n\u003e Reviewed-by: RubberStamper 🤖 \u003candroid-build-ayeaye@system.gserviceaccount.com\u003e\n\nChange-Id: Iefdd7aebc04d03e60f925f136a08eebc28e5bb63\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929654\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "9a096d6659b0a2853f2132843de80402335b2771", "tree": "70bb696081fb906583cd06abca2028687576b9fc", "parents": [ "0dae038b1f9471122d08633e0e246f8436c24275" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Oct 11 17:49:56 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Oct 11 17:49:56 2023 +0000" }, "message": "[cli] Print goroutine stacktrace on SIGTERM\n\nThis will help debug current and future timeouts in infrastructure, e.g.\ncommit 612779b564d2ba08167db3f63f4166fa012729bd had to be reverted\nbecause it was causing shac to apparently hang.\n\nChange-Id: I9c95b0e5088a967abfc384a82f1b2acf56278b8b\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929634\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "0dae038b1f9471122d08633e0e246f8436c24275", "tree": "8265a628481d33bb7cbce0a94ed09488be8e8fba", "parents": [ "612779b564d2ba08167db3f63f4166fa012729bd" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Oct 10 20:05:10 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Oct 10 20:05:10 2023 +0000" }, "message": "Revert \"[engine] Limit number of active subprocesses\"\n\nThis reverts commit 612779b564d2ba08167db3f63f4166fa012729bd.\n\nReason for revert: `shac check --all` is hanging in large repos: \nhttps://ci.chromium.org/b/8767597391211255425\n\nOriginal change\u0027s description:\n\u003e [engine] Limit number of active subprocesses\n\u003e\n\u003e Previously the number of concurrent subprocess invocations launched by\n\u003e `ctx.os.exec()` was unbounded, which could place a strain on the system.\n\u003e Now there\u0027s effectively a pool of NumCPU+2 workers for running\n\u003e subprocesses.\n\u003e\n\u003e `ctx.os.exec()` returns immediately, but the underlying subprocess is\n\u003e started asynchronously.\n\u003e\n\u003e `ba -against main` showed no significant difference in the results of\n\u003e the `ctx.os.exec()` benchmarks.\n\u003e\n\u003e Change-Id: I76e4542249783c9a503f0f927e327e9f90f8bb04\n\u003e Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/867979\n\u003e Reviewed-by: Ina Huh \u003cihuh@google.com\u003e\n\u003e Commit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n\nChange-Id: Icfd3611825b1995948c856170ddc353b7ebfb1eb\nNo-Presubmit: true\nNo-Tree-Checks: true\nNo-Try: true\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929633\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: RubberStamper 🤖 \u003candroid-build-ayeaye@system.gserviceaccount.com\u003e\n" }, { "commit": "612779b564d2ba08167db3f63f4166fa012729bd", "tree": "a08c5332892367e7f114d6c4af6c41331148d525", "parents": [ "cf172301993250b31d532152bc8c834eaee8131e" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Oct 10 18:53:15 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Oct 10 18:53:15 2023 +0000" }, "message": "[engine] Limit number of active subprocesses\n\nPreviously the number of concurrent subprocess invocations launched by\n`ctx.os.exec()` was unbounded, which could place a strain on the system.\nNow there\u0027s effectively a pool of NumCPU+2 workers for running\nsubprocesses.\n\n`ctx.os.exec()` returns immediately, but the underlying subprocess is\nstarted asynchronously.\n\n`ba -against main` showed no significant difference in the results of\nthe `ctx.os.exec()` benchmarks.\n\nChange-Id: I76e4542249783c9a503f0f927e327e9f90f8bb04\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/867979\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "cf172301993250b31d532152bc8c834eaee8131e", "tree": "8265a628481d33bb7cbce0a94ed09488be8e8fba", "parents": [ "b0fc6611c911bc4dd0896b0dde24a7e679a18291" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Oct 10 18:24:25 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Oct 10 18:24:25 2023 +0000" }, "message": "[engine] Accept None for optional args to ctx.emit.finding\n\nThis will enable simpler integration with certain linting tools that\nemit output that then needs to be translated to shac\u0027s finding schema.\nE.g. some linting tools emit JSON output that omits empty fields, or\nsets their values to null, so it\u0027s handy to be able to do `replacements\n\u003d output.get(\"replacements\")` and have it \"just work\" even if\n`replacements` is not set or is null.\n\nChange-Id: I53ffcb3fb4d64081a13cc55f72343c9eff0eef9f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929632\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "b0fc6611c911bc4dd0896b0dde24a7e679a18291", "tree": "d5da66a86f1af55ee68c07d01a4f23511fb6e0e6", "parents": [ "d92939a591fbd494631c89bf8bb054e760496d8e" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Oct 10 17:44:59 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Oct 10 17:44:59 2023 +0000" }, "message": "[buffers] Catch duplicate buffers.push() calls\n\nPreviously, if the same buffer gets returned to the buffer pool multiple\ntimes (which should never happen, but could happen if a bug was\nintroduced that led to `buffers.push()` being called multiple times with\nthe same buffer), the buffer could subsequently be returned to multiple\ndifferent goroutines by `buffers.get()`. This would lead to parallelism\nbugs as multiple goroutines try to write to the same buffer.\n\nNow `buffers.push()` will panic if the buffer being pushed is already in\nthe buffer pool.\n\nChange-Id: I701b2f45cdce8085bcdbb4d1b2bbb2247dd0ee21\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929154\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "d92939a591fbd494631c89bf8bb054e760496d8e", "tree": "cb5f075e885c3ebc3e591a8c62986f661e3398ba", "parents": [ "2ca3a4fbbe1e58932a3515e5894c7422d5081dac" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Oct 09 19:31:19 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Oct 09 19:31:19 2023 +0000" }, "message": "[engine] Use relative paths in `shac fmt` output\n\nThis is less verbose and repetitive than using absolute paths.\n\nChange-Id: I2a12f097e41e4542f4f4416cfe9934bbaf0c86ee\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/929013\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "2ca3a4fbbe1e58932a3515e5894c7422d5081dac", "tree": "33dea7d86bcf783ee130bd2ed87d930a223fd079", "parents": [ "5d6681e44ae956420851e75d0757bc40848f1ffb" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 05 22:55:32 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 05 22:55:32 2023 +0000" }, "message": "[resultdb] Add more context to error messages\n\n... on the off chance that somebody has the `LUCI_CONTEXT` env var set\nlocally with some invalid value.\n\nChange-Id: I38c247b42706529e01de649ed3a0f47a62e3cd6e\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/927714\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "5d6681e44ae956420851e75d0757bc40848f1ffb", "tree": "74e0980c0acf49ff609577633c134631a3b4d66b", "parents": [ "247f7795e4fed68d3d4f6337de3020efb0dcd247" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 05 22:55:01 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 05 22:55:01 2023 +0000" }, "message": "[cli] Move env var modification into init()\n\n... so it applies to all tests in this package, and so the tests can go\nback to using `t.Parallel()`.\n\nBased on code review comments from\ncommit 247f7795e4fed68d3d4f6337de3020efb0dcd247.\n\nChange-Id: Ibc5a0c47c492f8d4ac390d2413e0e7e493a5562f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/927992\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "247f7795e4fed68d3d4f6337de3020efb0dcd247", "tree": "fb14413309350e666cee153a14322ee8feacead6", "parents": [ "5315ff82632419805df5b25b6a7f36d899d57988" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 05 18:36:38 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 05 18:36:38 2023 +0000" }, "message": "[cli] Make tests not be sensitive to env\n\ncommit 5315ff82632419805df5b25b6a7f36d899d57988 added these tests that\nrun shac nearly end-to-end, including automatic selection of reporting\nmechanism. The reporting mechanism selection is sensitive to the\nenvironment and in particular is somewhat picky about how the ResultDB\nenvironment is set up, so the tests fail if they\u0027re run on a builder\nwith ResultDB enabled but without the process being wrapped by `rdb\nstream`: https://ci.chromium.org/b/8768055331277189409\n\nChange-Id: Idc006375834a225d207413a7962baad1083a8abf\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/927713\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "5315ff82632419805df5b25b6a7f36d899d57988", "tree": "83a73011d3ef7cd5ecbedb0f0ef53a097e352f86", "parents": [ "45245cedfc897061f483fd5e8389123fe8cf8cb8" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Oct 05 17:43:33 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Oct 05 17:43:33 2023 +0000" }, "message": "[engine] Support specifying an allow-list of checks\n\n... user-controllable via an `--only \u003ccheck1\u003e,\u003ccheck2\u003e` flag.\n\nThis has a couple use cases:\n1. Allowing users to only run one specific check to save time while\n iterating on a new check implementation.\n2. Rerunning checks to resolve conflicts when applying fixes, but\n skipping checks for which fixes were already successfully applied.\n This will come in a future change.\n\nChange-Id: I503d5d07d20602262e364c45b16707a042eafcc9\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/927712\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "45245cedfc897061f483fd5e8389123fe8cf8cb8", "tree": "123f6531c4ac30dbdba9b9313a311f89ae04d910", "parents": [ "3cab7b9276042c142f266dfa38d90772709f63b7" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Oct 04 16:19:50 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Oct 04 16:19:50 2023 +0000" }, "message": "[engine] Improve error messages when run in invalid directory\n\n1. --var flags are not validated until after shac determines that the\n working directory is valid (i.e. contains a shac.star file).\n2. If a shac.star file cannot be discovered via git, print the expected\n location of the shac.star file.\n3. If a --var flag is specified but no shac.textproto file exists, use a\n slightly different error message to make it more clear that\n shac.textproto doesn\u0027t exist yet.\n\nChange-Id: I6bed59f60b73e9ecff0caec97c152f2f7ea94fb7\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/926852\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "3cab7b9276042c142f266dfa38d90772709f63b7", "tree": "c3e01349cabb88eefd7f54014af0f31f0c5d75e5", "parents": [ "34074c1e0c12bc6302aba12b831825cf27e7aa7d" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Oct 03 21:25:11 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Oct 03 21:25:11 2023 +0000" }, "message": "[engine] Don\u0027t try to mount invalid PATH elements\n\nSkip trying to mount any elements of $PATH that are not valid absolute\npaths. This makes shac resilient to weirdly/improperly configured\nenvironments.\n\nChange-Id: Ib6ba47798433c68c1b19e07e2afc49e172f4ee98\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/926132\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "34074c1e0c12bc6302aba12b831825cf27e7aa7d", "tree": "fbc39ba0eac6466188873fadd227de4c67dd5faf", "parents": [ "1d1ca72e3982825749575b0e0a4cf9f1a3c82809" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Oct 03 17:36:43 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Oct 03 17:36:43 2023 +0000" }, "message": "[checks] Fix govet docstring\n\nThis was a copy-paste error.\n\nChange-Id: I670723ecce0c05bf2cebf4bc0871e2e5e901948c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/925199\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Ina Huh \u003cihuh@google.com\u003e\n" }, { "commit": "1d1ca72e3982825749575b0e0a4cf9f1a3c82809", "tree": "5b18f1407bf1eb9b81655c72366a8d2806b3ccdb", "parents": [ "257dfa5868316879d4486f23de84fb741c9f62f5" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Oct 02 17:10:11 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Oct 02 17:10:11 2023 +0000" }, "message": "[checks] Add govet\n\nMost of go vet\u0027s checks overlap with other linters we already\nimplemented support for, but the `copylocks` check in particular is not\nenforced by the existing linters, so we should run that along with any\nfuture analyzers we discover are not enforced by other lintesr.\n\nChange-Id: Ie85f8085721b5d1006740d36a0c9bff7bba167b5\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/925054\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "257dfa5868316879d4486f23de84fb741c9f62f5", "tree": "a9e9aa97f14c0afded1fe52bd1d1d4fbe53f6b6b", "parents": [ "c1476aedb83e88a9c472afe71077cd761b67729e" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Oct 02 15:53:22 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Oct 02 15:53:22 2023 +0000" }, "message": "[engine] Delete debug print statement\n\nThis was accidentally committed in\ncommit c1476aedb83e88a9c472afe71077cd761b67729e.\n\nChange-Id: Ie102dc263a2d596bfb2a17dbc8c9456c5d0831dd\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/925092\nReviewed-by: Jerry Belton \u003cjcecil@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "c1476aedb83e88a9c472afe71077cd761b67729e", "tree": "107aa72a6435e45eed7f780bdb3317bdefbb6320", "parents": [ "703c58c1d12d873ca9e99479d7a436e0f8fb6e3d" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Sep 28 21:14:16 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 28 21:14:16 2023 +0000" }, "message": "[engine] Support static env var pass-throughs\n\nAllow users to selectively poke holes in the subprocess sandbox by\nspecifying `pass_through_env` in shac.textproto. `pass_through_env` is a\nlist of environment variables that should be passed through the sandbox,\nalong with bits indicating whether the variable\u0027s value represents a\nfile that should also be mounted and, if so, whether it should be\nwriteable by subprocesses.\n\nWe can immediately use this feature to grant Go checks in this\nrepository access to $HOME so they can share the same go cache with the\nrest of the system (ideally we could use $GOCACHE, but it\u0027s not\nguaranteed to be set, and if it\u0027s not set it\u0027s inferred from $HOME).\nSame for tests that run `go run` since they can make use of the cache\ninstead of doing a full recompile on every test run; as a result, the\nruntime of `go test ./internal/engine` went from ~4.2 seconds to ~1.2\nseconds on my workstation.\n\nThis is a medium-term workaround until we support declaring\npass-throughs in Starlark, which would allow things like running `go env\nGOCACHE` to obtain and pass through just the $GOCACHE directory, while\nomitting the rest of $HOME.\n\nChange-Id: I0bcc9956c4c4e2e9cca292925c66f6aed6f07524\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/922772\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "703c58c1d12d873ca9e99479d7a436e0f8fb6e3d", "tree": "fc848787a24113cddb20783b1ce333e9536969c6", "parents": [ "4a0e9dd4bd68ca7f805e0759952f48430367c5cf" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Sep 28 16:25:42 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 28 16:25:42 2023 +0000" }, "message": "[docs] Add getting-started documentation to README\n\nTo help people get started writing basic checks.\n\nChange-Id: Id45d52827b75248cb8d819f9adb1d55b7306cf2e\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/919561\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Danny Rosen \u003cdannyrosen@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "4a0e9dd4bd68ca7f805e0759952f48430367c5cf", "tree": "ba2af2b80f4396503e781d677c4efde44d899980", "parents": [ "62acf29a492b8cf23136a3deb549843acd56bb58" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 27 19:56:04 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 27 19:56:04 2023 +0000" }, "message": "[engine] Fix gosec\n\nThe gosec check was previously failing silently (producing a retcode of\nzero) because it was run in a sandbox without the necessary environment\nvariables set (specifically `GOPACKAGESDRIVER\u003doff` needed to be set for\nit to work inside the sandbox).\n\nAfter fixing the check there were a bunch of fixes required, mostly\nrelated to error propagation.\n\nChange-Id: Ib6ff1ae370d3e07fb9c63cb2bfddf907a526955f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/922774\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "62acf29a492b8cf23136a3deb549843acd56bb58", "tree": "7e296634ec4f1d131724f8f8340144326f509a4b", "parents": [ "e96454eb5f41b95446b2e0f728f344ac2c6ad6c2" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 27 17:26:08 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 27 17:26:08 2023 +0000" }, "message": "[go.mod] Update protobuf-go\n\n... to pull in the following commit, which fixes parsing of unknown\nrepeated message fields in textproto files:\nhttps://github.com/protocolbuffers/protobuf-go/commit/6352deccdb59bcc074db0ab49f4d8ba8f3cdb7ee\n\nPreviously, if shac.textproto contained a repeated message field that\nwas only introduced in a later version of shac, and `min_shac_version`\nwas updated appropriately, `shac check` would produce an error like:\n\n shac: proto: syntax error (line 41:1): unexpected token: ]\n\nNow protobuf parsing no longer fails, and we get the expected error\nmessage:\n\n shac: min_shac_version specifies unsupported version \"0.1.9\", running 0.1.8\n\nGenerated by running:\n1. go get google.golang.org/protobuf@6352deccdb59bcc074db0ab49f4d8ba8f3cdb7ee\n2. go mod tidy\n3. go mod vendor\n\nChange-Id: I7a32f61967a10bc72ef0eace18aac9d1b726a945\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/922812\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "e96454eb5f41b95446b2e0f728f344ac2c6ad6c2", "tree": "0ad4cad258a8fd62b1ead0c0cd5d5e0cda713983", "parents": [ "72856ff8501a97d4b53a94127d8d7f7e237b09d5" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Sep 26 17:11:56 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Sep 26 17:11:56 2023 +0000" }, "message": "[engine] Prioritize version warning over unknown fields\n\nIf `shac.textproto` specifies a `min_shac_version`, check that shac is\nrunning at that version before validating the remaining fields of\n`shac.textproto` in case one of the fields is unknown only because it\nwas introduced in a later version of shac.\n\nChange-Id: I253468cf81e1a7d7a0488942a6e691ecbb8c9aa1\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/921276\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "72856ff8501a97d4b53a94127d8d7f7e237b09d5", "tree": "debcda03b556d9dfbfcf38caf554e6e7e7bb7543", "parents": [ "4e5080684c7c18b7cee412cee03a23f66fc6f4b4" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 25 21:15:55 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 25 21:15:55 2023 +0000" }, "message": "[reporting] Avoid output interleaving\n\nFixes a bug where a multi-line chunk of stdout from a check could have\noutput from other checks interleaved within it.\n\nChange-Id: I84665689614c847547226bda5b21578e22a96ba6\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/921694\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "4e5080684c7c18b7cee412cee03a23f66fc6f4b4", "tree": "aea9eeb6d36bbebd81c5646f48df982c1bd544a1", "parents": [ "a3abbd1c1d7442e7356dee62c60f1f21498da8fb" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Sat Sep 23 00:14:16 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sat Sep 23 00:14:16 2023 +0000" }, "message": "[engine] Disallow *args and **kwargs in check impls\n\nI can\u0027t think of a good use case for allowing check functions to have\narbitrary **kwargs and especially *args, so disallow them for now,\nespecially since it\u0027s not clear how they should interact with the\n`check.with_args()` function.\n\nChange-Id: I2ee786e325ec72f4788ae687ab712431194c274d\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/920972\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\n" }, { "commit": "a3abbd1c1d7442e7356dee62c60f1f21498da8fb", "tree": "c15063b99f53d7160562f84588ee50a18f4e1207", "parents": [ "fd1ec07dd3ec76ab0a1c0ec4567290a566789ac7" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri Sep 22 23:43:40 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Sep 22 23:43:40 2023 +0000" }, "message": "[engine] Add check.with_args(...) method\n\nThis allows downstream repositories to override arguments to checks in\nshared checks repositories, such as the path to an executable to run.\n\nI also added a `with_name()` method, mainly to make it easier to test\n`with_args()` (since it\u0027s not allowed to register multiple checks with\nthe same name) but it may also be useful for downstream users.\n\nChange-Id: I43e50768bbf9c90d3c9aaa28ef447ef330c31d5c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/919559\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "fd1ec07dd3ec76ab0a1c0ec4567290a566789ac7", "tree": "f8701de47e83acec95f4b01f6a0ef3affaa55b65", "parents": [ "556106ac3b922aa468a5524b928b0d8ee5cde473" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri Sep 22 20:32:32 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Sep 22 20:32:32 2023 +0000" }, "message": "[engine] Add check for version bumping\n\nI\u0027ve frequently been forgetting to bump the version number when making\nchanges, which makes the `min_shac_version` feature much less useful.\nAdd a non-blocking check to suggest bumping the version whenever\nchanging a non-test Go file.\n\nChange-Id: Id281d4c3ad087bdd607d71caddf52acfd4f74b9a\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/919560\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "556106ac3b922aa468a5524b928b0d8ee5cde473", "tree": "5f66f44cd84af5047bcb41c01e8b8a8871493f72", "parents": [ "052c1e42bcd92b9b44567ab7d927d48ab04ae2b4" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 20 16:32:11 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 20 16:32:11 2023 +0000" }, "message": "[cli] Let users override entry point file name\n\nSome checks may require special permissions, or users may not want to\nrun them by default for some other reason. This allows such checks to be\nwritten and registered in a separate Starlark file that can be run using\n`shac check --entrypoint \u003cfilename\u003e`.\n\nAlso change `main` terminology to `entrypoint` throughout the codebase\nfor consistency and clarity; `main` doesn\u0027t make it clear that the value\nis the name of the Starlark file being run.\n\nBug: 130779\nChange-Id: I92d962d7faba5830b791e0096f265539d9608d81\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/919372\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "052c1e42bcd92b9b44567ab7d927d48ab04ae2b4", "tree": "1cc5a536c8eb8a4de14716279438b390da0b4bb7", "parents": [ "844d9458a56ac5242b96a26d5309d72958df7da6" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Sep 19 16:08:33 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Sep 19 16:08:33 2023 +0000" }, "message": "[resultdb] Respect summary_html length limit\n\nThis should fix failures such as\nhttps://logs.chromium.org/logs/turquoise/buildbucket/cr-buildbucket/8769544484149893777/+/u/shac_check/stdout\nwhere the resultdb upload fails because the summary_html is too large.\n\nChange-Id: If2cd899764165c86bda4bbd4544c0ca0b8c8028c\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/918273\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "844d9458a56ac5242b96a26d5309d72958df7da6", "tree": "03c8813f82f28c933adb0dc6fe817fdef34ac10b", "parents": [ "bdb35b1214bade0bd5ec0bfa4deaa9856472212b" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri Sep 15 18:58:17 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Sep 15 18:58:17 2023 +0000" }, "message": "[engine] Make nonexistent executable error messages consistent\n\nPreviously, if the executable passed to `ctx.os.exec()` didn\u0027t exist,\nthe error message would vary depending on whether the path was absolute\n(in which case it would fail with a verbose nsjail error) or relative\n(in which case it would fail with a concise \"no such file or directory\"\nerror). Now both conditions will yield the more concise error.\n\nChange-Id: Ib41829e3d119714d05d77e25180d23697303ffc4\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/916974\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Danielle Kay \u003cdanikay@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "bdb35b1214bade0bd5ec0bfa4deaa9856472212b", "tree": "77e44a6c62eec79b9ea6f337ce45c8df49552dc2", "parents": [ "05e1298cadc202649644567585c0c31635b85a54" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Thu Sep 14 16:35:02 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 14 16:35:02 2023 +0000" }, "message": "[scm] Don\u0027t try to parse invalid ls-files output\n\nIf an error occurred on the `ls-files` command or a previous git\ncommand, `g.err` will be set and will cause subsequent `g.run()` calls\nto short-circuit and return an empty string. Trying to parse an empty\nstring using the ls-files parsing logic causes panics, so we must skip\nit if an error occurred.\n\nThis was causing confusing panics when a check failed before `git\nls-files` was called for the first time.\n\nChange-Id: Ice428fc83ecd9e7566e74c3ff85e03635676ff19\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/916074\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "05e1298cadc202649644567585c0c31635b85a54", "tree": "aa0574c1972e10c1fb83fc91c629f3cd0869a211", "parents": [ "5d4c817a56fa23b30a6cd42e0508b142092ecaf0" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 13 17:25:19 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 13 17:25:19 2023 +0000" }, "message": "[cli] Delete --root flag\n\nIt\u0027s been replaced by the -C flag, and can be removed entirely after all\ndownstream usages have been fixed.\n\nChange-Id: Id3e98914e5dceb65a5715e8102b05451c0fa2aa5\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/914338\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "5d4c817a56fa23b30a6cd42e0508b142092ecaf0", "tree": "763075d48c4877b9e5ed781a983529cc8da7929a", "parents": [ "868d2877987632b515bc95f3355357a91226c704" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 13 16:20:06 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 13 16:20:06 2023 +0000" }, "message": "[engine] Move most of Run logic into runInner\n\nThe Run/runInner distinction exists only so that `Run` can handle\ncreating a temporary directory and cleaning it up after, whether or not\n`runInner` fails. The split of business logic between the two functions\nwas pointless and arbitrary, so move it all into `runInner`.\n\nChange-Id: Id1696ee66d3985e123b62a2621e00cf9085682c1\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/916073\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "868d2877987632b515bc95f3355357a91226c704", "tree": "c68739dd49232d9066ca506bcbb6cedf959ed429", "parents": [ "45bc69f39a589772d50f112b8c3875b10e3ee935" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 13 16:19:24 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 13 16:19:24 2023 +0000" }, "message": "[engine] Resolve symlinks in tests\n\nFixes broken tests on Mac (Apple silicon only), where `t.TempDir()`\nreturns a path under `/var`, which is a symlink to `/private/var`, as\nwell as in Windows GitHub workflows where there\u0027s a similar link.\n\nChange-Id: I91b9723698749a6f231ed44e854d977236d5e9e3\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/916072\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "45bc69f39a589772d50f112b8c3875b10e3ee935", "tree": "f58467c96c20910f0a87155e1399dc2f7adfd8c5", "parents": [ "426b05fac6fab71fa78befcfab86c530062646c6" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 13 15:42:32 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 13 15:42:32 2023 +0000" }, "message": "[doc] Use 4-space indents for example code\n\nThe official buildifier formatter for Starlark uses 4-space indents, so\nmake example code compliant with that.\n\nChange-Id: I005114149748f78d4cb34596239289a236557006\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/915358\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\n" }, { "commit": "426b05fac6fab71fa78befcfab86c530062646c6", "tree": "3625e032abf15fc532890a7b2182ce4df8318d84", "parents": [ "ce2f0cff74c384f56457b1959fac40e9bab1b16a" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 13 15:38:55 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 13 15:38:55 2023 +0000" }, "message": "[engine] Expose runtime-configurable variables to checks\n\nMakes a new `ctx.vars.get()` field available to checks that is used to\nretrieve optional runtime-configurable values passed into shac via\n`--var name\u003dvalue` command-line flags.\n\nIn order to be set at runtime, a var must be declared beforehand in\nshac.textproto with an optional default value. Centralizating the list\nof allowed variables differs from the strategies taken by lucicfg and\nGN, which both allow any file to declare arbitrary runtime-configurable\nvariables. However, that approach makes it much harder to discover the\nlist of allowed variables, and makes it much easier to add new\nruntime-configurable variables.\n\nA proliferation of runtime-configurable variables is not desired for\nshac because it would open the door to divergence between local\nworkflows and CI, e.g. if CI sets many variables to non-default values\nthen it would become difficult to accurately reproduce CI results\nlocally. Therefore, vars should only be used when absolutely necessary\nand only for passing through opaque parameters rather than tweaking\nbehavior. The most immediate use case is for passing in the path to a\nrepository\u0027s build directory into shac so shac can run executables and\nread artifacts from the build directory.\n\nBug: 82386\nChange-Id: I18cacfc8d9800e4d784c108389e697b5d6b12bc1\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/915494\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "ce2f0cff74c384f56457b1959fac40e9bab1b16a", "tree": "dc618064e51da1928f944f8ccccf044b48b2c4de", "parents": [ "1dc5220eeb6d56e64d4dbb69bfb69fb67b35e004" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Tue Sep 12 14:59:08 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Sep 12 14:59:08 2023 +0000" }, "message": "[go] Remove network access for Go checks\n\nIt\u0027s no longer necessary now that all dependencies are vendored.\n\nChange-Id: I2651a90c408bfb26a0314b71afd1b7172e77bbf3\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/915352\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "1dc5220eeb6d56e64d4dbb69bfb69fb67b35e004", "tree": "8c1727e3b881b2aa742d85ff45a4e5cc82857c11", "parents": [ "4e8d3b48511e959308dcd83c1db4dfeb52479ffe" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 11 23:10:16 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 11 23:10:16 2023 +0000" }, "message": "Make buildifier blocking\n\nReformat all starlark files with buildifier. Required updating a bunch\nof line and column numbers in test expectations.\n\nChange-Id: I8d85313c04fe6cc2ef679c2c0b4e51600623cade\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/913159\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "4e8d3b48511e959308dcd83c1db4dfeb52479ffe", "tree": "9dd7062405d0073f2117b6a16c9f21d9ca9e28c1", "parents": [ "6c1587fb54fa6ebb6355c717a16eddf84c859b34" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 11 22:35:45 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 11 22:35:45 2023 +0000" }, "message": "[checks] Add buildifier check for starlark formatting\n\nChange-Id: I554df41097ab45c59b8a0d19dfc7a32dad97478f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/913158\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "6c1587fb54fa6ebb6355c717a16eddf84c859b34", "tree": "fc7a93847ff43dd71e51eda083597c66e978fd39", "parents": [ "1bb9fa155a7ae88cd9a33e3f7507f7d94cf87154" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 11 22:32:31 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 11 22:32:31 2023 +0000" }, "message": "[engine] Small cleanups\n\nSome detritus left over from iterating on\ncommit 1bb9fa155a7ae88cd9a33e3f7507f7d94cf87154.\n\nChange-Id: I221a655961992ae2514bcf51cc0068b211d6e55a\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912741\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "1bb9fa155a7ae88cd9a33e3f7507f7d94cf87154", "tree": "9d37aa62b1a7efd4744ec20f2b87cd0a8e7db266", "parents": [ "9b6143b7486a35da6e90b4a0b46a55103ee032e4" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 11 21:11:46 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 11 21:11:46 2023 +0000" }, "message": "[engine] Apply fixes for checks of all levels\n\nPreviously `shac fix` and `shac fmt` would only apply fixes for findings\nwith a level or \"error\", which meant there was no automatic way to apply\nfixes for non-error findings.\n\nI considered making it configurable whether or not non-error findings\u0027\nreplacements are applied (e.g. via a `--level` flag that specifies the\nminimum level of findings to automatically fix) but I couldn\u0027t think of\na nice interface, so for now it\u0027s simplest to not filter findings based\non level.\n\nChange-Id: I12e49839163a0e0ae4f86b52cdc28fb7584e1bae\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912740\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "9b6143b7486a35da6e90b4a0b46a55103ee032e4", "tree": "0f2b556ab7f938859cd9d0ab7357aae20b89eae5", "parents": [ "130473d3b96e23beb6ac42e2b5958efdcdb6d48d" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 11 18:39:59 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 11 18:39:59 2023 +0000" }, "message": "[engine] Rename Options.Root to Options.Dir\n\nFor consistency with Ic9aef678e2cb518a81ff2f36f3bec6fda969675d, rename\nthe Root field to Dir, since shac now uses git to locate the root\ndirectory, which may differ from (but will always be a parent of) the\ndirectory specified by the Dir field.\n\nChange-Id: I94e6a293691096fa0b52053342a7ea6bab97dcc5\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/914337\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "130473d3b96e23beb6ac42e2b5958efdcdb6d48d", "tree": "7510d0ceb2e573b26c422f1c21425320004d24aa", "parents": [ "0d570d7c4e8adca7cea1faa4e7858fa07b38adc6" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Mon Sep 11 18:39:32 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Sep 11 18:39:32 2023 +0000" }, "message": "[engine] Resolve root directory using git\n\nInstead of assuming the current working directory (overridden by\n`--root`) contains a shac.star file, locate the root of the current git\nrepository (if the current directory is in a git repository) and use the\nshac.star file there, also analyzing all files in the git directory\ninstead of just files in the current working directory.\n\nThe `--root` flag is replaced by `-C` since it\u0027s not necessarily any\nsort of root, instead being more analogous to the `-C` flag to git.\n\nWe have to keep around the `--root` flag for backwards compatibility\nuntil references in other repos can be updated.\n\nTODO: update the \u003cfiles\u003e positional argument to accept directories, to\nmake it possible to analyze just a single subdirectory (e.g. `shac check\nsubdir`).\n\nChange-Id: Ic9aef678e2cb518a81ff2f36f3bec6fda969675d\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/914336\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\n" }, { "commit": "0d570d7c4e8adca7cea1faa4e7858fa07b38adc6", "tree": "0be62e7604dea8d66626b267432ba37a4bd66f33", "parents": [ "69fcc695ab6cabb4e4ae598386de524cfb8bb8ad" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@google.com", "time": "Fri Sep 08 15:04:23 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Sep 08 15:04:23 2023 +0000" }, "message": "[engine] Make unit testing cleaner\n\nMove mocking variables into the struct instead of globals.\n\nChange-Id: If15f977d0f03d84e830816bae0b2d5b0eeee9e0e\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/913812\nFuchsia-Auto-Submit: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "69fcc695ab6cabb4e4ae598386de524cfb8bb8ad", "tree": "875db4a81dfbf19cc609dd9320e87c5e17871f3b", "parents": [ "40d47c51319086c38326bd6dba6f7082c6cde779" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@google.com", "time": "Fri Sep 08 15:03:12 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Sep 08 15:03:12 2023 +0000" }, "message": "[engine] Add support for vendor_path\n\nConfirmed that the digest is enforced for vendored packages. While the\nversion is required, it is effectively ignored.\n\nChange-Id: I96df2b906920d6d0bd681d2c1b1ef36a66bdefb5\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912874\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nFuchsia-Auto-Submit: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" }, { "commit": "40d47c51319086c38326bd6dba6f7082c6cde779", "tree": "edd13336fce0a4383c6134c31ffd00f74511bfcf", "parents": [ "466ad1a12fd4c16795826b2fcf60744815366b6a" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@google.com", "time": "Thu Sep 07 21:35:51 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 07 21:35:51 2023 +0000" }, "message": "[engine] Use nice path names in cache\n\nSwitch from \"dep%i\" to the url @ version, similar to how Go modules\ncaches work.\n\nImprove testing behavior to be deterministic.\n\nThis is a requirement for both vendoring and local cache support.\n\nRan \"go mod vendor\" to add golang.org/x/mod/module as a vendored\npackaged.\n\nChange-Id: I013dce2d6b51566348cfb6b99db3fe8079e64df6\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912735\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "466ad1a12fd4c16795826b2fcf60744815366b6a", "tree": "164994519021c5abb93be2069b2886b08feb4c9b", "parents": [ "5f322c71acd10da8f492e066fe5e9cdc93d0a451" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@google.com", "time": "Thu Sep 07 14:18:25 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 07 14:18:25 2023 +0000" }, "message": "[engine] Fix crash in Doc()\n\nWhile looking at vendoring support, I realized that a load() statement\nwithout a shac.textproto would cause a crash.\n\nImprove error messages and test coverage by a whopping 0.4%.\n\nChange-Id: Iba84274452a75d1d760d99841d4646b191d6fadd\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/913034\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\n" }, { "commit": "5f322c71acd10da8f492e066fe5e9cdc93d0a451", "tree": "d815e5a570be2e3eb12c939b9f758357c017947e", "parents": [ "bd44bc7bb4fecceeb8276cc5642ce94084ab52e7" ], "author": { "name": "Marc-Antoine Ruel", "email": "maruel@google.com", "time": "Thu Sep 07 14:16:01 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 07 14:16:01 2023 +0000" }, "message": "[engine] ensure vendor_path is clean\n\nNo functional change yet.\n\nChange-Id: Ic176b323cb17fa72cacd252f77a6f99e6bd3aee2\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/913033\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nReviewed-by: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "bd44bc7bb4fecceeb8276cc5642ce94084ab52e7", "tree": "2fe19dc96ae0812aefd4cf200c61e50d373a560b", "parents": [ "6b36786cd6e56fcf9722ec020479b046172ebcc7" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 06 17:54:08 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 06 17:54:08 2023 +0000" }, "message": "[engine] Validate files passed on the command line\n\nFail early if the file does not exist or is a directory. Previously the\npaths would be passed as-is into checks, and the resulting failure mode\nwould depend on how the checks handled directories and nonexistent\nfiles.\n\nChange-Id: Ifaaffc934837d34214b7458496614c5d727cf78f\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912872\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nCommit-Queue: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nCommit-Queue: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "6b36786cd6e56fcf9722ec020479b046172ebcc7", "tree": "1b01b7ab72e93b08703f4ae0b01a3b998483629e", "parents": [ "0ae299aac566002ee4c07c78c7971bd7af8706d0" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 06 17:30:17 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 06 17:30:17 2023 +0000" }, "message": "[doc] Move `shac` object to the top of stdlib.md\n\nThe `shac` object is the entrypoint to registering checks, so it\u0027s the\nfirst thing anyone starting to use SHAC must know about.\n\nChange-Id: Iba852fd90c825908b352e71104dbc25880bd9348\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/911235\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Danny Rosen \u003cdannyrosen@google.com\u003e\n" }, { "commit": "0ae299aac566002ee4c07c78c7971bd7af8706d0", "tree": "af038a95850338f0e3377d0d6181b42117f0c1ef", "parents": [ "903d5f6ed604b5d30c5758532a57a06003f7c818" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 06 16:33:29 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 06 16:33:29 2023 +0000" }, "message": "[engine] Avoid calling git ls-files unnecessarily\n\nWhen files are specified on the command line, only those files should be\nincluded in the `scm` object, and as an optimization we should avoid\ncalling `git ls-files` just to discover shac.star files, since it adds\nnotable latency on large repositories.\n\nInstead, traverse the filesystem to discover shac.star files that may\napply to the listed files.\n\nThe overhead of the `Run` function (from the start until after all\nchecks have been registered) goes from ~670ms to ~5ms for fuchsia.git\nwhen a single file is specified on the command line.\n\nThe only side effect I\u0027m aware of is that when files are specified on\nthe command line, some `shac.star` files will now be run that wouldn\u0027t\nnormally be included. For example:\n1. If a `dir1/shac.star` is git-ignored then it wouldn\u0027t normally be\n run, but it will now be run if a file in `dir1` is specified. This is\n probably going to be very rare, I don\u0027t see a reason for individual\n shac.star files to be gitignored.\n2. If a file in a submodule or entire git-ignored directory is\n specified, then shac files from that directory may be run. This is\n more of an issue, as it\u0027s plausible that a dependency submodule could\n also use shac and have its own shac.star files that shouldn\u0027t be run,\n because shac should only ever run checks that are registered in the\n root repository\u0027s shac.star file.\n\nWe can fix both of these eventually by skipping shac.star files that\naren\u0027t known to the underlying scm, for now they\u0027re rare enough that we\ncan ignore them.\n\nChange-Id: I4e6e6a81bd6eccb0d3ee3fd32bf9b68d1ceef933\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912734\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "903d5f6ed604b5d30c5758532a57a06003f7c818", "tree": "ea7154e4152bf1b6c70c1f8764890d297c2a125e", "parents": [ "ee2ba629390565bbe7819581d280686117457343" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 06 15:44:53 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 06 15:44:53 2023 +0000" }, "message": "[engine] Fix error return\n\nChange-Id: I8a63d616f6ba84f03921728df935ab33ec885285\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912653\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nCommit-Queue: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\n" }, { "commit": "ee2ba629390565bbe7819581d280686117457343", "tree": "9a9438cdcc8900cd0b36f7e036192ee3cceebe8d", "parents": [ "c9b3edb0de0c4816eadfedd3ef3c9161093a8fc1" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Wed Sep 06 15:44:19 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Sep 06 15:44:19 2023 +0000" }, "message": "[engine] Fix segfault\n\nUnder some conditions, if an error occurred during `copyTree` then `err`\nwould be set and `d` would be nil, leading to the error turning into a\nsegfault.\n\nChange-Id: I52194d50bc47cd896f029ea4dce782214db54e95\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/912733\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\nCommit-Queue: Marc-Antoine Ruel \u003cmaruel@google.com\u003e\n" }, { "commit": "c9b3edb0de0c4816eadfedd3ef3c9161093a8fc1", "tree": "9d31cb0312173cc3ffef686975a06f9671ae44f6", "parents": [ "a809cc033723c140961848298875f404c3195cf0" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Sat Sep 02 00:02:57 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sat Sep 02 00:02:57 2023 +0000" }, "message": "[engine] Add ctx.io.tempfile method\n\nThis will be useful most notably for integrating with formatters that\ndon\u0027t have a dry-run mode. shac requires that formatter checks emit\nthe formatted result as a finding rather than writing the result at\nruntime, so formatters that lack a dry run mode can now do:\n\n def foo_fmt(ctx):\n for path in ctx.scm.affected_files():\n original \u003d ctx.io.read_file(path)\n temp \u003d ctx.io.tempfile(ctx.io.read_file(path))\n ctx.os.exec([\"foo\", \"fmt\", temp])\n new \u003d ctx.io.read_file(temp)\n if new !\u003d original:\n\tctx.emit.finding(\n\t filepath\u003dpath,\n\t replacements\u003d[ctx.io.read_file(temp)],\n\t)\n\nChange-Id: Ic6438a16a263f4250cb0c276fa988f89ac028101\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/910595\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\n" }, { "commit": "a809cc033723c140961848298875f404c3195cf0", "tree": "b943da92f1864ddeffcaf62acc2082f59089a404", "parents": [ "c2131be7aa1b27bf81525d33174e09d67bf814c0" ], "author": { "name": "Oliver Newman", "email": "olivernewman@google.com", "time": "Fri Sep 01 22:20:06 2023 +0000" }, "committer": { "name": "CQ Bot", "email": "fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Sep 01 22:20:06 2023 +0000" }, "message": "[cli] Add --quiet flag to fix and fmt commands\n\nFuchsia\u0027s `fx format-code` command should not print any output on\nsuccess, so for it to be able to run `shac fmt`, there must be a way to\ndisable non-error output for `shac fmt`.\n\nThis should eventually apply to the `check` command as well for\nconsistency, but for now it\u0027s only needed on `fix` and `fmt`, and it was\neasiest to do it this way because the output of `fix` and `fmt` comes\nfrom a different codepath than that of `check`.\n\nChange-Id: I6a1f895863523ed3e8ac3d0258f4ff2b07493c32\nReviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/911236\nFuchsia-Auto-Submit: Oliver Newman \u003colivernewman@google.com\u003e\nReviewed-by: Anthony Fandrianto \u003catyfto@google.com\u003e\nCommit-Queue: Auto-Submit \u003cauto-submit@fuchsia-infra.iam.gserviceaccount.com\u003e\n" } ], "next": "c2131be7aa1b27bf81525d33174e09d67bf814c0" }