From 2a2d8e8e8b06b93681857dd368ce767cf4818118 Mon Sep 17 00:00:00 2001 From: David Gannon <19214156+dgannon991@users.noreply.github.com> Date: Tue, 4 Jun 2024 08:27:00 +0100 Subject: [PATCH] WIP: Added validation if someone specifies a version on a bundle Signed-off-by: David Gannon <19214156+dgannon991@users.noreply.github.com> --- go.mod | 2 +- pkg/linter/linter.go | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index ed5627903..7ed70ce4d 100644 --- a/go.mod +++ b/go.mod @@ -18,6 +18,7 @@ replace ( require ( get.porter.sh/magefiles v0.6.7 + github.com/Masterminds/semver v1.5.0 github.com/Masterminds/semver/v3 v3.2.1 github.com/PaesslerAG/jsonpath v0.1.1 github.com/carolynvs/aferox v0.3.0 @@ -86,7 +87,6 @@ require ( require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/Masterminds/semver v1.5.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.11.5 // indirect github.com/PaesslerAG/gval v1.2.2 // indirect diff --git a/pkg/linter/linter.go b/pkg/linter/linter.go index f5e67f8c3..1a98b85bd 100644 --- a/pkg/linter/linter.go +++ b/pkg/linter/linter.go @@ -12,6 +12,7 @@ import ( "get.porter.sh/porter/pkg/portercontext" "get.porter.sh/porter/pkg/tracing" "get.porter.sh/porter/pkg/yaml" + "github.com/Masterminds/semver" "github.com/dustin/go-humanize" ) @@ -210,7 +211,7 @@ func (l *Linter) Lint(ctx context.Context, m *manifest.Manifest) (Results, error return nil, span.Error(fmt.Errorf("error validating action: %s", action.name)) } results = append(results, res...) - } + } deps := make(map[string]interface{}, len(m.Dependencies.Requires)) for _, dep := range m.Dependencies.Requires { @@ -259,6 +260,37 @@ func (l *Linter) Lint(ctx context.Context, m *manifest.Manifest) (Results, error results = append(results, r...) } + span.Debug("Getting versions for each mixin used in the manifest...") + for _, mixin := range m.Mixins { + if mapConfig, ok := mixin.Config.(map[string]interface{}); ok { + if v, exists := mapConfig["version"]; exists { + + if versionConstraint, ok := v.(string); ok { + installedMeta, err := l.Mixins.GetMetadata(ctx, mixin.Name) + if err != nil { + return nil, span.Error(fmt.Errorf("unable to get metadata from mixin %s: %w", mixin.Name, err)) + } + installedVersion := installedMeta.GetVersionInfo().Version + + c, err := semver.NewConstraint(versionConstraint) + if err != nil { + return nil, span.Error(fmt.Errorf("invalid constraint for mixin%s: %s. %w", mixin.Name, versionConstraint, err)) + } + + v, err := semver.NewVersion(installedVersion) + if err != nil { + return nil, span.Error(fmt.Errorf("invalid version number from mixin %s: %s. %w", mixin.Name, installedVersion, err)) + } + + if !c.Check(v) { + return nil, span.Error(fmt.Errorf("mixin %s is installed at version %s but your bundle requires version %s", mixin.Name, installedVersion, versionConstraint)) + } + } + } + } + fmt.Println() + } + return results, nil }