forked from slsa-framework/slsa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlint.sh
executable file
·65 lines (59 loc) · 2.42 KB
/
lint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
# Require all RFC 2119 keywords to be uppercase to avoid ambiguity.
#
# For lack of a better solution, we allowlist "recommended suite" using a
# negative lookahead assertion.
check_rfc2119() {
local CMD=(
git grep --break --heading --line-number --perl-regexp --all-match
-e '(RFC ?|rfc ?)2119'
-e '\b([Mm]ust( not)?|[Ss]hall( not)?|[Ss]hould( not)?|[Mm]ay|[Rr]equired|[Rr]ecommended|[Oo]ptional)\b(?![ -][Ss]uite)'
)
# Exit silently if there are no matches.
"${CMD[@]}" -q '*.md' || return 0
# If there are matches, print an error and then print the results afterward.
# NOTE: We don't just capture the command above because that ends up being
# more difficult to code and also messes with colors (tty detection). It's
# easier to just run the command twice.
cat >&2 <<EOF
ERROR: Do not use lowercase RFC 2119 keywords ("must", "should", etc.) because
such usage is ambiguous. Use uppercase if RFC 2119 meaning is intended,
otherwise use alternate phrasing.
(This check triggers on any Markdown file containing the string "RFC 2119".)
EOF
"${CMD[@]}" '*.md' >&2
return 1
}
# Require all links to be relative, not absolute.
# Allowed: [requirements](/spec/v1.0/requirements)
# [requirements]: /spec/v1.0/requirements
# Disallowed: [requirements](https://slsa.dev/spec/v1.0/requirements)
# [requirements]: https://slsa.dev/spec/v1.0/requirements
#
# This uses a heuristic to detect links in Markdown files, namely
# `https?://slsa.dev` immediately following `(` or `]: `.
check_absolute_links() {
local FILES=':/docs/*.md'
local CMD=(
git grep --break --heading --line-number
-e '\((\|\]: \)https\?://slsa.dev'
)
# Exit silently if there are no matches.
"${CMD[@]}" -q "$FILES" || return 0
# If there are matches, print an error and then print the results afterward.
# NOTE: We don't just capture the command above because that ends up being
# more difficult to code and also messes with colors (tty detection). It's
# easier to just run the command twice.
cat >&2 <<EOF
ERROR: Absolute URLs to slsa.dev are disallowed; use a relative URL instead.
For example, instead of [foo](https://slsa.dev/foo), use [foo](/foo).
EOF
"${CMD[@]}" "$FILES" >&2
return 1
}
# Run all of the checks above and exit with non-zero status if any failed.
# We use this structure to allow for multiple checks in the future.
RC=0
check_rfc2119 || RC=1
check_absolute_links || RC=1
exit $RC