Prevents the use of actions/setup-java@v1 and adopt /adopt-hotspot (o…

…penjdk) distributions. (#82) * Improvements: Adding a new default rule that prevents the use of action/setup-java@v1 since it doesn't support eclipse temurin distributions. * Improvements: Adding an additional rule to prevent the use of adop/adopt-hotspot distributions on the actions/setup-java@v2+, since such distributions won't be supported anymore. * Improvements: Adding a better error message for the new rules. Checking if the action/setup-java@v2+ is used before checking for the use of adopt/adopt-hotspot distributions. * Improvements: Fixing typo on the 'enabledByDefault' field. Fixing the reference to the distribution property on the rule #13.
allero-io · Oct 4, 2022 · 5f43bff · 5f43bff
1 parent 2d61173
commit 5f43bff
Show file tree

Hide file tree

Showing 4 changed files with 140 additions and 0 deletions.
diff --git a/pkg/rulesConfig/defaultRules/github/12-prevent-action-setup-java-v1.json b/pkg/rulesConfig/defaultRules/github/12-prevent-action-setup-java-v1.json
@@ -0,0 +1,54 @@
+{
+	"description": "Prevent use of action/setup-java@v1.",
+	"failureMessage": "action/setup-java@v1 is used on the workflow. action/setup-java@v1 uses a java distribution that is out of support (AdoptOpenJDK) by default, please use action/setup-java@v2+ and avoid the use of adopt/adopt-host distributions.",
+	"uniqueId": 12,
+	"enabledByDefault": true,
+	"schema": {
+		"type": "object",
+		"additionalProperties": {
+			"type": "object",
+			"properties": {
+				"repositories": {
+					"type": "object",
+					"additionalProperties": {
+						"type": "object",
+						"properties": {
+							"github-actions-workflows": {
+								"type": "object",
+								"additionalProperties": {
+									"properties": {
+										"content": {
+											"properties": {
+												"jobs": {
+													"type": "object",
+													"additionalProperties": {
+														"properties": {
+															"steps": {
+																"type": "array",
+																"items": {
+																	"type": "object",
+																	"properties": {
+																		"uses": {
+																			"not": {
+																				"type": "string",
+																				"pattern": ".*actions\/setup-java@(v1).*"
+																			}
+																		}
+																	}
+																}
+															}
+														}
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}
diff --git a/pkg/rulesConfig/defaultRules/github/13-prevent-adopt-distributions-on-setup-java.json b/pkg/rulesConfig/defaultRules/github/13-prevent-adopt-distributions-on-setup-java.json
@@ -0,0 +1,72 @@
+{
+	"description": "Prevent use of adopt/adopt-hotspot distributions for actions/setup-java version 2+.",
+	"failureMessage": "adopt/adopt-hotspot distribution is used on the workflow. Please, avoid the use of adopt/adopt-hotspot distributions since they are out of support. Use temurin based distributions instead (such distributions are currently maintained by the core adopt/adopt-hotspot team).",
+	"uniqueId": 13,
+	"enabledByDefault": true,
+	"schema": {
+		"type": "object",
+		"additionalProperties": {
+			"type": "object",
+			"properties": {
+				"repositories": {
+					"type": "object",
+					"additionalProperties": {
+						"type": "object",
+						"properties": {
+							"github-actions-workflows": {
+								"type": "object",
+								"additionalProperties": {
+									"properties": {
+										"content": {
+											"properties": {
+												"jobs": {
+													"type": "object",
+													"additionalProperties": {
+														"properties": {
+															"steps": {
+																"type": "array",
+																"items": {
+																	"type": "object",
+																	"if": {
+																		"properties": {
+																			"uses": {
+																				"type": "string",
+																				"pattern": ".*actions\/setup-java@(v2|v3).*"
+																			}
+																		},
+																		"required": [
+																			"uses"
+																		]
+																	},
+																	"then": {
+																		"properties": {
+																			"with": {
+																				"type": "object",
+																				"properties": {
+																					"distribution": {
+																						"not": {
+																							"type": "string",
+																							"pattern": ".*adopt(-hotspot)?"
+																						}
+																					}
+																				}
+																			}
+																		}
+																	}
+																}
+															}
+														}
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}
diff --git a/pkg/rulesConfig/defaultRules/gitlab/12-prevent-action-setup-java-v1.json b/pkg/rulesConfig/defaultRules/gitlab/12-prevent-action-setup-java-v1.json
@@ -0,0 +1,7 @@
+{
+	"description": "Prevent use of action/setup-java@v1.",
+	"failureMessage": "action/setup-java@v1 is used on the workflow. action/setup-java@v1 uses a java distribution that is out of support (AdoptOpenJDK) by default, please use action/setup-java@v2+ and avoid the use of adopt/adopt-host distributions.",
+	"uniqueId": 12,
+	"enabledByDefault": true,
+	"schema": {} 
+}
diff --git a/pkg/rulesConfig/defaultRules/gitlab/13-prevent-adopt-distributions-on-setup-java.json b/pkg/rulesConfig/defaultRules/gitlab/13-prevent-adopt-distributions-on-setup-java.json
@@ -0,0 +1,7 @@
+{
+	"description": "Prevent use of adopt/adopt-hotspot distributions for actions/setup-java version 2+.",
+	"failureMessage": "adopt/adopt-hotspot distribution is used on the workflow. Please, avoid the use of adopt/adopt-hotspot distributions since they are out of support. Use temurin based distributions instead (such distributions are currently maintained by the core adopt/adopt-hotspot team).",
+	"uniqueId": 13,
+	"enabledByDefault": true,
+	"schema": {}
+}