Conversation
bcheidemann
left a comment
bcheidemann
left a comment
There was a problem hiding this comment.
This looks great :) I think moving the snapshot test suite to Rust makes a lot of sense since it will be easier to maintain and makes it easier to test @action-validator/cli with the same runner. If @mpalmer approves, once this is merged I plan to integrate the tests from tests/run.mjs.
In addition to the comments I left, I have the following questions:
- Is
tests/runnow redundant? - If so, can we remove it and update
.github/workflows/qa.ymlto runcargo testinstead - I think some minor updates are needed to
tests/run.mjs(updatingtesttotests) and also thevalidation_state.snap.jsonfiles need to be added for the new test cases.
Regarding point number 3, I am happy to do that myself or to give further instruction on what needs to change.
@mpalmer what do you think? Would be great to get your input on this PR when you have time since I think it probably needs to go in ahead of further Node API related re-factoring & re-factoring of the test suite.
| #[case("001_basic_workflow")] | ||
| #[case("002_basic_action")] | ||
| #[case("003_successful_globs")] | ||
| #[case("004_failing_globs")] | ||
| #[case("005_conditional_step_in_action")] | ||
| #[case("006_workflow_dispatch_inputs_options")] | ||
| #[case("007_funky_syntax")] | ||
| #[case("008_job_dependencies")] | ||
| #[case("009_multi_file")] | ||
| #[cfg(not(feature = "remote-checks"))] |
There was a problem hiding this comment.
Shouldn't these tests run regardless of whether the remote-checks feature is enabled? (it would be nice for cargo test to run all tests by default)
| #[case("001_basic_workflow")] | |
| #[case("002_basic_action")] | |
| #[case("003_successful_globs")] | |
| #[case("004_failing_globs")] | |
| #[case("005_conditional_step_in_action")] | |
| #[case("006_workflow_dispatch_inputs_options")] | |
| #[case("007_funky_syntax")] | |
| #[case("008_job_dependencies")] | |
| #[case("009_multi_file")] | |
| #[cfg(not(feature = "remote-checks"))] | |
| #[case("001_basic_workflow")] | |
| #[case("002_basic_action")] | |
| #[case("003_successful_globs")] | |
| #[case("004_failing_globs")] | |
| #[case("005_conditional_step_in_action")] | |
| #[case("006_workflow_dispatch_inputs_options")] | |
| #[case("007_funky_syntax")] | |
| #[case("008_job_dependencies")] | |
| #[case("009_multi_file")] |
There was a problem hiding this comment.
I like this as it is, because I don't like it when a test suite makes any more assumptions about the local environment than it absolutely needs to (and "I have a real, working, fully-open Internet connection" is still, in some cases, an incorrect assumption). I sometimes do dev without a working Internet connection, and a test suite that starts barfing red in all directions gives me the absolute pip.
In any event, I never trust developers (including myself!) to run all the tests before pushing (one cannot mandate that a pre-commit hook is in place in a remote repo, after all), so the most important thing is to make sure that CI is comprehensive -- which means, in this case, running the tests with remote-checks enabled.
It would be a nice "quality of life" thing if the test suite could print something at the end of a cargo test run saying "some tests weren't run because the remote-checks feature wasn't enabled", to give people a hint that re-running with extra features would be a good idea, but a lack of it wouldn't be a blocker for merge for me.
There was a problem hiding this comment.
@mpalmer when you put it like that I completely agree :D
There was a problem hiding this comment.
I see @mpalmer's point, however I made this decision for a different reason :) Interestingly, enabling remote-checks and running those first 9 tests resulted in different output for those tests! Hence why they were disabled for remote checks. We could alter those tests so they are idempotent to the issues they're testing, but I wanted to reduce the changes as much as I could.
There was a problem hiding this comment.
It would be a nice "quality of life" thing if the test suite could print something at the end of a cargo test run saying "some tests weren't run because the remote-checks feature wasn't enabled", to give people a hint that re-running with extra features would be a good idea, but a lack of it wouldn't be a blocker for merge for me.
If we want to use a Cargo feature to enable/disable this functionality at build time, we should be able to do this as follows:
#[fixtures(["tests/fixtures/*"])]
#[cfg_attr(
feature = "remote-checks",
fixtures::ignore(
paths = "tests/fixtures/{001_basic_workflow,002_basic_action,...}",
reason = "because the remote-checks feature was enabled. This causes different output for this test."
)
)]
#[cfg_attr(
not(feature = "remote-checks"),
fixtures::ignore(
paths = "tests/fixtures/{010_remote_checks_ok,011_remote_checks_failure}",
reason = "because the remote-checks feature was disabled."
)
)]
#[test]
fn snapshot(dir: &Path) {
SnapshotTest::new(dir).execute();
}This should do it.
test snapshot::_001_basic_workflow ... ignored because the remote-checks feature was enabled. This causes different output for this test.
test snapshot::_010_remote_checks_ok ... ignored because the remote-checks feature was disabled.
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkouts@v2 |
There was a problem hiding this comment.
This is a nitpick but it would maybe be clearer to rename this to something obviously wrong like actions/does-not-exist@v2. I had to re-read this a few times because I didn't spot the trailing "s" (possibly this is only an issue for me because I'm dyslexic!).
| // In this case, pull access requires authorization. There are simple cases that | ||
| // only require the bearer token retrieval followed by manifest access, but there | ||
| // are also others that require user credentials. For now, we should assume that | ||
| // the tag tag is valid. We could perform authentication, but that would requrie | ||
| // user creds and adds a whole lot of scope to this feature. | ||
| return Ok(()); |
There was a problem hiding this comment.
Currently, we are logging a warning to the console in the NPM version when we skip validating a glob. This was a bit of a hack since I didn't anticipate any other use cases for warnings. However, I'm wondering if it would make sense to add record warnings in the validation state, e.g.
#[derive(Serialize, Debug)]
pub struct ValidationState {
// --snip--
pub warnings: Vec<ValidationWarning>,
}Then we could record and report a warning in this case.
Alternatively, we could also report this as an error but add a severity to errors e.g.
pub enum ErrorSeverity {
Error,
Warning,
}I guess if we went with the latter approach it would make more sense to rename errors to diagnostics but probably best to avoid breaking API changes.
What do you think?
There was a problem hiding this comment.
I'm OK with breaking API changes when we're early in the lifecycle, and I don't have strong opinions on either of these approaches, but it does seem like a good idea to be recording problems for later consumption, rather than logging anything immediately.
| return Err(ValidationError::Unknown { | ||
| code: "docker_action_not_found".into(), | ||
| detail: Some(format!("Could not find the docker action: {}", self.uses)), | ||
| path: self.origin.to_owned(), | ||
| title: "Docker Action Not Found".into(), | ||
| }); |
There was a problem hiding this comment.
I think it would be good to add a new variant to the ValidationError enum for missign actions. Maybe something like ValidationError::UnresolvedAction.
| Err(ValidationError::InvalidGlob { | ||
| code: "invalid_uses".into(), | ||
| detail: Some(format!("The `uses` {uses} is invalid.")), | ||
| path: self.origin.to_owned(), | ||
| title: "Invalid Uses".into(), | ||
| }) |
There was a problem hiding this comment.
Maybe we could use ValidationError::UnresolvedAction as suggested above, or if this is worth covering with it's own error code then perhaps something like ValidationError::InvalidActionFormat.
There was a problem hiding this comment.
I like having very granular error codes, so I'm in team "InvalidActionFormat".
|
Sorry, @award28, I missed that you'd marked this ready for review. I'm in agreement with most of @bcheidemann's comments (I'll respond to those on which I've got a differing opinion shortly). If you're up for it, I'd really appreciate it if you could pull out the dev instruction improvments and test suite run changes into their own PRs, because (a) I'd like to get those in ASAP, and (b) I find it quite difficult to wrap my head around reviewing changes with multiple different purposes (I get some sort of mental whiplash flicking back and forth). |
|
@mpalmer no worries, been very busy with work recently. This feedback sounds good, I'm happy to split this apart into two different PRs! |
@bcheidemann This all sounds good to me! I didn't remove the shell script for the run since I wasn't sure if we would want to go with this approach but I'm good to remove it based on @mpalmer's feedback. |
|
@award28 let me know if there's any way I can help with this :) I have some time off work this week so would be happy to help any way I can |
|
@bcheidemann thanks for the hand, Ben! I've definitely been distracted with other stuff and haven't had the time to address this feedback. I'm going to work on extracting the testing changes/contributing.md into their own PR tonight. Once that's done, it'd be great to get some feedback on that. |
|
Once #48 is merged, I'll rebase this branch against |
|
Hey @mpalmer ! Apologies about dropping off, I became quite busy and lost the time. Let's do it 🏄 I'll take a peak at it this week and make some updates here. |
|
|
||
| [features] | ||
| js = ["console_error_panic_hook", "valico/js"] | ||
| remote-checks = ["reqwest"] |
There was a problem hiding this comment.
Is there a reason why this should be cargo feature, or could we make this a CLI flag instead? e.g. --allow-remote-checks. This might be a little more flexible than opting in at build time.
mpalmer
force-pushed
the
main
branch
4 times, most recently
from
6d5741f to
c994f42
Compare
Validates every `uses:` reference in a workflow or composite action:
- Always: parses the reference shape (`owner/repo[/path]@ref`,
`docker://image`, or `./local/path`) and records `InvalidActionFormat`
for anything that doesn't match.
- Always: checks that local `./` paths exist on disk relative to the
configured rootdir, recording `UnresolvedAction` if not.
- Opt-in via `--allow-remote-checks`: issues a HEAD request to
`api.github.com/repos/{owner}/{repo}/commits/{ref}` to confirm the
referenced GitHub action resolves. 404 becomes `UnresolvedAction`;
401/403 are treated as "assume exists"; network failures become
warnings rather than errors. Docker image checks are deferred and
recorded as a skipped-check warning.
`ValidationState` gains a `warnings` field so skipped-remote checks are
surfaced to programmatic consumers without polluting CLI stderr (they
print only under `--verbose`). Empty `warnings` is elided from Debug
output to avoid churning existing snapshots.
Tests: three new snapshot fixtures (012 well-formed, 013 invalid
format, 014 missing local path) plus unit tests for the reference
parser and httpmock-driven 404/200 coverage of the remote-check path,
which keeps `cargo test` green offline.
Refs mpalmer#38. Supersedes the earlier remote-checks cargo feature in favour
of a runtime CLI flag, per bcheidemann's review feedback on mpalmer#39.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
award28
force-pushed
the
38-validate-action-version-exists
branch
from
53ffc60 to
33619a7
Compare
Validates every `uses:` reference in a workflow or composite action:
- Always: parses the reference shape (`owner/repo[/path]@ref`,
`docker://image`, or `./local/path`) and records `InvalidActionFormat`
for anything that doesn't match.
- Always: checks that local `./` paths exist on disk relative to the
configured rootdir, recording `UnresolvedAction` if not.
- Opt-in via `--allow-remote-checks`: issues a HEAD request to
`api.github.com/repos/{owner}/{repo}/commits/{ref}` to confirm the
referenced GitHub action resolves. 404 becomes `UnresolvedAction`;
401/403 are treated as "assume exists"; network failures become
warnings rather than errors. Docker image checks are deferred and
recorded as a skipped-check warning.
`ValidationState` gains a `warnings` field so skipped-remote checks are
surfaced to programmatic consumers without polluting CLI stderr (they
print only under `--verbose`). Empty `warnings` is elided from Debug
output to avoid churning existing snapshots.
Tests: three new snapshot fixtures (012 well-formed, 013 invalid
format, 014 missing local path) plus unit tests for the reference
parser and httpmock-driven 404/200 coverage of the remote-check path,
which keeps `cargo test` green offline.
Refs mpalmer#38. Supersedes the earlier remote-checks cargo feature in favour
of a runtime CLI flag, per bcheidemann's review feedback on mpalmer#39.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
award28
force-pushed
the
38-validate-action-version-exists
branch
from
33619a7 to
e1ca2d4
Compare
Validates every `uses:` reference in a workflow or composite action:
- Always: parses the reference shape (`owner/repo[/path]@ref`,
`docker://image`, or `./local/path`) and records `InvalidActionFormat`
for anything that doesn't match.
- Always: checks that local `./` paths exist on disk relative to the
configured rootdir, recording `UnresolvedAction` if not.
- Opt-in via `--allow-remote-checks`: issues a HEAD request to
`api.github.com/repos/{owner}/{repo}/commits/{ref}` to confirm the
referenced GitHub action resolves. 404 becomes `UnresolvedAction`;
401/403 are treated as "assume exists"; network failures become
warnings rather than errors. Docker image checks are deferred and
recorded as a skipped-check warning.
`ValidationState` gains a `warnings` field so skipped-remote checks are
surfaced to programmatic consumers without polluting CLI stderr (they
print only under `--verbose`). Empty `warnings` is elided from Debug
output to avoid churning existing snapshots.
Tests: three new snapshot fixtures (012 well-formed, 013 invalid
format, 014 missing local path) plus unit tests for the reference
parser and httpmock-driven 404/200 coverage of the remote-check path,
which keeps `cargo test` green offline.
Refs mpalmer#38. Supersedes the earlier remote-checks cargo feature in favour
of a runtime CLI flag, per bcheidemann's review feedback on mpalmer#39.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
award28
force-pushed
the
38-validate-action-version-exists
branch
from
e1ca2d4 to
391e431
Compare
Validates every `uses:` reference in a workflow or composite action:
- Always: parses the reference shape (`owner/repo[/path]@ref`,
`docker://image`, or `./local/path`) and records `InvalidActionFormat`
for anything that doesn't match.
- Always: checks that local `./` paths exist on disk relative to the
configured rootdir, recording `UnresolvedAction` if not.
- Opt-in via `--allow-remote-checks`: issues a HEAD request to
`api.github.com/repos/{owner}/{repo}/commits/{ref}` to confirm the
referenced GitHub action resolves. 404 becomes `UnresolvedAction`;
401/403 are treated as "assume exists"; network failures become
warnings rather than errors. Docker image checks are deferred and
recorded as a skipped-check warning.
`ValidationState` gains a `warnings` field so skipped-remote checks are
surfaced to programmatic consumers without polluting CLI stderr (they
print only under `--verbose`). Empty `warnings` is elided from Debug
output to avoid churning existing snapshots.
Tests: three new snapshot fixtures (012 well-formed, 013 invalid
format, 014 missing local path) plus unit tests for the reference
parser and httpmock-driven 404/200 coverage of the remote-check path,
which keeps `cargo test` green offline.
Refs mpalmer#38. Supersedes the earlier remote-checks cargo feature in favour
of a runtime CLI flag, per bcheidemann's review feedback on mpalmer#39.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
award28
force-pushed
the
38-validate-action-version-exists
branch
from
391e431 to
50395aa
Compare
|
@mpalmer let me know if there's anything I missed! |
| let mut refs = Vec::new(); | ||
| collect_uses(doc, state, &mut refs); |
There was a problem hiding this comment.
Why not return the refs from collect_uses? e.g.
let refs = collect_uses(doc, state);| ) { | ||
| use crate::config::ActionType; | ||
|
|
||
| match state.action_type { |
There was a problem hiding this comment.
It feels a little inelegant to check the action type here, since it's already checked further up the call stack and the two paths don't share any code:
collect_uses -- checks action type
validate_uses
run -- already knows action type
The additional check could be avoided by breaking up collect_uses into two functions (collect_uses_for_workflow and collect_uses_for_action):
stateDiagram-v2
[*] --> run
state type <<choice>>
run --> type
type --> validate_uses_for_workflow
validate_uses_refs --> [*]
state validate_uses_for_workflow {
collect_uses_refs_for_workflow
}
validate_uses_for_workflow --> validate_uses_refs
type --> validate_uses_for_action
state validate_uses_for_action {
collect_uses_refs_for_action
}
validate_uses_for_action --> validate_uses_refs
|
@award28 I didn't have time to do a full review but a I did a quick scan and to me it all looks good. I think JS side should be easy enough to implement as well, but I'd be happy to pick that up once this is merged. |
3 participants
TODO
README.mdto include a section on theremote-checksfeature flag.Background
This PR resolves #38, adding a feature flag to enable remote checks. When the flag is enabled,
action-validatorperforms remote checks to validate that a provided action exists, as well as the specified commit/tag/version. There are a few other additions as well, covered in the release notes.Uses Validation
Non-Remote
usesValidationThe
usesvalidation from the schema store does not perform any validation on the value which is provided. However, this value can't be anystring; it must be one of a few values.There are a few variations for each, but the core difference is that a valid
usesis either a GitHub Action, a Docker image, or a path to an action. We can perform non-remote checks for each of these by making sure they match the expected uses type. Further, for a path value, we can validate that the path exists.remote-checksFeatureThe real benefit of this PR is the
remote-checksfeature flag. With this enabled, the user is givingaction-validatorpermission to perform validation that can only be confirmed through network calls. For theusesstatement, we perform http requests to verify a given action exists or a docker image exists. There are some limitations to this, listed below.Current Limitations
Future Improvements
withattributes on uses statementsOther Changes
Documentation
CONTRIBUTING.mdfile with sections covering environment setup, running the validator locally during development, and writing tests.Testing
testtotestsso rust can find it automatically.tests/runshell script in thetests/snapshot_tests.rsto take advantage of rusts testing capabilitiessave-snapshotsfeature flag to easily update outdated snapshots