k3nny
f5f8546bcf
Bundles three patch releases (v0.2.16–v0.2.18): v0.2.18 — output formats (--format flag on glint check): - json: stable JSON report (schema_version: 1, findings array, summary) - sarif: SARIF 2.1.0 for GitHub Code Scanning / GitLab SAST - junit: JUnit XML for CI test-report artifacts (artifacts:reports:junit) - github: GitHub Actions ::error:: / ::warning:: annotation lines - Unknown --format value exits 2 with a helpful error message - Summary line routed to stderr in structured formats; context suppressed v0.2.17 — include resolution improvements: - Recursive include depth capped at 100 (matches GitLab's own limit) - project: and component: includes tracked in visited set (cycle detection) - $[[ inputs.KEY ]] / $[[ inputs.KEY | default(…) ]] substituted from with: - --cache-dir: persist fetched remote templates to disk (SHA-256 keyed) - --offline: serve from cache only; defaults to ~/.cache/glint v0.2.16 — new lint rules (GL034–GL041): - GL034: services map form requires name; alias must be valid DNS label - GL035: rules:changes / rules:exists absolute path detection - GL036: timeout format validation (job-level + default.timeout) - GL037: id_tokens entries must have an aud key - GL038: secrets entries must declare a provider (vault / gcp / azure) - GL039: pages: keyword + artifacts.paths consistency - GL040: duplicate stage names in stages: list - GL041: cache.key.files must be exact paths, not globs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
42 lines
1.1 KiB
Go
42 lines
1.1 KiB
Go
package fetcher
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
)
|
|
|
|
// cacheRead returns the cached bytes for the given cache key, or (nil, false)
|
|
// on a miss (key not present, dir empty, or any read error).
|
|
func cacheRead(dir, key string) ([]byte, bool) {
|
|
if dir == "" {
|
|
return nil, false
|
|
}
|
|
data, err := os.ReadFile(cachePath(dir, key))
|
|
if err != nil {
|
|
return nil, false
|
|
}
|
|
return data, true
|
|
}
|
|
|
|
// cacheWrite stores bytes in the cache for the given key. Write errors are
|
|
// silently ignored so cache failures never block the normal fetch path.
|
|
func cacheWrite(dir, key string, data []byte) {
|
|
if dir == "" {
|
|
return
|
|
}
|
|
if err := os.MkdirAll(dir, 0o755); err != nil {
|
|
return
|
|
}
|
|
_ = os.WriteFile(cachePath(dir, key), data, 0o644)
|
|
}
|
|
|
|
// cachePath returns the filesystem path for a cache entry.
|
|
// The filename is the SHA-256 hex digest of the key so arbitrary keys (URLs,
|
|
// "project:file@ref" strings) map to safe, stable filenames.
|
|
func cachePath(dir, key string) string {
|
|
h := sha256.Sum256([]byte(key))
|
|
return filepath.Join(dir, fmt.Sprintf("%x.yml", h))
|
|
}
|