k3nny
02d8e63a98
Adds project-level configuration and per-job suppression directives:
.glint.yml (searched from pipeline dir up to the git root):
- ignore: [GL007, GL032] — suppress rules globally for the project
- severity: {GL004: warning} — override rule severity (error/warning/ignore)
- stages: [quality] — extra stages beyond the pipeline's stages: block
- token: / url: / cache_dir: — defaults for flags; lower priority than
CLI flags and environment variables
Inline suppression (# glint: ignore):
- Place "# glint: ignore GL007" immediately before a job definition to
suppress that rule for the specific job only
- Multiple rules: "# glint: ignore GL007, GL032" (comma or space separated)
- Wildcard: "# glint: ignore all" suppresses every finding for the job
- Suppressions are scoped to the annotated job; pipeline-level findings
are unaffected
- Parsed from yaml.Node head/line comments in the first parse pass;
stored in Pipeline.Suppressions (root file only, not includes)
New packages: internal/config (Load, walk-up search, .git boundary stop)
New files: cmd/glint/filter.go (applyConfig, isSuppressed helpers)
Tests: config_test.go, parser_suppress_test.go, filter_test.go
Validate fixtures: testdata/config_ignored/, config_severity/, config_suppress/
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
163 lines
5.7 KiB
YAML
163 lines
5.7 KiB
YAML
version: "3"
|
|
|
|
vars:
|
|
BINARY: glint
|
|
GO: /usr/local/go/bin/go
|
|
VERSION:
|
|
sh: git describe --tags --always --dirty 2>/dev/null || echo "dev"
|
|
|
|
tasks:
|
|
default:
|
|
desc: List available tasks
|
|
cmd: task --list
|
|
|
|
build:
|
|
desc: Build the glint binary
|
|
cmds:
|
|
- "{{.GO}} build -ldflags \"-X main.version={{.VERSION}}\" -o {{.BINARY}} ./cmd/glint/..."
|
|
sources:
|
|
- "**/*.go"
|
|
- go.mod
|
|
generates:
|
|
- "{{.BINARY}}"
|
|
|
|
test:
|
|
desc: Run Go unit tests
|
|
cmd: "{{.GO}} test ./..."
|
|
|
|
validate:
|
|
desc: Run glint against all testdata fixtures
|
|
deps: [build]
|
|
cmds:
|
|
- cmd: ./{{.BINARY}} check testdata/valid.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/extends.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/keywords_valid.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/invalid.yml
|
|
ignore_error: true
|
|
- cmd: ./{{.BINARY}} check testdata/needs.yml
|
|
ignore_error: true
|
|
- cmd: ./{{.BINARY}} check testdata/needs_cycle.yml
|
|
ignore_error: true
|
|
- cmd: ./{{.BINARY}} check testdata/keywords_invalid.yml
|
|
ignore_error: true
|
|
- cmd: ./{{.BINARY}} check testdata/includes_remote.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/includes_project.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/includes_component.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/script_multiline.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/context_rules.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch main testdata/context_rules.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch develop testdata/context_rules.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch feat/my-feature testdata/context_rules.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --tag v1.0.0 testdata/context_rules.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/rules_if_expr.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch main testdata/rules_if_expr.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch feat/x testdata/rules_if_expr.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/workflow_vars.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch main testdata/workflow_vars.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch develop testdata/workflow_vars.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --branch feat/x testdata/workflow_vars.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/workflow_escape.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/variable_refs.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/variable_refs_included.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/dead_rules.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/new_rules_valid.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/new_rules_invalid.yml
|
|
ignore_error: true
|
|
- cmd: ./{{.BINARY}} check testdata/samba/.gitlab-ci.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/samba/.gitlab-ci-coverage.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/samba/.gitlab-ci-private.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --format json testdata/valid.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --format sarif testdata/valid.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --format junit testdata/valid.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check --format github testdata/invalid.yml
|
|
ignore_error: true
|
|
- cmd: ./{{.BINARY}} check testdata/config_ignored/.gitlab-ci.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/config_severity/.gitlab-ci.yml
|
|
ignore_error: false
|
|
- cmd: ./{{.BINARY}} check testdata/config_suppress/.gitlab-ci.yml
|
|
ignore_error: false
|
|
|
|
lint-go:
|
|
desc: Run go vet on all packages
|
|
cmd: "{{.GO}} vet ./..."
|
|
|
|
lint-static:
|
|
desc: Run staticcheck on all packages
|
|
cmd: "{{.GO}} tool staticcheck ./..."
|
|
|
|
ci:
|
|
desc: Full CI check — vet, staticcheck, test, build, validate
|
|
cmds:
|
|
- task: lint-go
|
|
- task: lint-static
|
|
- task: test
|
|
- task: build
|
|
- task: validate
|
|
|
|
build-windows:
|
|
desc: Build the glint binary for Windows x64 (requires a tagged commit)
|
|
vars:
|
|
TAG:
|
|
sh: git describe --tags --exact-match
|
|
preconditions:
|
|
- sh: git describe --tags --exact-match
|
|
msg: "Current commit is not tagged — Windows build requires a git tag"
|
|
cmds:
|
|
- "GOOS=windows GOARCH=amd64 {{.GO}} build -ldflags \"-X main.version={{.TAG}}\" -o {{.BINARY}}-{{.TAG}}.exe ./cmd/glint/..."
|
|
sources:
|
|
- "**/*.go"
|
|
- go.mod
|
|
generates:
|
|
- "{{.BINARY}}-{{.TAG}}.exe"
|
|
|
|
build-linux:
|
|
desc: Build the glint binary for Linux x64 (requires a tagged commit)
|
|
vars:
|
|
TAG:
|
|
sh: git describe --tags --exact-match
|
|
preconditions:
|
|
- sh: git describe --tags --exact-match
|
|
msg: "Current commit is not tagged — Linux build requires a git tag"
|
|
cmds:
|
|
- "GOOS=linux GOARCH=amd64 {{.GO}} build -ldflags \"-X main.version={{.TAG}}\" -o {{.BINARY}}-{{.TAG}}-linux-amd64 ./cmd/glint/..."
|
|
sources:
|
|
- "**/*.go"
|
|
- go.mod
|
|
generates:
|
|
- "{{.BINARY}}-{{.TAG}}-linux-amd64"
|
|
|
|
clean:
|
|
desc: Remove build artifacts
|
|
cmd: rm -f {{.BINARY}} {{.BINARY}}-*.exe {{.BINARY}}-*-linux-amd64
|