k3nny
f5f8546bcf
Bundles three patch releases (v0.2.16–v0.2.18): v0.2.18 — output formats (--format flag on glint check): - json: stable JSON report (schema_version: 1, findings array, summary) - sarif: SARIF 2.1.0 for GitHub Code Scanning / GitLab SAST - junit: JUnit XML for CI test-report artifacts (artifacts:reports:junit) - github: GitHub Actions ::error:: / ::warning:: annotation lines - Unknown --format value exits 2 with a helpful error message - Summary line routed to stderr in structured formats; context suppressed v0.2.17 — include resolution improvements: - Recursive include depth capped at 100 (matches GitLab's own limit) - project: and component: includes tracked in visited set (cycle detection) - $[[ inputs.KEY ]] / $[[ inputs.KEY | default(…) ]] substituted from with: - --cache-dir: persist fetched remote templates to disk (SHA-256 keyed) - --offline: serve from cache only; defaults to ~/.cache/glint v0.2.16 — new lint rules (GL034–GL041): - GL034: services map form requires name; alias must be valid DNS label - GL035: rules:changes / rules:exists absolute path detection - GL036: timeout format validation (job-level + default.timeout) - GL037: id_tokens entries must have an aud key - GL038: secrets entries must declare a provider (vault / gcp / azure) - GL039: pages: keyword + artifacts.paths consistency - GL040: duplicate stage names in stages: list - GL041: cache.key.files must be exact paths, not globs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
82 lines
1.4 KiB
YAML
82 lines
1.4 KiB
YAML
stages:
|
|
- build
|
|
- test
|
|
- test
|
|
|
|
variables:
|
|
DEPLOY_ENV: staging
|
|
|
|
# GL040: duplicate stage "test" above triggers a warning
|
|
|
|
# GL034: services map form missing name
|
|
service-no-name:
|
|
stage: build
|
|
script: [echo ok]
|
|
services:
|
|
- alias: my-svc
|
|
|
|
# GL034: services map form with invalid alias (contains spaces)
|
|
service-bad-alias:
|
|
stage: build
|
|
script: [echo ok]
|
|
services:
|
|
- name: redis:latest
|
|
alias: "my bad alias"
|
|
|
|
# GL035: rules:changes with absolute path
|
|
absolute-changes:
|
|
stage: test
|
|
script: [echo test]
|
|
rules:
|
|
- changes:
|
|
- /src/main.go
|
|
|
|
# GL035: rules:exists with absolute path
|
|
absolute-exists:
|
|
stage: test
|
|
script: [echo test]
|
|
rules:
|
|
- exists:
|
|
- /Dockerfile
|
|
|
|
# GL036: invalid timeout format
|
|
bad-timeout:
|
|
stage: build
|
|
script: [echo build]
|
|
timeout: forever
|
|
|
|
# GL037: id_tokens entry missing aud
|
|
bad-token:
|
|
stage: test
|
|
script: [echo test]
|
|
id_tokens:
|
|
MY_TOKEN:
|
|
expire: 3600
|
|
|
|
# GL038: secrets entry missing provider
|
|
bad-secret:
|
|
stage: test
|
|
script: [echo test]
|
|
secrets:
|
|
DB_PASSWORD:
|
|
expire: 3600
|
|
|
|
# GL039: pages keyword but publish dir not in artifacts.paths
|
|
bad-pages:
|
|
stage: build
|
|
script: [mkdocs build]
|
|
pages:
|
|
publish: dist
|
|
artifacts:
|
|
paths:
|
|
- public
|
|
|
|
# GL041: cache.key.files contains a glob
|
|
bad-cache-glob:
|
|
stage: build
|
|
script: [echo build]
|
|
cache:
|
|
key:
|
|
files:
|
|
- "*.sum"
|