Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Extending Foodcritic with new rules
Search
Andrew Crump
February 04, 2014
Programming
2
650
Extending Foodcritic with new rules
Config Management Camp, Gent on 4th February 2014
Andrew Crump
February 04, 2014
Tweet
Share
More Decks by Andrew Crump
See All by Andrew Crump
Porting a small project from Go to Rust
acrmp
0
11
Docker and Cloud Foundry
acrmp
0
100
Continuous Delivery with Cloud Foundry
acrmp
1
100
Patterns for treating infrastructure as code
acrmp
1
290
Other Decks in Programming
See All in Programming
AIともっと楽するE2Eテスト
myohei
8
3k
Git Sync を超える!OSS で実現する CDK Pull 型デプロイ / Deploying CDK with PipeCD in Pull-style
tkikuc
4
350
The Modern View Layer Rails Deserves: A Vision For 2025 And Beyond @ RailsConf 2025, Philadelphia, PA
marcoroth
2
730
TypeScriptでDXを上げろ! Hono編
yusukebe
3
770
システム成長を止めない!本番無停止テーブル移行の全貌
sakawe_ee
1
360
AI コーディングエージェントの時代へ:JetBrains が描く開発の未来
masaruhr
1
200
SQLアンチパターン第2版 データベースプログラミングで陥りがちな失敗とその対策 / Intro to SQL Antipatterns 2nd
twada
PRO
11
1.6k
レトロゲームから学ぶ通信技術の歴史
kimkim0106
0
110
Advanced Micro Frontends: Multi Version/ Framework Scenarios @WAD 2025, Berlin
manfredsteyer
PRO
0
390
顧客の画像データをテラバイト単位で配信する 画像サーバを WebP にした際に起こった課題と その対応策 ~継続的な取り組みを添えて~
takutakahashi
4
1.3k
オンコール⼊⾨〜ページャーが鳴る前に、あなたが備えられること〜 / Before The Pager Rings
yktakaha4
2
990
20250708_JAWS_opscdk
takuyay0ne
2
130
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Building Adaptive Systems
keathley
43
2.7k
Designing for Performance
lara
610
69k
Gamification - CAS2011
davidbonilla
81
5.4k
Code Review Best Practice
trishagee
69
19k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
700
Documentation Writing (for coders)
carmenintech
72
4.9k
Being A Developer After 40
akosma
90
590k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Transcript
Extending foodcritic with new rules #cfgmgmtcamp #getchef
Overview
What is foodcritic?
A lint tool for your cookbooks
47 Built-in Rules
Goal: Identify problems in your cookbooks
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
$ foodcritic . FC006: Mode should be quoted or fully
specified when setting file permissions: ./ recipes/default.rb:9
file "/var/lib/foo" do owner "root" group "root" mode "644" action
:create end
Goal: Encourage discussion on the subjective stuff
execute "wget 'http:// example.org/' -Ofoo" do action :run end
execute "wget 'http:// example.org/' -Ofoo" do action :run end
$ foodcritic . FC041: Execute resource used to run curl
or wget commands: ./recipes/ default.rb:9
remote_file "foo" do source "http://example.org/" end
Goal: Write your own rules
# Specify rules on # the command line $ foodcritic
-I your_rule.rb . ! # You can also # package your rules # as a gem
How does it work?
Static code analysis
Example: Declaring resources in a loop
# The original recipe %w{foo bar baz}.each do |pkg| package
pkg end
# This is what Chef sees at converge time package[foo]
package[bar] package[baz]
# This is what foodcritic sees %w{foo bar baz}.each do
|pkg| package pkg end
Peter Zotov @whitequark fucking ruby and its fucking parser, how
does it even work?! I *still* have no idea
# recipe with a single resource file '/etc/foo' do mode
0600 content 'bar' end
pry> Ripper.sexp(code)
=> [:program, [[:method_add_block, [:command, [:@ident, "file", [2, 0]], [:args_add_block, [[:string_literal,
[:string_content, [:@tstring_content, "/ etc/foo", [2, 6]]]]], false]], [:do_block, nil, [[:command, [:@ident, "mode", [3, 2]], [:args_add_block, [[:@int, "0600", [3, 7]]], false]], [:command, [:@ident, "content", [4, 2]], [:args_add_block, [[:string_literal, [:string_content, [:@tstring_content, "bar", [4, 11]]]]], false]]]]]]]
Those are some deeply nested arrays
Ruby lets us build terse yet powerful expressions
But the path to a node in the tree is
important
<? XML ?> An elegant weapon for a more civilised
age
XPath //method_add_block/ command/ ident[@value="mode"]
ANTLR 4.2 SNAPSHOT "xpath/pattern matching for parse trees"
The structure of a rule
rule "FC123", "Name" do recipe do |ast| # some #
expression end end
cookbook environment library metadata resource role Hooks recipe do |ast|
ast.xpath(..) end
rule "FC123", "Name" do recipe do |ast| # some #expression
end end
Ruby returns the last expression Foodcritic converts the last expression
to matches
Let’s walk through the code for FC006
rule "FC006", "Mode should be quoted or fully specified when
setting file permissions" do
# We pass an array of tags in, common tags
include 'correctness' and 'style' tags %w{correctness files}
recipe do |ast| ast.xpath(%q{a/ long/xpath/string}) end
# any mode identifier // ident[@value='mode']/ ! # we need
to go up one parent::command/ ! # a literal integer descendant::int
# filtering again [ ! # needs to be less
# than five digits # long string-length(@value) < 5
# match 644 not 0644 and not( starts-with(@value, "0") and
string length(@value) = 4 ) ! # stop filtering ]
# choose the line num # to show to the
end # user /ancestor:: method_add_block # do this if the AST # node does not have # a descendant node # with a position
Pry is awesome and is a must for developing FC
rules
Drop a pry binding in your rule and explore pry>
ls pry> a_method() pry> whereami
rule "FC123", "Name" do recipe do |ast| binding.pry end end
pry> ast.xpath( '//do_block/command/ ident')
Tip: Chef now includes Pry as a runtime dependency as
of 11.8.0.
ancestor child descendant following parent preceding Axes
XPath expressions can be annoying ! Here’s some I prepared
earlier
attribute_access declared_dependencies find_resources notifications resource_attribute? resources_by_type searches API Foodcritic
all? any? find group_by inject map select Ruby Enumerable
Testing it actually works
Trust is really important - false positives undermine that trust
in the tool
Foodcritic core rules test against lots of examples
Examples: | environment_name | show_warning | | production | should
not | | pre_production | should not | | production-eu | should not | | production2 | should not | | Production | should not | | EU West | should | | production (eu-west) | should |
Different syntax in recipes results in different AST trees
Different Ruby versions can mean different AST trees 1.9.2, 1.9.3
and 2.0.0
Ok. I have my automated examples passing. I should be
good right?
Ok. I have my automated examples passing. I should be
good right? Nee! Non! No!
Test against a large corpus of real cookbooks
Ideas
Suggest Chef Sugar FC789: Use Chef Sugar to simplify platform
check
Spot duplication across recipes FC678: Compose recipes to reduce duplication
Validate recipe package names FC567: Package not present in distribution
What’s next?
Backlog of issues that could use your help!
Hack Afternoon
Thanks! @acrmp foodcritic.io freenode #chef
Extending foodcritic with new rules #cfgmgmtcamp #getchef