Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Extending Foodcritic with new rules
Search
Andrew Crump
February 04, 2014
Programming
2
650
Extending Foodcritic with new rules
Config Management Camp, Gent on 4th February 2014
Andrew Crump
February 04, 2014
Tweet
Share
More Decks by Andrew Crump
See All by Andrew Crump
Porting a small project from Go to Rust
acrmp
0
10
Docker and Cloud Foundry
acrmp
0
100
Continuous Delivery with Cloud Foundry
acrmp
1
100
Patterns for treating infrastructure as code
acrmp
1
290
Other Decks in Programming
See All in Programming
Porting a visionOS App to Android XR
akkeylab
0
220
Code as Context 〜 1にコードで 2にリンタ 34がなくて 5にルール? 〜
yodakeisuke
0
120
Quand Symfony, ApiPlatform, OpenAI et LangChain s'allient pour exploiter vos PDF : de la théorie à la production…
ahmedbhs123
0
130
#QiitaBash MCPのセキュリティ
ryosukedtomita
0
880
生成AIコーディングとの向き合い方、AIと共創するという考え方 / How to deal with generative AI coding and the concept of co-creating with AI
seike460
PRO
1
350
Systèmes distribués, pour le meilleur et pour le pire - BreizhCamp 2025 - Conférence
slecache
0
120
関数型まつりレポート for JuliaTokai #22
antimon2
0
160
Deep Dive into ~/.claude/projects
hiragram
12
2.3k
AIエージェントはこう育てる - GitHub Copilot Agentとチームの共進化サイクル
koboriakira
0
490
datadog dash 2025 LLM observability for reliability and stability
ivry_presentationmaterials
0
440
Flutterで備える!Accessibility Nutrition Labels完全ガイド
yuukiw00w
0
140
AI時代のソフトウェア開発を考える(2025/07版) / Agentic Software Engineering Findy 2025-07 Edition
twada
PRO
42
9.9k
Featured
See All Featured
Statistics for Hackers
jakevdp
799
220k
What's in a price? How to price your products and services
michaelherold
246
12k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
GraphQLとの向き合い方2022年版
quramy
49
14k
Code Review Best Practice
trishagee
69
18k
KATA
mclloyd
30
14k
Music & Morning Musume
bryan
46
6.6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
940
Become a Pro
speakerdeck
PRO
28
5.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
Transcript
Extending foodcritic with new rules #cfgmgmtcamp #getchef
Overview
What is foodcritic?
A lint tool for your cookbooks
47 Built-in Rules
Goal: Identify problems in your cookbooks
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
$ foodcritic . FC006: Mode should be quoted or fully
specified when setting file permissions: ./ recipes/default.rb:9
file "/var/lib/foo" do owner "root" group "root" mode "644" action
:create end
Goal: Encourage discussion on the subjective stuff
execute "wget 'http:// example.org/' -Ofoo" do action :run end
execute "wget 'http:// example.org/' -Ofoo" do action :run end
$ foodcritic . FC041: Execute resource used to run curl
or wget commands: ./recipes/ default.rb:9
remote_file "foo" do source "http://example.org/" end
Goal: Write your own rules
# Specify rules on # the command line $ foodcritic
-I your_rule.rb . ! # You can also # package your rules # as a gem
How does it work?
Static code analysis
Example: Declaring resources in a loop
# The original recipe %w{foo bar baz}.each do |pkg| package
pkg end
# This is what Chef sees at converge time package[foo]
package[bar] package[baz]
# This is what foodcritic sees %w{foo bar baz}.each do
|pkg| package pkg end
Peter Zotov @whitequark fucking ruby and its fucking parser, how
does it even work?! I *still* have no idea
# recipe with a single resource file '/etc/foo' do mode
0600 content 'bar' end
pry> Ripper.sexp(code)
=> [:program, [[:method_add_block, [:command, [:@ident, "file", [2, 0]], [:args_add_block, [[:string_literal,
[:string_content, [:@tstring_content, "/ etc/foo", [2, 6]]]]], false]], [:do_block, nil, [[:command, [:@ident, "mode", [3, 2]], [:args_add_block, [[:@int, "0600", [3, 7]]], false]], [:command, [:@ident, "content", [4, 2]], [:args_add_block, [[:string_literal, [:string_content, [:@tstring_content, "bar", [4, 11]]]]], false]]]]]]]
Those are some deeply nested arrays
Ruby lets us build terse yet powerful expressions
But the path to a node in the tree is
important
<? XML ?> An elegant weapon for a more civilised
age
XPath //method_add_block/ command/ ident[@value="mode"]
ANTLR 4.2 SNAPSHOT "xpath/pattern matching for parse trees"
The structure of a rule
rule "FC123", "Name" do recipe do |ast| # some #
expression end end
cookbook environment library metadata resource role Hooks recipe do |ast|
ast.xpath(..) end
rule "FC123", "Name" do recipe do |ast| # some #expression
end end
Ruby returns the last expression Foodcritic converts the last expression
to matches
Let’s walk through the code for FC006
rule "FC006", "Mode should be quoted or fully specified when
setting file permissions" do
# We pass an array of tags in, common tags
include 'correctness' and 'style' tags %w{correctness files}
recipe do |ast| ast.xpath(%q{a/ long/xpath/string}) end
# any mode identifier // ident[@value='mode']/ ! # we need
to go up one parent::command/ ! # a literal integer descendant::int
# filtering again [ ! # needs to be less
# than five digits # long string-length(@value) < 5
# match 644 not 0644 and not( starts-with(@value, "0") and
string length(@value) = 4 ) ! # stop filtering ]
# choose the line num # to show to the
end # user /ancestor:: method_add_block # do this if the AST # node does not have # a descendant node # with a position
Pry is awesome and is a must for developing FC
rules
Drop a pry binding in your rule and explore pry>
ls pry> a_method() pry> whereami
rule "FC123", "Name" do recipe do |ast| binding.pry end end
pry> ast.xpath( '//do_block/command/ ident')
Tip: Chef now includes Pry as a runtime dependency as
of 11.8.0.
ancestor child descendant following parent preceding Axes
XPath expressions can be annoying ! Here’s some I prepared
earlier
attribute_access declared_dependencies find_resources notifications resource_attribute? resources_by_type searches API Foodcritic
all? any? find group_by inject map select Ruby Enumerable
Testing it actually works
Trust is really important - false positives undermine that trust
in the tool
Foodcritic core rules test against lots of examples
Examples: | environment_name | show_warning | | production | should
not | | pre_production | should not | | production-eu | should not | | production2 | should not | | Production | should not | | EU West | should | | production (eu-west) | should |
Different syntax in recipes results in different AST trees
Different Ruby versions can mean different AST trees 1.9.2, 1.9.3
and 2.0.0
Ok. I have my automated examples passing. I should be
good right?
Ok. I have my automated examples passing. I should be
good right? Nee! Non! No!
Test against a large corpus of real cookbooks
Ideas
Suggest Chef Sugar FC789: Use Chef Sugar to simplify platform
check
Spot duplication across recipes FC678: Compose recipes to reduce duplication
Validate recipe package names FC567: Package not present in distribution
What’s next?
Backlog of issues that could use your help!
Hack Afternoon
Thanks! @acrmp foodcritic.io freenode #chef
Extending foodcritic with new rules #cfgmgmtcamp #getchef