Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Extending Foodcritic with new rules
Search
Andrew Crump
February 04, 2014
Programming
2
650
Extending Foodcritic with new rules
Config Management Camp, Gent on 4th February 2014
Andrew Crump
February 04, 2014
Tweet
Share
More Decks by Andrew Crump
See All by Andrew Crump
Porting a small project from Go to Rust
acrmp
0
10
Docker and Cloud Foundry
acrmp
0
100
Continuous Delivery with Cloud Foundry
acrmp
1
100
Patterns for treating infrastructure as code
acrmp
1
290
Other Decks in Programming
See All in Programming
PHP 8.4の新機能「プロパティフック」から学ぶオブジェクト指向設計とリスコフの置換原則
kentaroutakeda
2
750
WindowInsetsだってテストしたい
ryunen344
1
240
おやつのお供はお決まりですか?@WWDC25 Recap -Japan-\(region).swift
shingangan
0
110
XP, Testing and ninja testing
m_seki
3
230
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
77web
2
500
ペアプロ × 生成AI 現場での実践と課題について / generative-ai-in-pair-programming
codmoninc
1
15k
#kanrk08 / 公開版 PicoRubyとマイコンでの自作トレーニング計測装置を用いたワークアウトの理想と現実
bash0c7
1
690
WebViewの現在地 - SwiftUI時代のWebKit - / The Current State Of WebView
marcy731
0
110
地方に住むエンジニアの残酷な現実とキャリア論
ichimichi
5
1.5k
0626 Findy Product Manager LT Night_高田スライド_speaker deck用
mana_takada
0
160
Systèmes distribués, pour le meilleur et pour le pire - BreizhCamp 2025 - Conférence
slecache
0
120
テストから始めるAgentic Coding 〜Claude Codeと共に行うTDD〜 / Agentic Coding starts with testing
rkaga
3
500
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
48
5.4k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Music & Morning Musume
bryan
46
6.6k
Code Review Best Practice
trishagee
69
18k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
The Cost Of JavaScript in 2023
addyosmani
51
8.5k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Transcript
Extending foodcritic with new rules #cfgmgmtcamp #getchef
Overview
What is foodcritic?
A lint tool for your cookbooks
47 Built-in Rules
Goal: Identify problems in your cookbooks
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
$ foodcritic . FC006: Mode should be quoted or fully
specified when setting file permissions: ./ recipes/default.rb:9
file "/var/lib/foo" do owner "root" group "root" mode "644" action
:create end
Goal: Encourage discussion on the subjective stuff
execute "wget 'http:// example.org/' -Ofoo" do action :run end
execute "wget 'http:// example.org/' -Ofoo" do action :run end
$ foodcritic . FC041: Execute resource used to run curl
or wget commands: ./recipes/ default.rb:9
remote_file "foo" do source "http://example.org/" end
Goal: Write your own rules
# Specify rules on # the command line $ foodcritic
-I your_rule.rb . ! # You can also # package your rules # as a gem
How does it work?
Static code analysis
Example: Declaring resources in a loop
# The original recipe %w{foo bar baz}.each do |pkg| package
pkg end
# This is what Chef sees at converge time package[foo]
package[bar] package[baz]
# This is what foodcritic sees %w{foo bar baz}.each do
|pkg| package pkg end
Peter Zotov @whitequark fucking ruby and its fucking parser, how
does it even work?! I *still* have no idea
# recipe with a single resource file '/etc/foo' do mode
0600 content 'bar' end
pry> Ripper.sexp(code)
=> [:program, [[:method_add_block, [:command, [:@ident, "file", [2, 0]], [:args_add_block, [[:string_literal,
[:string_content, [:@tstring_content, "/ etc/foo", [2, 6]]]]], false]], [:do_block, nil, [[:command, [:@ident, "mode", [3, 2]], [:args_add_block, [[:@int, "0600", [3, 7]]], false]], [:command, [:@ident, "content", [4, 2]], [:args_add_block, [[:string_literal, [:string_content, [:@tstring_content, "bar", [4, 11]]]]], false]]]]]]]
Those are some deeply nested arrays
Ruby lets us build terse yet powerful expressions
But the path to a node in the tree is
important
<? XML ?> An elegant weapon for a more civilised
age
XPath //method_add_block/ command/ ident[@value="mode"]
ANTLR 4.2 SNAPSHOT "xpath/pattern matching for parse trees"
The structure of a rule
rule "FC123", "Name" do recipe do |ast| # some #
expression end end
cookbook environment library metadata resource role Hooks recipe do |ast|
ast.xpath(..) end
rule "FC123", "Name" do recipe do |ast| # some #expression
end end
Ruby returns the last expression Foodcritic converts the last expression
to matches
Let’s walk through the code for FC006
rule "FC006", "Mode should be quoted or fully specified when
setting file permissions" do
# We pass an array of tags in, common tags
include 'correctness' and 'style' tags %w{correctness files}
recipe do |ast| ast.xpath(%q{a/ long/xpath/string}) end
# any mode identifier // ident[@value='mode']/ ! # we need
to go up one parent::command/ ! # a literal integer descendant::int
# filtering again [ ! # needs to be less
# than five digits # long string-length(@value) < 5
# match 644 not 0644 and not( starts-with(@value, "0") and
string length(@value) = 4 ) ! # stop filtering ]
# choose the line num # to show to the
end # user /ancestor:: method_add_block # do this if the AST # node does not have # a descendant node # with a position
Pry is awesome and is a must for developing FC
rules
Drop a pry binding in your rule and explore pry>
ls pry> a_method() pry> whereami
rule "FC123", "Name" do recipe do |ast| binding.pry end end
pry> ast.xpath( '//do_block/command/ ident')
Tip: Chef now includes Pry as a runtime dependency as
of 11.8.0.
ancestor child descendant following parent preceding Axes
XPath expressions can be annoying ! Here’s some I prepared
earlier
attribute_access declared_dependencies find_resources notifications resource_attribute? resources_by_type searches API Foodcritic
all? any? find group_by inject map select Ruby Enumerable
Testing it actually works
Trust is really important - false positives undermine that trust
in the tool
Foodcritic core rules test against lots of examples
Examples: | environment_name | show_warning | | production | should
not | | pre_production | should not | | production-eu | should not | | production2 | should not | | Production | should not | | EU West | should | | production (eu-west) | should |
Different syntax in recipes results in different AST trees
Different Ruby versions can mean different AST trees 1.9.2, 1.9.3
and 2.0.0
Ok. I have my automated examples passing. I should be
good right?
Ok. I have my automated examples passing. I should be
good right? Nee! Non! No!
Test against a large corpus of real cookbooks
Ideas
Suggest Chef Sugar FC789: Use Chef Sugar to simplify platform
check
Spot duplication across recipes FC678: Compose recipes to reduce duplication
Validate recipe package names FC567: Package not present in distribution
What’s next?
Backlog of issues that could use your help!
Hack Afternoon
Thanks! @acrmp foodcritic.io freenode #chef
Extending foodcritic with new rules #cfgmgmtcamp #getchef