Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Extending Foodcritic with new rules
Search
Andrew Crump
February 04, 2014
Programming
2
620
Extending Foodcritic with new rules
Config Management Camp, Gent on 4th February 2014
Andrew Crump
February 04, 2014
Tweet
Share
More Decks by Andrew Crump
See All by Andrew Crump
Docker and Cloud Foundry
acrmp
0
93
Continuous Delivery with Cloud Foundry
acrmp
1
85
Patterns for treating infrastructure as code
acrmp
1
280
Other Decks in Programming
See All in Programming
コーンフレークから始める モデリング会話入門
ogurotakayuki
0
360
ONE WEDGE_company_guide
1wedge_one
0
460
Prepare for Jakarta EE 11 - Performance and Developer Productivity
ivargrimstad
0
720
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
26
8.2k
AWS Application Composerで始める、 サーバーレスなデータ基盤構築 / 20240406-jawsug-hokuriku-shinkansen
kasacchiful
1
260
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
230
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
StoreKit2によるiOSのアプリ内課金のリニューアル
kangnux
0
110
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
5
900
Elm 0.19.0 Changes
bkuhlmann
0
490
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
230
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
170
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
Embracing the Ebb and Flow
colly
80
4.1k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
[RailsConf 2023] Rails as a piece of cake
palkan
23
3.9k
The Invisible Customer
myddelton
114
12k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
For a Future-Friendly Web
brad_frost
172
9k
Code Reviewing Like a Champion
maltzj
514
39k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Transcript
Extending foodcritic with new rules #cfgmgmtcamp #getchef
Overview
What is foodcritic?
A lint tool for your cookbooks
47 Built-in Rules
Goal: Identify problems in your cookbooks
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
file "/var/lib/foo" do owner "root" group "root" mode 644 action
:create end
$ foodcritic . FC006: Mode should be quoted or fully
specified when setting file permissions: ./ recipes/default.rb:9
file "/var/lib/foo" do owner "root" group "root" mode "644" action
:create end
Goal: Encourage discussion on the subjective stuff
execute "wget 'http:// example.org/' -Ofoo" do action :run end
execute "wget 'http:// example.org/' -Ofoo" do action :run end
$ foodcritic . FC041: Execute resource used to run curl
or wget commands: ./recipes/ default.rb:9
remote_file "foo" do source "http://example.org/" end
Goal: Write your own rules
# Specify rules on # the command line $ foodcritic
-I your_rule.rb . ! # You can also # package your rules # as a gem
How does it work?
Static code analysis
Example: Declaring resources in a loop
# The original recipe %w{foo bar baz}.each do |pkg| package
pkg end
# This is what Chef sees at converge time package[foo]
package[bar] package[baz]
# This is what foodcritic sees %w{foo bar baz}.each do
|pkg| package pkg end
Peter Zotov @whitequark fucking ruby and its fucking parser, how
does it even work?! I *still* have no idea
# recipe with a single resource file '/etc/foo' do mode
0600 content 'bar' end
pry> Ripper.sexp(code)
=> [:program, [[:method_add_block, [:command, [:@ident, "file", [2, 0]], [:args_add_block, [[:string_literal,
[:string_content, [:@tstring_content, "/ etc/foo", [2, 6]]]]], false]], [:do_block, nil, [[:command, [:@ident, "mode", [3, 2]], [:args_add_block, [[:@int, "0600", [3, 7]]], false]], [:command, [:@ident, "content", [4, 2]], [:args_add_block, [[:string_literal, [:string_content, [:@tstring_content, "bar", [4, 11]]]]], false]]]]]]]
Those are some deeply nested arrays
Ruby lets us build terse yet powerful expressions
But the path to a node in the tree is
important
<? XML ?> An elegant weapon for a more civilised
age
XPath //method_add_block/ command/ ident[@value="mode"]
ANTLR 4.2 SNAPSHOT "xpath/pattern matching for parse trees"
The structure of a rule
rule "FC123", "Name" do recipe do |ast| # some #
expression end end
cookbook environment library metadata resource role Hooks recipe do |ast|
ast.xpath(..) end
rule "FC123", "Name" do recipe do |ast| # some #expression
end end
Ruby returns the last expression Foodcritic converts the last expression
to matches
Let’s walk through the code for FC006
rule "FC006", "Mode should be quoted or fully specified when
setting file permissions" do
# We pass an array of tags in, common tags
include 'correctness' and 'style' tags %w{correctness files}
recipe do |ast| ast.xpath(%q{a/ long/xpath/string}) end
# any mode identifier // ident[@value='mode']/ ! # we need
to go up one parent::command/ ! # a literal integer descendant::int
# filtering again [ ! # needs to be less
# than five digits # long string-length(@value) < 5
# match 644 not 0644 and not( starts-with(@value, "0") and
string length(@value) = 4 ) ! # stop filtering ]
# choose the line num # to show to the
end # user /ancestor:: method_add_block # do this if the AST # node does not have # a descendant node # with a position
Pry is awesome and is a must for developing FC
rules
Drop a pry binding in your rule and explore pry>
ls pry> a_method() pry> whereami
rule "FC123", "Name" do recipe do |ast| binding.pry end end
pry> ast.xpath( '//do_block/command/ ident')
Tip: Chef now includes Pry as a runtime dependency as
of 11.8.0.
ancestor child descendant following parent preceding Axes
XPath expressions can be annoying ! Here’s some I prepared
earlier
attribute_access declared_dependencies find_resources notifications resource_attribute? resources_by_type searches API Foodcritic
all? any? find group_by inject map select Ruby Enumerable
Testing it actually works
Trust is really important - false positives undermine that trust
in the tool
Foodcritic core rules test against lots of examples
Examples: | environment_name | show_warning | | production | should
not | | pre_production | should not | | production-eu | should not | | production2 | should not | | Production | should not | | EU West | should | | production (eu-west) | should |
Different syntax in recipes results in different AST trees
Different Ruby versions can mean different AST trees 1.9.2, 1.9.3
and 2.0.0
Ok. I have my automated examples passing. I should be
good right?
Ok. I have my automated examples passing. I should be
good right? Nee! Non! No!
Test against a large corpus of real cookbooks
Ideas
Suggest Chef Sugar FC789: Use Chef Sugar to simplify platform
check
Spot duplication across recipes FC678: Compose recipes to reduce duplication
Validate recipe package names FC567: Package not present in distribution
What’s next?
Backlog of issues that could use your help!
Hack Afternoon
Thanks! @acrmp foodcritic.io freenode #chef
Extending foodcritic with new rules #cfgmgmtcamp #getchef