lintnet - General purpose linter powered by Jsonnet Shunsuke Suzuki 2024-06-07 Lint Night#3 1

Self introduction Shunsuke Suzuki Platform Engineer at Mercari Platform Group GitHub: suzuki-shunsuke X: szkdash 2

My OSS ● aqua - Declarative CLI Version Manager written in Go ● tfcmt - Notify the result of terraform to GitHub pull requests ● tfaction - GitHub Actions for Terraform Monorepo ● etc 3

Overview ● Introduction of my new OSS lintnet ● What’s lintnet? 4

What’s lintnet? ● https://lintnet.github.io/ ● General purpose linter for structured configuration data powered by Jsonnet ● CLI like Conftest ● Single binary written in Go. No dependency and easy to install ● lintnet itself has no lint rule. You can define lint rules and lint files 5

General purpose ● k8s, Terraform, GitHub Actions, CircleCI, etc ● No need to use different linters and develop linters from scratch ● Support various data format ● Programing languages aren't supported 6

Jsonnet ● Superset of JSON for dynamic configuration ● Generate JSON dynamically https://jsonnet.org/ 7

Jsonnet ● Popular ● Simple - low learning cost ● Powerful - if, for, function, std lib, import, native function, etc ● Secure - restrict access to filesystem and network and OS command 8

Extend Jsonnet by Native functions ● lintnet extends Jsonnet by adding native functions ● https://lintnet.github.io/docs/lint-rule/native-function/ 9

Module ● Easy to reuse and distribute lint rules ● Reuse is just referring to modules in config or lint files ● Distribution is just publishing Jsonnet files in GitHub repositories ● Hopefully many awesome modules are published by community so that we can achieve awesome lint easily 10

Auto module update by Renovate ● https://github.com/lintnet/renovate-config ● lintnet’s Official Renovate Preset 11

Official Modules ● Official Modules ● e.g. ○ lintnet-modules/ghalint - Port of ghalint ○ lintnet-modules/nllint - Port of nllint 12

Extra features ● Test lint rules ● Parameterize lint rules ● Lint across multiple files ● Customize Output ● Control the result by error level 13

How to achieve lint by Jsonnet 14

Limitation ● Utilize the location of lint errors ○ reviewdog and editor integration ○ Output code where error occurs ● Auto fix ● Disable some lint rules by code annotation ● Lint of programming languages It's difficult to support them as a general purpose linter 15

How to use lintnet 1. Create a configuration file lintnet.jsonnet 2. Define lint rules by Jsonnet 3. Test rules by Jsonnet 4. Run lintnet lint command 16

Configuration file (lintnet.jsonnet) $ lintnet init 17

Lint rule hello.jsonnet 18

Test hello_test.jsonnet *_test.jsonnet A list of test cases test data + expected lint result $ lintnet test 19

Run lintnet 20

Comparison with Conftest 21

Conftest ● https://www.conftest.dev/ ● Utility to help you write tests against structured configuration data ● Use Rego as a Policy Language ● Cover various lint rules with one tool 22

Issues of Conftest ● Low reusability of policies ○ People develop similar lint rules independently ○ No standard way to share policies across multiple repositories ○ conftest push/pull is a low level API ○ https://www.conftest.dev/sharing/ 23

Compared with Conftest ● Easy to reuse and distribute lint rules by Module ● Standardized workflow by Configuration file and sub commands 24

Jsonnet vs Rego ● It is difficult to compare them objectively ● This is up to users ● Some people feel Rego is difficult and Jsonnet is easier than Rego 25

Summary ● lintnet is a general purpose linter powered by Jsonnet ● Users don’t need to use many different linters ● Developers can focus on developing lint rules ● lintnet enables us to reuse and distribute lint rules by Module 26