Class: Rules::OverlyBroadTriggers

Inherits:
Base
  • Object
show all
Defined in:
lib/rules/overly_broad_triggers.rb

Instance Method Summary collapse

Instance Method Details

#check(workflow) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/rules/overly_broad_triggers.rb', line 7

def check(workflow)
  findings = []
  triggers = workflow.triggers

  return findings unless triggers.is_a?(Hash)

  %w[push pull_request].each do |trigger|
    next unless triggers.key?(trigger)
    config = triggers[trigger]

    if config.nil? || config == true || (config.is_a?(Hash) && !config.key?("branches") && !config.key?("branches-ignore") && !config.key?("tags") && !config.key?("tags-ignore") && !config.key?("paths") && !config.key?("paths-ignore"))
      line = workflow.line_of(/^\s+#{trigger}:/)
      findings << finding(workflow,
        line: line || 0,
        code: "#{trigger}:",
        message: "'#{trigger}' trigger with no branch filter — runs on all branches",
        fix: "Add branches: [main] to scope the trigger"
      )
    end
  end

  findings
end

#descriptionObject 



4
 
# File 'lib/rules/overly_broad_triggers.rb', line 4

def description = "Push or pull_request trigger without branch filter"

#nameObject 



3
 
# File 'lib/rules/overly_broad_triggers.rb', line 3

def name = "overly-broad-triggers"

#severityObject 



5
 
# File 'lib/rules/overly_broad_triggers.rb', line 5

def severity = :low