feat: initial Spectral integration #195
Conversation
|
|
jorge-ibm
force-pushed
the
beta/integrate-spectral
branch
from
d0c1a1a
to
ee2201f
Compare
| @@ -0,0 +1,27 @@ | |||
| { | |||
There was a problem hiding this comment.
If we want to start with a smaller ruleset, or no rules at all, we can also do that to minimize the blast radius of this change. Either option would still give users the ability to write their own rules.
jorge-ibm
force-pushed
the
beta/integrate-spectral
branch
from
ee2201f
to
074523b
Compare
| @@ -92,7 +92,7 @@ module.exports.validate = function({ jsSpec, isOAS3 }, config) { | |||
| let messageAuth = | |||
| 'Parameters must not explicitly define `Authorization`.'; | |||
| messageAuth = isOAS3 | |||
| ? `${messageAuth} Rely on the \`securitySchemas\` and \`security\` fields to specify authorization methods.` | |||
| ? `${messageAuth} Rely on the \`securitySchemes\` and \`security\` fields to specify authorization methods.` | |||
There was a problem hiding this comment.
Minor typo Phil pointed out in our existing rule. This should be securitySchemes in OAS3
Codecov Report
|
| "no-eval-in-markdown": true, | ||
| "no-script-tags-in-markdown": true, | ||
| "openapi-tags": true, | ||
| "operation-description": true, |
There was a problem hiding this comment.
Do any of these conflict with our rules? Some of these look like things we might throw an error for - I wouldn't want there to be any duplicate warning/error messages
There was a problem hiding this comment.
They shouldn't. I took care to try to test each rule I was enabling and making sure there wasn't duplicate output. Though if there's a rule we think is a duplicate, then it's possible I might've overlooked it.
There was a problem hiding this comment.
Cool, that sounds good. I just wanted to double check
|
I realized that I missed updating the code to also include Spectral in api invocations of the validator. I'll submit some changes soon to make sure that's accounted for. |
|
@mkistler I just pushed a commit to change the default ruleset to yaml, and allow for custom ruleset files to be either yaml or json. |
jorge-ibm
force-pushed
the
beta/integrate-spectral
branch
from
b6c99f8
to
6bfc910
Compare
src/lib/index.js
Outdated
| const readFile = util.promisify(fs.readFile); | ||
| input = await readFile(input, 'utf8'); | ||
| input = preprocessFile(input); | ||
| } |
There was a problem hiding this comment.
I'm unsure about this section - we've never supported file input through the JS API and I don't really think we should start unless specifically requested. It's the job of the user to load their files as JSON to pass to the validator
There was a problem hiding this comment.
I guess I'm confused about the documentation for the api here, is openApiDoc just an object in that example and not a path to a file ?
Edit: I guess I should've payed more attention to the documentation:
openApiDoc
Type: Object An object that represents an OpenAPI document.
Though I do want to point out that when I ran it against a file without my changes it worked fine which is way I guess I made that assumption 😄
There was a problem hiding this comment.
That's interesting that it worked fine - I think it's not "technically" supported though. So I don't think we need explicit code here for it
| ruleSetFile = await findUp(file); | ||
| } | ||
| } | ||
| } catch (err) { |
There was a problem hiding this comment.
This is an extremely minor comment but since you aren't using the error at all, I think it might be better style to just use catch ()
There was a problem hiding this comment.
I had to change this to catch { }
| JSON.stringify(validationResult) | ||
| ); | ||
| } | ||
| continue; |
There was a problem hiding this comment.
Correct me if I'm wrong but this continue statement looks superfluous - there's no more code after it
There was a problem hiding this comment.
Yeah I don't think that's doing anything. I'll remove it.
| //warning | ||
| messages.addMessage(path, message, 'warning'); | ||
| } else if (severity === 0) { | ||
| //error |
There was a problem hiding this comment.
Very picky style comment, comments should have a space after the "//" here and on line 28. It doesn't really matter but I'm surprised eslint didn't complain
jorge-ibm
force-pushed
the
beta/integrate-spectral
branch
from
c256fbe
to
0aeaadc
Compare
# [0.30.0](v0.29.4...v0.30.0) (2020-09-23) ### Features * initial Spectral integration ([#195](#195)) ([ccbc7a6](ccbc7a6))
|
🎉 This PR is included in version 0.30.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Initial integration of Spectral into the IBM Validator.
Changes:
.defaultsForSpectral.yamlwas created and includes all the Spectral rules for Swagger/OAS3 that are recommended by default, and don't overlap with any of the Validator's rules. Any future rules can be easily added from this file..spectral.yamlfile if it's found in the cwd to give users the ability to specify their own custom Spectral ruleset.securitySchemas->securitySchemesGiven that the results from Spectral are just "fed in" to the validator, and the current validator logic handles the logic from there, I did not find any issues running any of the validator's cmd line options with this new integration.