-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: initial Spectral integration #195
Conversation
d0c1a1a
to
ee2201f
Compare
@@ -0,0 +1,27 @@ | |||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we want to start with a smaller ruleset, or no rules at all, we can also do that to minimize the blast radius of this change. Either option would still give users the ability to write their own rules.
ee2201f
to
074523b
Compare
@@ -92,7 +92,7 @@ module.exports.validate = function({ jsSpec, isOAS3 }, config) { | |||
let messageAuth = | |||
'Parameters must not explicitly define `Authorization`.'; | |||
messageAuth = isOAS3 | |||
? `${messageAuth} Rely on the \`securitySchemas\` and \`security\` fields to specify authorization methods.` | |||
? `${messageAuth} Rely on the \`securitySchemes\` and \`security\` fields to specify authorization methods.` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor typo Phil pointed out in our existing rule. This should be securitySchemes in OAS3
Codecov Report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leaving an initial review of some things to clean up in the code while others are looking at the PR. It looks great so far but I'm going to keep looking at it
"no-eval-in-markdown": true, | ||
"no-script-tags-in-markdown": true, | ||
"openapi-tags": true, | ||
"operation-description": true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do any of these conflict with our rules? Some of these look like things we might throw an error for - I wouldn't want there to be any duplicate warning/error messages
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They shouldn't. I took care to try to test each rule I was enabling and making sure there wasn't duplicate output. Though if there's a rule we think is a duplicate, then it's possible I might've overlooked it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, that sounds good. I just wanted to double check
I realized that I missed updating the code to also include Spectral in api invocations of the validator. I'll submit some changes soon to make sure that's accounted for. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good but I recommend we allow users to provide their Spectral config in yaml format.
@mkistler I just pushed a commit to change the default ruleset to yaml, and allow for custom ruleset files to be either yaml or json. |
b6c99f8
to
6bfc910
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good but I have a few more comments to be addressed before merging
src/lib/index.js
Outdated
const readFile = util.promisify(fs.readFile); | ||
input = await readFile(input, 'utf8'); | ||
input = preprocessFile(input); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm unsure about this section - we've never supported file input through the JS API and I don't really think we should start unless specifically requested. It's the job of the user to load their files as JSON to pass to the validator
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I'm confused about the documentation for the api here, is openApiDoc
just an object in that example and not a path to a file ?
Edit: I guess I should've payed more attention to the documentation:
openApiDoc
Type: Object An object that represents an OpenAPI document.
Though I do want to point out that when I ran it against a file without my changes it worked fine which is way I guess I made that assumption 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's interesting that it worked fine - I think it's not "technically" supported though. So I don't think we need explicit code here for it
ruleSetFile = await findUp(file); | ||
} | ||
} | ||
} catch (err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an extremely minor comment but since you aren't using the error at all, I think it might be better style to just use catch ()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had to change this to catch { }
JSON.stringify(validationResult) | ||
); | ||
} | ||
continue; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct me if I'm wrong but this continue
statement looks superfluous - there's no more code after it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I don't think that's doing anything. I'll remove it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! 👍
//warning | ||
messages.addMessage(path, message, 'warning'); | ||
} else if (severity === 0) { | ||
//error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very picky style comment, comments should have a space after the "//" here and on line 28. It doesn't really matter but I'm surprised eslint didn't complain
c256fbe
to
0aeaadc
Compare
# [0.30.0](v0.29.4...v0.30.0) (2020-09-23) ### Features * initial Spectral integration ([#195](#195)) ([ccbc7a6](ccbc7a6))
🎉 This PR is included in version 0.30.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Initial integration of Spectral into the IBM Validator.
Changes:
.defaultsForSpectral.yaml
was created and includes all the Spectral rules for Swagger/OAS3 that are recommended by default, and don't overlap with any of the Validator's rules. Any future rules can be easily added from this file..spectral.yaml
file if it's found in the cwd to give users the ability to specify their own custom Spectral ruleset.securitySchemas
->securitySchemes
Given that the results from Spectral are just "fed in" to the validator, and the current validator logic handles the logic from there, I did not find any issues running any of the validator's cmd line options with this new integration.