Skip to content

v20250722.154010

  • v20250722.154010
  • 616158f

  • Partially verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.

  • Choose a tag to compare

    View all tags
v20250722.154010: feat: add IDE plugin compatibility matrix generator [IDE-1226] (#932)
  • v20250722.154010
  • 616158f

  • Choose a tag to compare

    View all tags

  • Partially verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
@basti-snyk basti-snyk tagged this 22 Jul 13:40 
* feat: add cache implementation for API responses [IDE-1226]

* feat: add GitHub API client for fetching releases [IDE-1226]

* feat: add plugin-specific protocol version extraction [IDE-1226]

* feat: add CLI version mapping from protocol version [IDE-1226]

* feat: complete main compatibility matrix generator implementation [IDE-1226]

* feat: add GitHub Action workflow for daily matrix updates [IDE-1226]

* test: add unit tests for compatibility matrix generator [IDE-1226]

* docs: add README for compatibility matrix generator [IDE-1226]

* fix: resolve linting issues in compatibility matrix scripts [IDE-1226]

* chore: add compatibility matrix cache to gitignore [IDE-1226]

* chore: update copyright year to 2025 in new files [IDE-1226]

* fix: use stable channel for CLI versions instead of preview [IDE-1226]

* perf: optimize cache implementation using json.RawMessage [IDE-1226]

Refactored cache implementation to use json.RawMessage instead of interface{}
for the Data field in CacheEntry. This eliminates unnecessary marshalling
and unmarshalling operations, improving performance.

- Changed CacheEntry.Data type from interface{} to json.RawMessage
- Removed redundant marshal/unmarshal in Get method
- Updated Set method to marshal value to json.RawMessage

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* fix: handle io.ReadAll error in GitHub API client [IDE-1226]

Previously, the error from io.ReadAll was being ignored when reading
error response bodies from the GitHub API. This could hide useful
error information. Now properly handle this error to provide more
complete error messages.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* fix: properly propagate errors from concurrent goroutines [IDE-1226]

Previously, fetchAllReleases would silently swallow errors from goroutines,
always returning nil error even when fetching releases failed. This could
lead to incomplete matrices without proper failure indication in automated
environments like GitHub Actions.

Now we:
- Collect all errors from goroutines in a thread-safe manner
- Return an error if any plugin fetch fails
- Exit with non-zero status on failure, properly signaling errors

Also fixed error wrapping in GitHub API client to use %w verb.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* fix: log cache.Set errors for better diagnostics [IDE-1226]

Previously, cache.Set errors were silently ignored, making it difficult
to diagnose issues like file system permissions or disk space problems.

Now we log warnings when cache operations fail, providing visibility
into cache-related issues without interrupting the main workflow.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* refactor: replace error-based value return with idiomatic approach [IDE-1226]

Previously, we used fmt.Errorf("FOUND:...") as a workaround to return values
from filepath.Walk, which is brittle and non-idiomatic Go code.

Now we:
- Use a proper sentinel error (errStopWalk) to signal early termination
- Store the found value in a variable in the outer scope
- Use errors.Is() for proper error comparison
- Add linter exclusions for acceptable code duplication

This makes the code more maintainable and follows Go best practices.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* fix: prevent path traversal attacks in tar extraction (Zip Slip) [IDE-1226]

Added validation to ensure extracted files remain within the destination
directory. This prevents malicious tar archives from writing files outside
the intended directory through path traversal sequences like '../'.

Security fix addresses potential vulnerability where attackers could:
- Overwrite system files
- Access sensitive data outside the extraction directory
- Compromise the host system

The fix validates that all resolved target paths start with the
destination directory before any file operations.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* chore: add .cursorrules for project-specific AI guidelines [IDE-1226]

Added repository-specific rules and guidelines for AI assistants to ensure:
- Consistent code patterns and conventions
- Proper security scanning with Snyk
- Correct commit message formatting
- Adherence to project-specific requirements

* refactor: remove unused cache parameter from generateMatrix [IDE-1226]

The cache parameter was passed to generateMatrix but never used within
the function. Removed it from the function signature and all call sites
to improve code clarity.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* refactor: remove redundant Tag field from Release struct [IDE-1226]

The Tag field was assigned the same value as Version and never used.
Removed it from:
- Release struct definition
- Assignment at line 116 (previously 117)
- Test data structures

This improves code maintainability by eliminating redundancy.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* refactor: use defer for file closing in tar extraction [IDE-1226]

Replaced manual file closing with defer f.Close() for more idiomatic
and robust file handling. This ensures the file is closed on all
execution paths and reduces the chance of resource leaks if the
function is modified in the future.

Co-authored-by: Code Reviewer <reviewer@snyk.io>

* fix(compatibility-matrix): close files immediately in tar extraction loop

Previously, using defer f.Close() inside the loop would accumulate all
deferred calls until the function returned, potentially exhausting file
descriptors for archives with many files. Now files are closed explicitly
after each iteration, properly handling both copy and close errors.

[IDE-1226]

* feat(compatibility-matrix): rename column to 'Latest Compatible CLI Version'

Updated the third column name from 'Minimum CLI Version' to 'Latest Compatible
CLI Version' throughout the codebase to better reflect that the CLI version
shown is the latest compatible version for each IDE plugin version.

Updated:
- Matrix generator output format
- Documentation and README
- Test expectations
- GitHub Action description
- Implementation plan

[IDE-1226]

* fix(compatibility-matrix): add IntelliJ requiredLsProtocolVersion pattern

Added support for extracting 'val requiredLsProtocolVersion = xxx' pattern
from IntelliJ plugin source code. This fixes the protocol version extraction
for IntelliJ releases.

[IDE-1226]

* chore(compatibility-matrix): remove unused nolint directives

Removed unused nolint:dupl directives that were flagged by the linter. These
directives were no longer necessary.

[IDE-1226]

* docs: updated licenses

* fix(test): resolve race condition in Test_loginCommand_StartsAuthentication

The test was accessing notifications[0] without verifying the slice had elements,
causing an index out of range panic. Fixed by:
- Waiting specifically for the hasAuthenticated notification in Eventually
- Adding require.NotEmpty check before accessing the first element
- This ensures we only proceed when the expected notification is available

[IDE-1226]

* feat(compatibility-matrix): display Eclipse semantic version with release tag

Eclipse plugin versions now show as 'Eclipse v3.3.0 (v20250717.103834)' where:
- The semantic version (3.3.0) is extracted from MANIFEST.MF Bundle-Version
- The GitHub release tag is shown in parentheses
- The .identifier suffix is automatically omitted from Bundle-Version

This provides clearer version information for Eclipse plugins while maintaining
the original release tag for reference.

[IDE-1226]

* feat(compatibility-matrix): display CLI version ranges instead of single version

Enhanced the compatibility matrix generator to show the range of compatible CLI
versions for each IDE plugin version. The tool now:

- Clones and analyzes the Snyk CLI repository to extract protocol versions
- Maps each CLI release to its protocol version via go.mod analysis
- Displays all compatible CLI versions as a range (e.g., v1.1298.0 - v1.1298.1)
- Renamed the column from 'Latest Compatible CLI Version' to 'Compatible CLIs'

This provides more comprehensive compatibility information by showing all CLI
versions that work with each IDE plugin version, not just the latest one.

[IDE-1226]

* docs: updated licenses

* chore: remove implementation plan from repository

Implementation plans should not be committed to the repository as per
project rules. Moving to local-only reference.

[IDE-1226]

* fix: remove generated matrix and revert hashicorp go.mod changes

- Removed the generated compatibility-matrix.md file (should not be committed)
- Reverted changes to licenses/github.com/hashicorp/hcl/go.mod (per project rules)

[IDE-1226]

* chore: change schedule to weekly and remove update date

- Changed GitHub Actions schedule from daily to weekly (Sundays at 2 AM UTC)
- Removed 'Last updated' date from generated matrix to avoid unnecessary PR reviews
- Updated PR description to reflect weekly schedule

[IDE-1226]

* chore: change schedule back to daily

Since the workflow checks for content changes before creating a PR,
running daily won't create unnecessary PRs. The workflow will only
create a PR when there are actual changes to the compatibility matrix.

[IDE-1226]

---------

Co-authored-by: Code Reviewer <reviewer@snyk.io>
Co-authored-by: bastiandoetsch <bastiandoetsch@users.noreply.github.com>
Assets 2
Loading