1010yaml = ruamel .yaml .YAML (typ = "safe" )
1111
1212
13- def uses_go_fips (melange_cfg : dict [str , Any ]) -> bool :
14- """Check if package uses go-fips."""
15- # Check environment packages
13+ def check_go_fips_compliance (melange_cfg : dict [str , Any ]) -> tuple [bool , list [str ]]:
14+ """
15+ Check if all go-fips usages have corresponding tests.
16+ Returns (is_compliant, list_of_missing_tests).
17+ """
18+ issues = []
19+
20+ # Check if main package uses go-fips
21+ main_uses_fips = False
22+ main_has_test = False
23+
24+ # Check environment packages for any go-fips variant
1625 env_packages = melange_cfg .get ("environment" , {}).get ("contents" , {}).get ("packages" , [])
17- if "go-fips" in env_packages :
18- return True
26+ for pkg in env_packages :
27+ if pkg .startswith ("go-fips" ):
28+ main_uses_fips = True
29+ break
1930
20- # Check pipeline steps for go/build with go-package: go-fips
31+ # Check main pipeline steps for go/build with go-package: go-fips*
2132 pipelines = melange_cfg .get ("pipeline" , [])
2233 for step in pipelines :
2334 if step .get ("uses" ) == "go/build" :
24- if step .get ("with" , {}).get ("go-package" ) == "go-fips" :
25- return True
26-
27- # Check subpackage pipelines
28- for subpkg in melange_cfg .get ("subpackages" , []):
29- subpkg_pipelines = subpkg .get ("pipeline" , [])
30- for step in subpkg_pipelines :
31- if step .get ("uses" ) == "go/build" :
32- if step .get ("with" , {}).get ("go-package" ) == "go-fips" :
33- return True
35+ go_package = step .get ("with" , {}).get ("go-package" , "" )
36+ if go_package .startswith ("go-fips" ):
37+ main_uses_fips = True
38+ break
3439
35- return False
36-
37-
38- def has_go_fips_test (melange_cfg : dict [str , Any ]) -> bool :
39- """Check if package has go-fips test."""
40+ # Check main test section
4041 test_section = melange_cfg .get ("test" , {})
4142 test_pipelines = test_section .get ("pipeline" , [])
42-
4343 for step in test_pipelines :
4444 if step .get ("uses" ) == "test/go-fips-check" :
45- return True
45+ main_has_test = True
46+ break
47+
48+ if main_uses_fips and not main_has_test :
49+ issues .append ("main package uses go-fips but lacks test/go-fips-check" )
4650
47- return False
51+ # Check each subpackage
52+ for i , subpkg in enumerate (melange_cfg .get ("subpackages" , [])):
53+ subpkg_uses_fips = False
54+ subpkg_has_test = False
55+ subpkg_name = subpkg .get ("name" , f"subpackage-{ i } )
56+
57+ # Check subpackage pipelines for go-fips usage
58+ subpkg_pipelines = subpkg .get ("pipeline" , [])
59+ for step in subpkg_pipelines :
60+ if step .get ("uses" ) == "go/build" :
61+ go_package = step .get ("with" , {}).get ("go-package" , "" )
62+ if go_package .startswith ("go-fips" ):
63+ subpkg_uses_fips = True
64+ break
65+
66+ # Check subpackage test sections
67+ subpkg_test_section = subpkg .get ("test" , {})
68+ subpkg_test_pipelines = subpkg_test_section .get ("pipeline" , [])
69+ for step in subpkg_test_pipelines :
70+ if step .get ("uses" ) == "test/go-fips-check" :
71+ subpkg_has_test = True
72+ break
73+
74+ if subpkg_uses_fips and not subpkg_has_test :
75+ issues .append (f"subpackage '{ subpkg_name } )
76+
77+ return len (issues ) == 0 , issues
4878
4979
5080def main (argv : Sequence [str ] | None = None ) -> int :
@@ -68,13 +98,11 @@ def main(argv: Sequence[str] | None = None) -> int:
6898 if not melange_cfg :
6999 continue
70100
71- if uses_go_fips (melange_cfg ):
72- if not has_go_fips_test (melange_cfg ):
73- print (
74- f"{ filename }
75- "a corresponding go-fips test (add '- uses: test/go-fips-check' to test pipeline)"
76- )
77- retval = 1
101+ is_compliant , issues = check_go_fips_compliance (melange_cfg )
102+ if not is_compliant :
103+ for issue in issues :
104+ print (f"{ filename } { issue } )
105+ retval = 1
78106
79107 return retval
80108
0 commit comments