a13f95d
a13f95d1105d487ae0918a203207ef4f98f45201a3db03d
1ed6599| Status | File | + | - |
|---|---|---|---|
| M |
Makefile
|
4 | 1 |
| A |
scripts/lint-markdown-boundary.sh
|
42 | 0 |
Makefilemodified@@ -70,12 +70,15 @@ assets: ## Copy Primer CSS into internal/web/static/ for embedding. | |||
| 70 | echo "warn: .refs/primer-css/dist not found; run 'git clone https://github.com/primer/css .refs/primer-css' first"; \ | 70 | echo "warn: .refs/primer-css/dist not found; run 'git clone https://github.com/primer/css .refs/primer-css' first"; \ |
| 71 | fi | 71 | fi |
| 72 | 72 | ||
| 73 | -ci: lint lint-policy test build ## Full CI pipeline (matches .github/workflows/ci.yml). | 73 | +ci: lint lint-policy lint-markdown test build ## Full CI pipeline (matches .github/workflows/ci.yml). |
| 74 | @echo "ci: ok" | 74 | @echo "ci: ok" |
| 75 | 75 | ||
| 76 | lint-policy: ## Enforce policy-package boundary (no inline auth checks in handlers/git/cmd). | 76 | lint-policy: ## Enforce policy-package boundary (no inline auth checks in handlers/git/cmd). |
| 77 | @scripts/lint-policy-boundary.sh | 77 | @scripts/lint-policy-boundary.sh |
| 78 | 78 | ||
| 79 | +lint-markdown: ## Enforce markdown-package boundary (no goldmark/bluemonday outside internal/markdown). | ||
| 80 | + @scripts/lint-markdown-boundary.sh | ||
| 81 | + | ||
| 79 | install-tools: ## Install development tools via 'go install'. | 82 | install-tools: ## Install development tools via 'go install'. |
| 80 | go install mvdan.cc/gofumpt@latest | 83 | go install mvdan.cc/gofumpt@latest |
| 81 | go install golang.org/x/tools/cmd/goimports@latest | 84 | go install golang.org/x/tools/cmd/goimports@latest |
scripts/lint-markdown-boundary.shadded@@ -0,0 +1,42 @@ | |||
| 1 | +#!/usr/bin/env bash | ||
| 2 | +# SPDX-License-Identifier: AGPL-3.0-or-later | ||
| 3 | +# | ||
| 4 | +# Fail when goldmark or bluemonday is imported outside the canonical | ||
| 5 | +# internal/markdown/ package. After S25, every markdown render must | ||
| 6 | +# flow through markdown.Render() so the sanitizer policy and pipeline | ||
| 7 | +# version stay coherent. | ||
| 8 | +# | ||
| 9 | +# Allowed locations: | ||
| 10 | +# internal/markdown/... — owns Goldmark + bluemonday | ||
| 11 | +# *_test.go everywhere — tests may exercise rendering directly | ||
| 12 | +# | ||
| 13 | +# Anything else triggers the alarm. The fix is to swap the import to | ||
| 14 | +# `github.com/tenseleyFlow/shithub/internal/markdown` and call | ||
| 15 | +# `markdown.RenderHTML` (back-compat) or `markdown.Render` (new). | ||
| 16 | +# | ||
| 17 | +# Exits 0 when no violations are found, 1 otherwise. Run from `make ci`. | ||
| 18 | + | ||
| 19 | +set -euo pipefail | ||
| 20 | + | ||
| 21 | +cd "$(git rev-parse --show-toplevel)" | ||
| 22 | + | ||
| 23 | +# Build a regex of forbidden imports. Matches both the bare import | ||
| 24 | +# path and any aliased form. | ||
| 25 | +FORBIDDEN='github\.com/(yuin/goldmark|microcosm-cc/bluemonday)' | ||
| 26 | + | ||
| 27 | +# git grep is faster than find+grep; --null lets us safely handle | ||
| 28 | +# unusual paths (we don't have any, but cheap insurance). | ||
| 29 | +violations=$(git grep -lE "\"$FORBIDDEN" -- '*.go' 2>/dev/null \ | ||
| 30 | + | grep -v -e '_test\.go$' \ | ||
| 31 | + | grep -v -e '^internal/markdown/' \ | ||
| 32 | + || true) | ||
| 33 | + | ||
| 34 | +if [[ -n "$violations" ]]; then | ||
| 35 | + echo "lint-markdown-boundary: forbidden goldmark/bluemonday import outside internal/markdown/:" >&2 | ||
| 36 | + echo "$violations" | sed 's/^/ /' >&2 | ||
| 37 | + echo "" >&2 | ||
| 38 | + echo "Fix: import 'github.com/tenseleyFlow/shithub/internal/markdown' and call markdown.Render or markdown.RenderHTML." >&2 | ||
| 39 | + exit 1 | ||
| 40 | +fi | ||
| 41 | + | ||
| 42 | +echo "lint-markdown-boundary: ok" | ||