Replace "check" command with a full linter (#105)

This deprecates (and hides) the `check` command in favor of a new `lint`
command that outputs more information about violations including
filenames and specific line numbers.

Closes #103

---------

Signed-off-by: Seth Vargo <seth@sethvargo.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: sethvargo

README.md

@@ -167,13 +167,13 @@ ratchet upgrade -out workflow-compiled.yml workflow.yml
 > [!NOTE]
 > Performs an `update` if the constraint ref is for a branch.
 
-#### Check
+#### Lint
 
-The `check` command checks if all versions are pinned, exiting with a non-zero
-error code when entries are not pinned:
+The `lint` command reports if all versions are pinned, printing any violations,
+and exiting with a non-zero error code when entries are not pinned:
 
 ```shell
-ratchet check workflow.yml
+ratchet lint workflow.yml
 ```
 
 ## Examples

command/check.go

@@ -15,6 +15,8 @@ const checkCommandDesc = `Check if all versions are pinned`
 const checkCommandHelp = `
 Usage: ratchet check [FILE...]
 
+DEPRECATED: Use the "lint" command instead.
+
 The "check" command checks if all versions are pinned to an absolute version,
 ignoring any versions with the "ratchet:exclude" comment.
 
@@ -33,6 +35,8 @@ type CheckCommand struct {
 	flagParser string
 }
 
+func (c *CheckCommand) Hidden() {}
+
 func (c *CheckCommand) Desc() string {
 	return checkCommandDesc
 }
@@ -50,6 +54,8 @@ func (c *CheckCommand) Flags() *flag.FlagSet {
 }
 
 func (c *CheckCommand) Run(ctx context.Context, originalArgs []string) error {
+	fmt.Fprintf(os.Stderr, "⚠️ DEPRECATED: Use the \"lint\" command instead.\n\n")
+
 	args, err := parseFlags(c.Flags(), originalArgs)
 	if err != nil {
 		return fmt.Errorf("failed to parse flags: %w", err)

command/cmd/gen/main.go

@@ -47,7 +47,7 @@ func realMain() error {
 
 func folderRoot() string {
 	_, filename, _, _ := runtime.Caller(0)
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		filename = path.Dir(filename)
 	}
 	return filename

command/command.go

@@ -24,6 +24,7 @@ import (
 // Commands is the main list of all commands.
 var Commands = map[string]Command{
 	"check":   &CheckCommand{},
+	"lint":    &LintCommand{},
 	"pin":     &PinCommand{},
 	"unpin":   &UnpinCommand{},
 	"update":  &UpdateCommand{},

command/command_gen.go

@@ -0,0 +1,96 @@
+package command
+
+import (
+	"context"
+	"errors"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/sethvargo/ratchet/formatter"
+	"github.com/sethvargo/ratchet/parser"
+)
+
+const lintCommandDesc = `Lint and report unpinned versions`
+
+const lintCommandHelp = `
+Usage: ratchet lint [FILE...]
+
+The "lint" command reports any unpinned versions, ignoring any versions with
+the "ratchet:exclude" comment.
+
+If any versions are unpinned, it returns a non-zero exit code. This command does
+not communicate with upstream APIs or services.
+
+EXAMPLES
+
+  ratchet lint ./path/to/file.yaml
+
+FLAGS
+
+`
+
+type LintCommand struct {
+	flagFormat string
+	flagParser string
+}
+
+func (c *LintCommand) Desc() string {
+	return lintCommandDesc
+}
+
+func (c *LintCommand) Flags() *flag.FlagSet {
+	f := flag.NewFlagSet("", flag.ExitOnError)
+	f.Usage = func() {
+		fmt.Fprintf(os.Stderr, "%s\n\n", strings.TrimSpace(lintCommandHelp))
+		f.PrintDefaults()
+	}
+
+	format := "human"
+	if v := os.Getenv("GITHUB_ACTIONS"); v != "" {
+		format = "actions"
+	}
+
+	f.StringVar(&c.flagFormat, "format", format, "linter output format")
+	f.StringVar(&c.flagParser, "parser", "actions", "parser to use")
+
+	return f
+}
+
+func (c *LintCommand) Run(ctx context.Context, originalArgs []string) error {
+	args, err := parseFlags(c.Flags(), originalArgs)
+	if err != nil {
+		return fmt.Errorf("failed to parse flags: %w", err)
+	}
+
+	par, err := parser.For(ctx, c.flagParser)
+	if err != nil {
+		return err
+	}
+
+	loadResult, err := loadYAMLFiles(os.DirFS("."), args)
+	if err != nil {
+		return err
+	}
+
+	violations, err := parser.Lint(ctx, par, loadResult.nodes())
+	if err != nil {
+		return fmt.Errorf("failed to run linter: %w", err)
+	}
+
+	fmter, err := formatter.For(ctx, c.flagFormat)
+	if err != nil {
+		return err
+	}
+
+	if err := fmter.Format(os.Stdout, violations); err != nil {
+		return err
+	}
+
+	if l := len(violations); l > 0 {
+		return errors.New("") // empty error to force a non-zero exit code
+	}
+
+	return nil
+}

command/lint.go

@@ -0,0 +1,167 @@
+package formatter
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"maps"
+	"slices"
+	"strings"
+	"sync"
+
+	"github.com/sethvargo/ratchet/linter"
+)
+
+type Violation = linter.Violation
+
+type Formatter interface {
+	Format(io.Writer, []*Violation) error
+}
+
+var formatterFactory = map[string]Formatter{
+	"actions": FormatterFunc(formatActions),
+	"human":   FormatterFunc(formatHuman),
+	"json":    FormatterFunc(formatJSON),
+	"lsp":     FormatterFunc(formatLSP),
+	"null":    FormatterFunc(formatNull),
+}
+
+var formatters = sync.OnceValue(func() []string {
+	return slices.Sorted(maps.Keys(formatterFactory))
+})
+
+// For returns the parser that corresponds to the given name.
+func For(ctx context.Context, name string) (Formatter, error) {
+	typ := strings.ToLower(strings.TrimSpace(name))
+	if v, ok := formatterFactory[typ]; ok {
+		return v, nil
+	}
+	return nil, fmt.Errorf("unknown formatter %q, valid formatters are %q",
+		typ, List())
+}
+
+// List returns the list of parsers.
+func List() []string {
+	return formatters()
+}
+
+// FormatterFunc is a function that implements the [Formatter] interface.
+type FormatterFunc func(io.Writer, []*Violation) error
+
+// Format implements the [Formatter] interface.
+func (f FormatterFunc) Format(w io.Writer, v []*Violation) error {
+	return f(w, v)
+}
+
+// formatActions formats in GitHub Actions error output, which will also be
+// annotated in the UI.
+func formatActions(w io.Writer, violations []*Violation) error {
+	var merr error
+	for _, v := range violations {
+		message := fmt.Sprintf("The reference `%s` is unpinned. Either pin the reference to a SHA or mark the line with `ratchet:exclude`.", v.Contents)
+		if _, err := fmt.Fprintf(w, "::error file=%s,line=%d,col=%d,title=Ratchet - Unpinned Reference::%s\n",
+			v.Filename, v.Line, v.Column,
+			message); err != nil {
+			merr = errors.Join(merr, err)
+		}
+	}
+	return merr
+}
+
+// formatHuman reports a human-friendly output format.
+//
+//	<path>:<line>:<column>: <message>
+//
+// For example:
+//
+//	.github/workflows/test.yml:37:8: Unpinned reference "actions/checkout@v4"
+func formatHuman(w io.Writer, violations []*Violation) error {
+	var merr error
+
+	for _, v := range violations {
+		if _, err := fmt.Fprintf(w, "%s:%d:%d: Unpinned reference %q\n",
+			v.Filename, v.Line, v.Column, v.Contents); err != nil {
+			merr = errors.Join(merr, err)
+		}
+	}
+
+	if len(violations) > 0 {
+		if _, err := fmt.Fprintf(w, "\n❌ found %d violation(s)\n",
+			len(violations)); err != nil {
+			merr = errors.Join(merr, err)
+		}
+	}
+
+	return merr
+}
+
+// formatNull produces no output.
+func formatNull(w io.Writer, violations []*Violation) error {
+	return nil
+}
+
+// formatJSON formats in JSON output.
+func formatJSON(w io.Writer, violations []*Violation) error {
+	type InternalJSON struct {
+		Filename string `json:"filename,omitempty"`
+		Contents string `json:"contents,omitempty"`
+		Line     int    `json:"line,omitempty"`
+		Column   int    `json:"column,omitempty"`
+	}
+
+	list := make([]*InternalJSON, 0, len(violations))
+	for _, v := range violations {
+		list = append(list, &InternalJSON{
+			Filename: v.Filename,
+			Contents: v.Contents,
+			Line:     v.Line,
+			Column:   v.Column,
+		})
+	}
+
+	return json.NewEncoder(w).Encode(list)
+}
+
+// formatLSP formats a JSON response that is compatible with the Language Server
+// Protocol. This is useful for surfacing findings in an IDE that uses an LSP.
+func formatLSP(w io.Writer, violations []*Violation) error {
+	type Position struct {
+		Line      int `json:"line,omitempty"`
+		Character int `json:"character,omitempty"`
+	}
+
+	type Range struct {
+		Start *Position `json:"start,omitempty"`
+		End   *Position `json:"end,omitempty"`
+	}
+
+	type InternalJSON struct {
+		Message  string `json:"message,omitempty"`
+		Code     string `json:"code,omitempty"`
+		Severity string `json:"severity,omitempty"`
+		Range    *Range `json:"range,omitempty"`
+	}
+
+	list := make([]*InternalJSON, 0, len(violations))
+	for _, v := range violations {
+		list = append(list, &InternalJSON{
+			Message:  "Reference is unpinned",
+			Code:     "unpinned",
+			Severity: "Error",
+			Range: &Range{
+				Start: &Position{
+					Line:      v.Line,
+					Character: v.Column,
+				},
+				End: &Position{
+					Line:      v.Line,
+					Character: v.Column + len(v.Contents),
+				},
+			},
+		})
+	}
+
+	return json.NewEncoder(w).Encode(list)
+}

formatter/formatter.go

@@ -5,17 +5,17 @@ go 1.23.0
 toolchain go1.23.5
 
 require (
-	github.com/braydonk/yaml v0.7.0
-	github.com/google/go-cmp v0.6.0
+	github.com/braydonk/yaml v0.9.0
+	github.com/google/go-cmp v0.7.0
 	github.com/google/go-containerregistry v0.20.3
-	github.com/google/go-github/v58 v58.0.0
-	golang.org/x/oauth2 v0.25.0
-	golang.org/x/sync v0.10.0
+	github.com/google/go-github/v70 v70.0.0
+	golang.org/x/oauth2 v0.28.0
+	golang.org/x/sync v0.12.0
 )
 
 require (
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
-	github.com/docker/cli v27.5.1+incompatible // indirect
+	github.com/docker/cli v27.5.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -25,6 +25,6 @@ require (
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/vbatts/tar-split v0.11.7 // indirect
+	github.com/vbatts/tar-split v0.11.6 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 )