Releases: StyraInc/regal
v0.29.2
This patch release fixes an issue where the new defer-assignment rule would sometimes report a false positive when the variable was used inside of a with
clause on the next line.
Thanks @nevumx for reporting the issue!
Changelog
- 7e74d12: [create-pull-request] automated change (#1261) (@github-actions[bot])
- 20a5cfa: Fix false positive in defer-assignment and
with
(#1262) (@anderseknert)
v0.29.1
This patch release fixes an issue where custom (i.e. user-created) aggregate rules1. wouldn't work as expected when the condition for a violation was the absence of aggregated data. This could for example be a rule that says "at least one rule must be named allow, and it must have a default assignment to false
".
Upgrading from v0.29.0 is not required unless you're writing custom Regal rules.
Many thanks to @shibataka000 for reporting the issue, and in such an exemplary way ⭐
Changelog
- 0c6e8ed: build(deps): bump github/codeql-action from 3.27.2 to 3.27.3 (#1258) (@dependabot[bot])
- 743a65b: Fix custom rules that report on the absence of aggregates (#1260) (@anderseknert)
-
scroll below the table of rules for an explanation of what aggregate rules are ↩
v0.29.0
This is a big release, spanning more than a month of development! Regal v0.29.0 brings new linter rules, performance improvements and new features to both the linter and the language server.
New rules
defer-assignment
Category: performance
The new defer-assignment
rule helps detect when assignment can be moved to later in the rule body, possibly avoiding it at all if the conditions below don’t evaluate.
allow if {
# this assignment can be deferred to after the roles check
resp := http.send({"method": "get", "url": "http:localhost"})
"rego hacker" in input.user.roles
resp.status_code == 200
}
This can improve performance by having less to evaluate, and it makes policies easier to read. Double win!
For more information, see the docs on defer-assignment.
walk-no-path
Category: performance
When using the walk
built-in function on large data structures, traversing only the values without building a path to each node can save a considerable amout of time. The new walk-no-path
rule will detect when the assigned path is unused and can be replaced by a wildcard variable, which tells OPA to skip the construction of the path. This dramatically improves the performance of the function.
found if {
# path assigned but never referenced in the rule
walk(haystack, [path, value])
value == "needle"
}
# should be replaced by
found if {
walk(haystack, [_, value])
value == "needle"
}
For more information, see the docs on walk-no-path.
rule-assigns-default
Category: bugs
Assigning a rule the same value as the default
value set for the rule is always a bug, and while hopefully not too common, now reported by Regal.
default threshold := 1
threshold := 0 if {
# some conditions
}
# this is already the default condition!
# and having this removed will have no impact on how
# the rule evaluates.. don't do this!
threshold := 1 if {
# some conditions
}
For more information, see the docs on rule-assigns-default.
Language Server
Evaluation Code Lens for Neovim
We were exicted to learn the Code Lens for Evaluation (“click to evaluate”) feature we built now works not only in VS Code but also in Neovim. This thanks to work by regular contributor @rinx. Thank you! The language server docs have now been updated to reflect this.
Improved Enterprise OPA integration
Setting the capabilities engine to eopa
will now have the language sever recognize Enterprise OPA-specific built-in functions, and provide both auto-completions for those as well as informative tooltips on hover. Clicking links in the tooltip now correctly brings you to the Styra docs for the Enterprise OPA built-in functions.
Notable Improvements
- The leaked-internal-reference rule is now ignored in tests by default. See the docs for this rule if you wish to enable this.
- The prefer-snake-case rule now also reports violations in package names.
- The same prepared query is now used both for linting and to collect data for aggregate rules, saving about 150 milliseconds for any given
regal lint
run. - Regal’s own capabilities and provided configuration is now available when running the evaluation code lens, simplifying development of custom rules.
- The pretty reporting format will now print the severity level of a violation when no color support is detected in the terminal (reported by @geirs73)
- The
--instrument
flag fromopa eval
is now supported also byregal lint
, providing detailed information about where most time is spent while linting.
Notable Fixes
- Using
input.json
for the evaluation code lens now works reliably on Windows. As does ourcing a capabilities.json file from the filesystem. Thanks to @geirs73 for reporting these issues! - Global ignore directives from
.regal/config.yaml
would sometimes be parsed differently depending on read byregal lint
or the language server. This has now been fixed. - Fix false positive in inconsistent-args rule when an arity mismatch should rather be handled by the compiler. Thanks @tsandall for reporting that!
- Fix a false positive in use-contains rule when not importing rego.v1. This turned out to be an issue originating in OPA, so we fixed it there, and later included in Regal by upgrading the dependency to the latest OPA version v0.70.0. Thanks @drewcorlin1 for reporting the issue!
Changelog
- 0af7c91: Scorecard updates (#1182) (@charlieegan3)
- 24f0fd7: Use defer to unlock mutex (#1186) (@anderseknert)
- da12bd0: build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#1185) (@dependabot[bot])
- a238a85: build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#1184) (@dependabot[bot])
- 03564f8: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#1183) (@dependabot[bot])
- afce347: lsp: Update rego-by-examples index (#1181) (@github-actions[bot])
- e3fa956: linter: use a buffered error channel (#1187) (@charlieegan3)
- 1dbfc7e: lsp: enable levelled logging (#1188) (@charlieegan3)
- c5cee41: build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#1190) (@dependabot[bot])
- 6663839: build(deps): bump actions/cache from 4.1.0 to 4.1.1 (#1189) (@dependabot[bot])
- 3b7530a: Add UNIwise company to adopters.md (#1191) (@Graloth)
- 95f4abf: lsp: Update rego-by-examples index (#1193) (@github-actions[bot])
- 0cf7506: build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#1194) (@dependabot[bot])
- 78e2bba: workflow: use different branch (and also PR) for caps updates (@srenatus)
- 649d5b9: [create-pull-request] automated change (@srenatus)
- b58f999: lsp: Update rego-by-examples index (@charlieegan3)
- 672bb15: docs: write about evaluation code lens support in neovim (#1198) (@rinx)
- e46ef92: build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#1199) (@dependabot[bot])
- df4d44e: docs: Fix typos in config examples (#1201) (@anderseknert)
- 8504347: io: Address path input.json separator issue (#1203) (@charlieegan3)
- d04be3d: Make
prefer-snake-case
check package name (#1206) (@anderseknert) - 5bc9d1d: Handle
file://
URLs in exclusion policy (#1207) (@anderseknert) - d39da24: Improve error messages for incorrect capabilities version (#1208) (@anderseknert)
- 173a992: config: Generate C:-style capabilities paths (#1209) (@charlieegan3)
- 63b90e1: Use filepath.WalkDir instead of filepath.Walk (#1210) (@anderseknert)
- 234e36b: lint/rpt: Handle no-color ttys (#1213) (@charlieegan3)
- 877372b: Rule:
defer-assignment
(#1215) (@anderseknert) - 0355ad7: build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 (#1216) (@dependabot[bot])
- 6b7e00b: lsp/eval: Load capabilities and config into eval (#1217) (@charlieegan3)
- 0ce82ae: Rule:
walk-no-path
(#1219) (@anderseknert) - b45c14b: lsp/eval: Remove missed print statement (#1220) (@charlieegan3)
- b9a2531: build(deps): bump actions/cache from 4.1.1 to 4.1.2 (#1222) (@dependabot[bot])
- 7ff216b: build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#1221) (@dependabot[bot])
- 9fcc5ee: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#1223) (@dependabot[bot])
- 2337dc8: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#1224) (@dependabot[bot])
- 6e9264d: [create-pull-request] automated change (#1225) (@github-actions[bot])
- 96e4804: rule: Disable leaked_internal_reference for test files (#1228) (@charlieegan3)
- 3c48af2: build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#1229) (@dependabot[bot])
- aeec96b: lsp: Fix inconsistent processing of ignores (#1227) (@charlieegan3)
- e07a5d7: lsp: format root directory files (#1232) (@charlieegan3)
- 3b9d897: Remove leaked-internal-reference comments (#1231) (@charlieegan3)
- b13c9c5: [create-pull-request] automated change (@srenatus)
- 1499393...
v0.28.0
New Rule: missing-metadata #1131
The new missing-metadata
rule helps ensure policies are documented by requiring METADATA
comments on public packages and rules. Metadata comments are used to explain functionality and annotate Rego constructs with other data.
Note: missing-metadata
is a custom rule and so is not enabled by default for all users.
fixer: Automated fixing of directory-package-mismatch
This release brings improvements to regal fix
, the command to automatically fix supported violations (#1120, #1127).
Fixes for the directory-package-mismatch violations involve moving files based on their packages. For example a file with package foo.bar
in policies/policy.rego
would need to be moved to foo/policy.rego
. In previous versions of Regal, when multiple files in a large code base with the same filename needed to be moved to the same package directory, Regal would output a confusing error message.
Regal v0.28.0 outputs a clear error message by default and adds a new --on-conflict=rename
modifying flag to allow conflicting files to automatically be renamed when this scenario is encountered.
Linter Improvements
- Support for linting Rego syntax passed to Regal via Standard Input (stdin).
- An important yet under-the-hood improvement to use a new data format for AST node locations. This makes violation locations more specific and brings a 5% linting speed improvement too.
Language Server Performance Improvements
- An update to the implementation of the server to reduce the number of expensive ‘full workspace’ linting jobs. By caching the aggregate rule data and updating it incrementally, full workspace jobs can now be completed in less than a third of the time previously taken.
- Making CodeLenses configurable makes supporting other clients easier. Thanks @rinx for the work in #1176 and for all the work you do to make Regal and Neovim play nice.
- Update to the server templating to better handle projects without a Regal config file. Files in the workspace root will no longer be templated either, but will still violate directory-package-mismatch.
- Makes an improvement to ensure the loading of the Regal rules happens once, saving around 30ms on every keypress-trigger, file diagnostic update event.
Dependency Updates
Github Actions Updates
- golangci/golangci-lint-action 6.1.0 -> 6.1.1 #1163
- peter-evans/create-pull-request 7.0.3 -> 7.0.5 #1114
- github/codeql-action 3.26.7 -> 3.26.11 #1117, #1137, #1157, #1174
- actions/checkout 4.1.7 -> 4.2.0 #1142
- codecov/codecov-action 4.5.0 -> 4.6.0 #1162, #1164
- actions/cache 4.0.2 -> 4.1.0 #1179
Changelog
- 63ec93d: docs: correct line endings for GIF files (#1114) (@charlieegan3)
- 980f726: build(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#1116) (@dependabot[bot])
- 54c8c9d: build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#1117) (@dependabot[bot])
- 95a1bf3: tests: Minor test wait improvement (#1121) (@charlieegan3)
- 838c6fa: Allow
regal lint -
to lint from stdin (#1122) (@anderseknert) - a23bb63: fixer: Address rename conflicts with explanation (#1120) (@charlieegan3)
- 23cb827: fixer: add --on-conflict flag to support renaming (#1127) (@charlieegan3)
- d41bea9: debug: registering custom built-ins (#1128) (@johanfylling)
- 4aa2fef: tests: Address incorrect built-in function check (#1129) (@charlieegan3)
- f6f2f6d: Rule:
missing-metadata
(#1131) (@anderseknert) - ab3b3b8: tests: Remove global builtins state (#1134) (@charlieegan3)
- b424eb6: Use betteralign for struct alignment (#1132) (@anderseknert)
- 464a7bc: Completions: don't suggest loop vars as locals on same line (#1135) (@anderseknert)
- 6ecb36c: bundle: Load bundle once (#1136) (@charlieegan3)
- 7cd8744: build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#1137) (@dependabot[bot])
- a201715: linter: support single file aggregate data collection and parameterised aggregate data in Lint() (#1139) (@charlieegan3)
- 2730887: Bump roast to v0.3.0 and live free from
annotations
on module (#1140) (@anderseknert) - 64cba9e: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#1142) (@dependabot[bot])
- efd4420: Fix
detached-metadata
issues (#1143) (@anderseknert) - 75db465: Link to source code in rule docs (#1144) (@anderseknert)
- e205cd9: Go code cleanup (#1148) (@anderseknert)
- 3cba1c6: fix: fix var name for commit hash (#1150) (@rinx)
- 4a97b56: Adapt to new location format (#1153) (@anderseknert)
- 036a6b6: Bump OPA to v0.69.0 (#1152) (@anderseknert)
- 06db4bb: internal/lsp/hover: "fix" codeql finding (#1156) (@srenatus)
- bfc0f9e: internal/capabilities: update eopa caps (@srenatus)
- 1161ede: CONTRIBUTING: update script name (@srenatus)
- 81edb95: workflow: add update-caps (#1158) (@srenatus)
- f7acfda: build(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#1157) (@dependabot[bot])
- a55d2f4: Fix some minor issues reported by IntelliJ (#1159) (@anderseknert)
- 2f94fc7: Fix nits (#1161) (@srenatus)
- f208f46: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#1166) (@dependabot[bot])
- 94fea76: build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#1162) (@dependabot[bot])
- 7b5cd08: Exclude
print
from "function return value in args" check (#1165) (@anderseknert) - 8ca0197: Custom rule authoring improvements (#1168) (@anderseknert)
- 85b7be7: Bump roast to v0.4.2 to solve data race (#1170) (@anderseknert)
- 67162e6: lsp: Update LSP linting to run incrementally after file change (#1146) (@charlieegan3)
- f70b892: build(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#1174) (@dependabot[bot])
- fc88817: Correct example index rego path (#1177) (@charlieegan3)
- b751858: lsp/templating: gracefully handle unknown root (#1171) (@charlieegan3)
- 69fb6ca: Use test logger for client handler (#1178) (@charlieegan3)
- ed287dc: build(deps): bump actions/cache from 4.0.2 to 4.1.0 (#1179) (@dependabot[bot])
- 9503967: feat(lsp): add initialization options about codelenses (#1176) (@rinx)
v0.27.0
Debug Adapter Protocol Support
Back in #926 (v0.26.0), support was added for the Debug Adapter Protocol (DAP), based on the new OPA SDK added in #6876 (documentation). This release improves on this making it ready for consumption in clients. Namely, the addition of a new Debug Code Lens in #1103 and a bug fix for ast.ref_to_string
which brings the Regal implementation inline with OPA’s (#1106).
Please see our documentation here to get started.
Neovim DAP Support
Thanks to community member @rinx, DAP support is also available in the Neovim editor. This is based on nvim-dap, and @rinx’s own project nvim-dap-rego. This is an awesome contribution which represents an important improvement for Neovim users of Regal. Thank you Rintaro Okamura for all your work here, it is appreciated.
New Rule: comprehension-term-assignment
This rule flags cases where an intermediate assignment is used within a comprehension body when the value can be directly used as the comprehension term. It enforces the removal of redundant assignments, encouraging more concise and readable code.
# avoid
names := [name |
some user in input.users
name := user.name
]
# prefer
names := [user.name | some user in input.users]
Compiler Stage Source Explorer
A new Source Action has been added to allow users of compatible clients to explore the compiler stages of the Rego code they’re working on.
By integrating opa-explorer with Regal, it’s now possible to launch a web server to view the explorer output. Users will see a "Source Action" in the context menu of Rego files, which opens the explorer for that file. This feature is currently limited to VS Code due to available commands. Currently, only a single file is loaded into the explorer for compilation.
Source Action shown in VS Code
Browser showing the given file's compiler explorer
Test Flake Fixes
This release contains a number of fixes for flakey tests that have been disrupting the contributor experience. If you experience flakes and re-run checks on a PR, please leave a comment to let us know so we can look into it. #1112, #1102, #1101
Changelog
- b567b5d: Rule:
comprehension-term-assignment
(#1098) (@anderseknert) - da50d28: Add source action to explore compiler stages (#1096) (@anderseknert)
- a672964: lsp: Make length check of inlay hints fatal (#1101) (@charlieegan3)
- b4e5a8e: lsp: Update contents before diagnosticRequestFile (#1100) (@charlieegan3)
- d754094: Address races in test cases (#1102) (@charlieegan3)
- 822e42c: Add
Debug
Code Lens (#1103) (@anderseknert) - df31dda: More stringent ast.ref_to_string (#1106) (@anderseknert)
- ce26bbc: fix:
sprintf-arguments-mismatch
false positive when var used as format (#1107) (@anderseknert) - 67dc988: build(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 (#1108) (@dependabot[bot])
- 7bf7685: docs/editor: write about nvim-dap (#1109) (@rinx)
- 03f14ff: build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#1110) (@dependabot[bot])
- ba11c48: build(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 (#1111) (@dependabot[bot])
- 06734bb: lsp: Address test concurrency issues (#1112) (@charlieegan3)
- f1606de: docs: Add docs for DAP support (#1113) (@charlieegan3)
v0.26.2
This releases contains a bug fixes for an issue introduced in v0.26.0 as well as a number of other minor improvements.
Notable Bug fixes:
- #1087 fixes an issue in the marshalling of ASTs using RoAST
- #1056 Makes a change to no longer suggest built in functions for default rules
- #1065 fixes an issue where git was required even when fixing in dry run mode
- #1069 fixes an edge case in
use-some-for-output-vars
- #1078, #1080, #1083, #1085 fix issues relating to file rename updates from the client
- #1093 addresses an issue where the fix command produced the incorrect result due to relative paths
- #1081 ensures that
.manifest
files are correctly detected as 'roots' when fixing
New features:
- #1059 updates the language server to suggest boolean values at relevant times
- #1088 adds a new feature for rule authors to use the files from their project as input for evaluation
Changelog
- b1afdf6: build(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 (#1057) (@dependabot[bot])
- 9c6a0c9: completion: Don't show builtins on default rules (#1056) (@charlieegan3)
- dd9ee43: Increase test coverage (#1058) (@anderseknert)
- 410d775: lsp/completions: add boolean provider (#1059) (@charlieegan3)
- 337862e: tests: Fatal error when no inlay hints are found (#1060) (@charlieegan3)
- 1ef7511: cmd/fix: Only require git when dry-run unset (#1065) (@charlieegan3)
- 8778ec2: fix: Have
use-some-for-output-vars
find comprehension body vars (#1069) (@anderseknert) - d579c9c: build: introduce regal_standalone build flag, use for lint's "fix" hint (#1070) (@srenatus)
- 2690748: 100% test coverage (#1074) (@anderseknert)
- 2e07303: Remove
ast.all_refs
(#1076) (@anderseknert) - 332f6dd: Ensure custom rules docs are up to date (#1079) (@anderseknert)
- 28bac91: lsp: Address empty module issues on rename (#1078) (@charlieegan3)
- 6badb5d: lsp: Always send empty diagnostics when deleted (#1080) (@charlieegan3)
- 146895c: lsp: Correct Path to URI encoding (#1083) (@charlieegan3)
- 71e17a3: e2e: Sort output from fix hint (#1084) (@charlieegan3)
- a562087: Fix issue where .manifest files didn't register as roots (#1081) (@anderseknert)
- 786b89e: Bump roast to v0.2.0 to ensure annotations encodes correctly (#1087) (@anderseknert)
- 3bbfd1e: Add
regal eval:use-as-input
directive (#1088) (@anderseknert) - 0c1ef19: lsp: Rename on template (#1085) (@charlieegan3)
- 52f3377: lsp: Fix Eval issue caused by missing comments (#1091) (@charlieegan3)
- 6f9b32f: cmd/fix: Address relative path root matching (#1093) (@charlieegan3)
v0.26.1
This releases contains a bug fix for an issue introduced in v0.26.0. The bug was caused by a change the required data to complete a formatting Rego 'fix'.
Changelog
- 1cfdee9: Fix LSP formatting that broke in v0.26.0 (#1055) (@anderseknert)
v0.26.0
v0.26.0 brings 2 new linter rules to Regal, a debugger API backend, and noticeably faster linting.
Regal v0.26.0 is likely the first consumer of the new debugger API that landed in OPA v0.68.0 just last week — and in turn uses this to expose a first ever Debug Adapter Protocol (DAP) backend for Rego! Next release of the OPA VS Code extension will leverage Regal to provide developers a first-class debugging experience for Rego. Stay tuned!
Thanks to @johanfylling for tirelessly working to make this happen — in both OPA, Regal, and the OPA VS Code extension.
Rules
New rule: directory-package-mismatch
Category: idiomatic
The directory-package-mismatch
rule is a first of its kind in Regal, as it reports issues in project structure rather than in code. This rule codifies an old best practice in Rego projects: the package
name (path) should be mirrored in the directory structure a policy resides in. Put simply, a policy declaring package rbac.user.roles
should be placed in a rbac/user/roles
directory.
The directory-package-mismatch
rule not only helps enforce this convention, but provides both CLI (regal fix
) and editor support for fixing these issues automatically.
Note: When used on an existing project, this rule will likely result in a lot of violations being reported. While regal fix
can remediate that in a matter of seconds (by moving policy files according to their package paths), make sure to commit or stash any existing changes before running it, and then review the result. Read the docs for details!
For more information, see the docs on directory-package-mismatch.
New Rule: sprintf-arguments-mismatch
Category: bugs
The new sprintf-arguments-mismatch
rule checks that the formatting directives (%s
, %d
, etc) in a sprintf
call match the supplied number arguments.
Wrong
msg := sprintf("number of issues (%d) must not be higher than %d", [count(issues)])
Correct
msg := sprintf("number of issues (%d) must not be higher than %d", [count(issues), 10])
For more information, see the docs on sprintf-arguments-mismatch.
Debug Adapter Protocol Backend
This release add support in Regal for the Debug Adapter Protocol. Similar to the language server protocol, this new functionality will support users of compatible clients to step-by-step debug their Rego projects in an interactive manner. Client implementation in the VS Code OPA extension soon to follow!
Language Server: auto-completion based on input.json
Both the OPA VS Code extension, and Regal supports placing an input.json
file in the workspace and automatically have it used as input for evaluation. If found, Regal will now additionally use this to provide completion suggestions on input
based on the fields found in that file. If you haven't made it a habit yet to keep an input.json
file in your workspace, now is a good time to start!
New RoAST library for custom AST serialization
Regal now uses a new, custom and optimized AST format to improve the performance of Regal. The new library is integrated into Regal in this release and represents around a 50% reduction in AST JSON size, and a 25% performance improvement in linting over the previous implementation.
For more information, see the docs in the roast project repo.
Special thanks to our contributors from the community!
Changelog
- ee341d9: cosmetic: fix a few typos (reprise) (#994) (@msorens)
- c70b0bd: build(deps): bump dario.cat/mergo from 1.0.0 to 1.0.1 (#996) (@dependabot[bot])
- 29a7bb5: lsp: Update rego-by-examples index (#998) (@github-actions[bot])
- 4bbeb59: build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#999) (@dependabot[bot])
- f28ac7d: Use new Roast library for custom AST serialization (#1001) (@anderseknert)
- 1fecb4c: Add
input.json
completion provider (#1005) (@anderseknert) - 1ca1c0f: build(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#1004) (@dependabot[bot])
- c9e4a7e: Rule:
sprintf-arguments-mismatch
(#1011) (@anderseknert) - 0f971ff: build(deps): bump github/codeql-action from 3.26.4 to 3.26.5 (#1012) (@dependabot[bot])
- 2c75c96: Remove some code made redundant by roast (#1013) (@anderseknert)
- 11320cd: Pin OPA version in Actions to v0.67.1 (#1019) (@anderseknert)
- 683f8de: lint: Advertise regal fix command (#1016) (@charlieegan3)
- a9d4e2f: Bug hunt (#1020) (@anderseknert)
- a92a31f: fix: respect ref head rules in
rule-name-repeats-package
(#1022) (@anderseknert) - 9ee83e8: Rule:
directory-package-mismatch
(#1024) (@anderseknert) - afa1ee2: build(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#1026) (@dependabot[bot])
- ebdc067: Allow tests to be in 'test' package (#1027) (@anderseknert)
- b1551ee: lsp: Clean workspace root from eval errors (#1028) (@charlieegan3)
- 9cd3b05: Add EOPA as an engine option (#1000) (@charlesdaniels)
- 147a731: Fix build issue + version in README (#1030) (@anderseknert)
- 6fac539: OPA v0.68.0 (#1031) (@anderseknert)
- 29d16c6: Remove code to workaround bug fixed in OPA v0.68.0 (#1032) (@anderseknert)
- 1a58b8c: Add DAP implementation for debugging OPA (#926) (@johanfylling)
- a525c98: Some schema fixes (#1033) (@anderseknert)
- 15ddb34: Fix missing locals completions (#1034) (@anderseknert)
- 7929744: docs/editors: add helix config (#1037) (@srenatus)
- dc5ab30: docs: Point LS feature links to docs site (#1038) (@charlieegan3)
- 743975a: build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#1039) (@dependabot[bot])
- 8e890ae: Allow fixing directory structure not matching package paths (#1035) (@anderseknert)
- cc4ba21: Add support for
--dry-run
and dirty git workspace abort (#1042) (@charlieegan3) - 7da45a4: build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 (#1041) (@dependabot[bot])
- ccb66fc: Codecov experiment (#1045) (@anderseknert)
- fe9e0d9: build: check yaml and json formatting with dprint (#1047) (@charlieegan3)
- 02d9538: Docs: Document fixing issues, project roots, and new features (#1043) (@anderseknert)
- fef46d7: fix: Update root detection (#1049) (@charlieegan3)
- 66a3a76: lsp: Clear old directories when renaming (#1050) (@charlieegan3)
- 7a4811b: Fix
directory-package-mismatch
issue when lint called with "." (#1053) (@anderseknert) - ced7c70: fix: Require use of --force to fix without git (#1052) (@charlieegan3)
- bf6e879: lsp: Template new empty files & template on format (#1051) (@charlieegan3)
v0.25.0
This release brings 2 new rules to the Regal linter as well as a number of improvements to the Regal Language Server.
Rules
New rule unused-output-variable
Category: bugs
In this example, if x
is unused later in the rule, it is considered an unused output variable.
package policy
allow if {
some x
role := input.user.roles[x]
# do something with "role", but not "x"
}
Unused output variables should be replaced by wildcards (_
), as it makes it clear that the variable isn't going to be used.
For more information, see the docs on unused-output-variable.
New rule use-strings-count
Category: idiomatic
strings.count
is a new OPA built-in function and should be used in place of counting indexes (count(indexof_n("foobarbaz", "a"))
) as was common before.
Not only is strings.count
more readable, but it also performs better.
For more information, see the docs on use-strings-count.
Other Rule Updates
The argument-always-wildcard
rule will now ignore mock_
prefixed functions by default, as wildcard arguments are commonly used in mocked functions.
Linter
- The JUnit XML output format is now a supported by
regal lint
. This can be used by e.g. GitLab CI/CD jobs to have linter violations printed in the code view in GitLab merge requests. Thanks @sebhoss for the work on this one! - Regal's version of OPA has been updated to v0.67.0, you'll need to be using this version to use the remediation for the
use-strings-count
rule. - The
--var-values
flag fromopa test
(added to OPA in v0.66.0) is now supported by theregal test
command. This allows custom policy authors to see the the variable values in scope of a failed test.
Regal Language Server
Code Lens Support
Regal now provides a Code Lens for direct evaluation of packages or rules within the editor, providing immediate feedback. In supported editors, you can now evaluate a package or rule by pressing "Evaluate" above its declaration, with the results displayed in-line.
code.lens.eval.mov
Input data provided via input.json
, and data.json
/data.yaml
files from bundle directories in the workspace are also available at evaluation time.
Improved Formatter
The language server can now be configured to use regal fix
as a formatter when saving buffers. In VS Code, setting opa.formatter
to regal-fix
will enable this feature.
Other editors can use this by setting the initializationOptions.formatter
.
New Contributors
Thanks @rinx for their work on creating the Regal Nix package! (and updating our docs) and @sebhoss for the JUnit output format.
Changelog
- 6a0a9b5: docs: add nixpkgs/regal to the adopters list (#920) (@rinx)
- 3abd5c0: Rule: unused-output-variable (#922) (@anderseknert)
- d3a77ce: Ensure
unused-output-variable
actually is output variable (#925) (@anderseknert) - 8382e1c: Add
except-function-name-pattern
option toargument-always-wildcard
(#924) (@anderseknert) - 886ef2e: Add
--var-values
flag toregal test
command (#930) (@anderseknert) - 69a9923: Fix false positive in
messy-rule
when ref head rules are used (#927) (@anderseknert) - 3d4e14a: build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#932) (@dependabot[bot])
- 2a29cd2: Add JUnit output format (#929) (@sebhoss)
- c0348af: lsp: Address bug in multi file test case (#933) (@charlieegan3)
- 7565b81: docs: Update notes on neovim and packaging (#934) (@charlieegan3)
- 4a4f705: build(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#938) (@dependabot[bot])
- 5b2055b: reporter: Trim long lines of location text (#937) (@charlieegan3)
- 6c92606: Bump OPA version to v0.67.0 (#941) (@anderseknert)
- 68b2c5d: build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#946) (@dependabot[bot])
- 99fb078: build(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#945) (@dependabot[bot])
- f2b1029: Include function args in
ast.vars
(andprefer-snake-case
rule) (#947) (@anderseknert) - 7bc7868: Extend
redundant-existence-check
to fail redundant ref checks (#949) (@anderseknert) - 8a8b8ad: Rule:
prefer-strings-count
(#948) (@anderseknert) - 29f74d9: lsp: Add Neovim as known client identifier (#951) (@charlieegan3)
- af89fef: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#952) (@dependabot[bot])
- d070132: lsp: Skip textDocument/completion for ignored files (#953) (@charlieegan3)
- 565f509: lsp: Poll workspace state to detect state changes (#954) (@charlieegan3)
- 4f86595: lsp: Notify when a fix fails (#955) (@charlieegan3)
- 27afe15: lsp/format,cmd/fix: Apply rego.v1 formatting by default (#958) (@charlieegan3)
- b3a79c0: build(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#961) (@dependabot[bot])
- 7bd66d9: Allow using
regal fix
as a formatter (#960) (@anderseknert) - dfe21e6: lsp: Auto update examples index (#956) (@charlieegan3)
- ba7c196: fix: Remove foo dir (#962) (@charlieegan3)
- 8414b8b: lsp: Update example index with PRs not commits (#963) (@charlieegan3)
- e000dd0: lsp: Update example index PR title (#966) (@charlieegan3)
- 3f3ad8e: perf: Walk less (#965) (@anderseknert)
- 95d1eb1: lsp: Update rego-by-examples index (#967) (@github-actions[bot])
- a318e6c: lsp: Add code lens support for evaluating rules (#968) (@anderseknert)
- 01b64a4: build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#970) (@dependabot[bot])
- 6614f5e: build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#971) (@dependabot[bot])
- 086cb25: docs: Fix spelling mistakes (#969) (@charlieegan3)
- 63e7155: LSP: Provide output.json option for non-VS Code clients (#972) (@anderseknert)
- ff67859: Fix code lens issue with ref head rules (#973) (@anderseknert)
- f6e2e14: lsp: No error when missing keywords for hover (#974) (@charlieegan3)
- 4ba405e: lsp: Generate correct rule name when during Eval (#975) (@charlieegan3)
- f2ac449: lsp: include
print
output in eval response (#978) (@anderseknert) - 3236efd: Add end location to
metasyntactic-variable
violations (#977) (@anderseknert) - e886f35: Add end location to
line-length
violation (#981) (@anderseknert) - 4ebdd7e: Add end location to
non-raw-regex-pattern
violations (#980) (@anderseknert) - 04b8a75: lsp/perf: don't traverse .git or .idea dirs (#984) (@anderseknert)
- fc0dc04: Document the Code Lens Evaluation feature (#983) (@anderseknert)
- c5aa188: lsp: Workspace eval, return rule head locations (#985) (@charlieegan3)
- 789fccf: build(deps): bump github/codeql-action from 3.26.0 to 3.26.1 (#986) (@dependabot[bot])
- acbdb88: lsp: Implement bundle use in workspace Eval (#987) (@charlieegan3)
- e4fcb0f: build(deps): bump github/codeql-action from 3.26.1 to 3.26.2 (#988) (@dependabot[bot])
- 1e14d08: Update capabilities.json to include
strings.count
(#990) (@anderseknert)
v0.24.0
This release brings 4 new rules to Regal's linter as well as a number of improvements to the language server.
Rules
New Rule if-object-literal
This rule helps users avoid an error case where an object follows an if
. Typically this represents an incomplete rule.
allow if {}
Read the docs on if-object-literal
.
New Rule pointless-reassignment
Variables in Rego are immutable, so adding a new variable for an existing short variable only adds noise. Read the docs on pointless-reassignment
.
New Rule argument-always-wildcard
Sometimes, particularly after refactoring, a function argument is always a wildcard (_
):
my_func(name, _)
my_func("Alice", _)
This rule catches such cases as they typically offer an opportunity for further refactoring or an error where the argument should be used in one or more cases. Read the docs on argument-always-wildcard
.
New Rule annotation-without-metadata
Rules containing METADATA
annotation syntax without a METADATA
header will not be parsed and represents a likely mistake.
# description: allow allows
allow if {
# ... some conditions
}
Read the docs on annotation-without-metadata
.
New Rule var-shadows-builtin
Variables that share the name of a built-in group or function should be renamed to avoid confusion.
# variable `http` shadows `http.send` built-in function
allow if {
http := startswith(input.url, "http://")
# ...
}
Read the docs on var-shadows-builtin
.
Regal Language Server
Snippet Completions
We have extended the support for completions to add snippets for some
and every
. Both key:value and collection formats are supported.
Screen.Recording.2024-07-16.at.17.31.42.mov
Example Links on Keyword and Built-in Hover
We've been building out a new documentation section called 'Rego By Example'. We have detailed guides here for some of the common keywords and built-in functions. Users can now browse directly to these from their editors by hovering over supported keywords and functions.
Screen.Recording.2024-07-16.at.17.34.05.mov
Supported:
- Keywords
some
andevery
- Function Groups
io.jwt
,regex
,time
, andcontains
- (more coming soon!)
Suggestions for Variables in Local Scope
We've got lots of completions providers now, this new one suggestions previously defined local variables like this:
Project Housekeeping
Start-up Version Check
With much work going into keeping a regular stream of updates, we felt it was important to help users stay up-to-date. In this release we have laid the groundwork for this by having Regal consult the latest releases on GitHub at startup and reporting if the current version is now outdated.
Please see Remote Features for more information and for instructions on how to disable this.
Use OSSF Scorecard
The OpenSSF Scorecard evaluates open source projects against security best practices to identify potential risks and areas for improvement. In this release we have added a workflow to scan the project on a schedule.
New Contributors
Thanks @maruloop for your first contribution to the project in #865 - and for working on this reviewdog integration for our project.
Changelog
- 96246a3: Skip nil check (#819) (@charlieegan3)
- b6588dc: Cache rq binary (#820) (@charlieegan3)
- 90b2bcc: Check Regal version at start-up (#824) (@charlieegan3)
- 53dbce6: Don't call completion providers inside of comments (#831) (@anderseknert)
- 3af7d06: Don't suggest
if
orcontains
following import (#834) (@anderseknert) - e3e12a9: Fix markdown content rendering for Zed editor (#829) (@anderseknert)
- 34fc452: Rule:
if-object-literal
(#835) (@anderseknert) - 5901874: Better support rule head keyword completions (#836) (@charlieegan3)
- b24bde4: lsp: perform no operation when processing events for ignored files (#837) (@charlieegan3)
- fb0250c: Completion suggestions for variables in local scope (#840) (@anderseknert)
- d8dda73: build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#842) (@dependabot[bot])
- 8dd71c8: Add support for ignored files in ls formatting (#845) (@charlieegan3)
- 1edfd88: Completion of locals in more places (#847) (@anderseknert)
- 1191c41: Better
default
suggestions (#848) (@anderseknert) - 7bf1c93: [lsp] Implement rulerefs in rego (#849) (@charlieegan3)
- e9a2ab6: Add more to docs on
prefer-some-in-iteration
(#851) (@anderseknert) - 0536573: Port Import provider to Rego (#853) (@charlieegan3)
- d3dad61: Fix
top-level-iteration
false positive with ref head vars (#854) (@anderseknert) - 39e57db: Clear the store when reloading config (#855) (@charlieegan3)
- 82fd171: More Rego completion providers (#858) (@anderseknert)
- 72f63aa: Precompute refs in file at update (#859) (@charlieegan3)
- 5cb412d: Drop print statement (#860) (@charlieegan3)
- f082b73: Improve performance of rulerefs (#861) (@charlieegan3)
- 0175ee4: Add new blog to README (#862) (@anderseknert)
- ec060ef: Add reviewdog/action-regal to the adopters file (#865) (@maruloop)
- 3b5b83e: docs: update adopters and roadmap (#866) (@anderseknert)
- 2fa61d7: Completions: package name suggested from any path component (#869) (@anderseknert)
- 6cebb1c: Add snippets provider (#870) (@anderseknert)
- 5a61015: Add snippet suggestion for metadata annotation (#871) (@anderseknert)
- 0dad5f0: OPA v0.66.0 (#873) (@anderseknert)
- 300eef2: perf: refactor to avoid excessive
walk
ing (#877) (@anderseknert) - ce8b8ff: Rule:
pointless-reassignment
(#878) (@anderseknert) - 23c3bf5: Docs: add separate page for language server features (#880) (@anderseknert)
- 67de577: Use OSSF scorecard (#884) (@anderseknert)
- 6b6ffc4: [StepSecurity] ci: Harden GitHub Actions (#885) (@step-security-bot)
- a4c96a4: Fix token permissions (#886) (@anderseknert)
- 8110bc5: Rule:
argument-always-wildcard
(#883) (@anderseknert) - 6153d57: Rule:
annotation-without-metadata
(#882) (@anderseknert) - 0ed98f9: build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#890) (@dependabot[bot])
- b412ac9: build(deps): bump actions/checkout from 4.1.1 to 4.1.7 (#892) (@dependabot[bot])
- 1e597c8: build(deps): bump github/codeql-action from 3.24.9 to 3.25.11 (#889) (@dependabot[bot])
- 7773c3c: build(deps): bump actions/upload-artifact from 3.pre.node20 to 4.3.3 (#891) (@dependabot[bot])
- b7c7385: Rule:
var-shadows-builtin
(#893) (@anderseknert) - 4ec7018: Fix negative number returned by rulerefs provider issue (#894) (@anderseknert)
- d000d21: Remove used refs completion provider (#896) (@anderseknert)
- bb790c5: Completions:
rulerefs
optimizations (#898) (@anderseknert) - 812ab2b: Fix bug causing
prefer-some-in-iteration
not to be reported (#902) (@anderseknert) - a18e386: Fix some
prefer-snake-case
violations not getting reported (#900) (@anderseknert) - 35d6703: build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#903) (@dependabot[bot])
- 288d9c3: rule: Fix pointless issue when using with (#907) (@charlieegan3)
- bcfc9b7: Dependabot/go modules/github.com/owenrumney/go sarif/v2 2.3.3 (#909) (@charlieegan3)
- a6e97af: docs: Update language server docs (#910) (@charlieegan3)
- 1efd82c: ls...