fix: sort configs on load

RULES.md

@@ -24,7 +24,7 @@ Analyzes: <kbd><a href="https://docs.docker.com/engine/reference/builder/#env">E
 
 ## D5:secret-aws-access-key
 
-> _Secrets should not be stored directly in the Dockerfile. You should remove and rotate any secrets used here._
+> _Secrets shouldn&#39;t be hard-coded. You should remove and rotate any secrets._
 
 This rule matches against the pattern `\bAK[A-Z0-9]{18}\b`
 
@@ -33,7 +33,7 @@ Analyzes: <kbd><a href="https://docs.docker.com/engine/reference/builder/#env">E
 
 ## D5:secret-aws-secret-access-key
 
-> _Secrets should not be stored directly in the Dockerfile. You should remove and rotate any secrets used here._
+> _Secrets shouldn&#39;t be hard-coded. You should remove and rotate any secrets._
 
 This rule matches against the pattern `\b[A-Za-z0-9/+=]{40}\b`
 

config.go

@@ -3,9 +3,11 @@ package docked
 import (
 	"io/ioutil"
 	"os"
+	"sort"
 
 	"github.com/jimschubert/docked/model"
 	"github.com/jimschubert/docked/model/validations"
+	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"
 )
 
@@ -44,17 +46,40 @@ type Config struct {
 	CustomRules []validations.SimpleRegexRule `yaml:"custom_rules,omitempty"`
 }
 
-// Load a Config from path
+// Load a Config from path with sorted members (by ID for rule overrides, by Name for custom rules)
 func (c *Config) Load(path string) error {
 	b, err := ioutil.ReadFile(path)
-
 	if os.IsNotExist(err) {
+		log.Warnf("Config file does not exist! Attempted: %s", path)
 		return nil
 	}
 
 	if err != nil {
 		return err
 	}
 
-	return yaml.Unmarshal(b, c)
+	if err = yaml.Unmarshal(b, c); err != nil {
+		return err
+	}
+
+	// Sorting each slice in config. Necessary because yaml v3 doesn't always return top-down parsing order.
+	if len(c.Ignore) > 0 {
+		sort.Strings(c.Ignore)
+	}
+
+	if c.RuleOverrides != nil {
+		overrides := *c.RuleOverrides
+		sort.Slice(overrides, func(i, j int) bool {
+			return overrides[i].ID < overrides[j].ID
+		})
+		c.RuleOverrides = &overrides
+	}
+
+	if len(c.CustomRules) > 0 {
+		sort.Slice(c.CustomRules, func(i, j int) bool {
+			return c.CustomRules[i].Name < c.CustomRules[j].Name
+		})
+	}
+
+	return nil
 }

config_test.go

@@ -7,12 +7,11 @@ import (
 	"github.com/jimschubert/docked/model/docker/commands"
 	"github.com/jimschubert/docked/model/validations"
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/yaml.v3"
 )
 
-func TestConfig_Deserialize(t *testing.T) {
+func TestConfig_Load(t *testing.T) {
 	type args struct {
-		b []byte
+		path string
 	}
 	tests := []struct {
 		name    string
@@ -22,13 +21,13 @@ func TestConfig_Deserialize(t *testing.T) {
 	}{
 		{
 			name:    "contains ignore only",
-			args:    args{helperTestData(t, "config/ignore_only.yml")},
+			args:    args{"testdata/config/ignore_only.yml"},
 			want:    Config{Ignore: []string{"D5:secret-aws-access-key"}},
 			wantErr: false,
 		},
 		{
 			name: "contains rule overrides only (as array of objects)",
-			args: args{helperTestData(t, "config/rules_only.yml")},
+			args: args{"testdata/config/rules_only.yml"},
 			want: Config{RuleOverrides: &RuleOverrides{
 				{"D5:secret-aws-access-key", model.LowPriority.Ptr()},
 				{"D5:secret-aws-secret-access-key", model.CriticalPriority.Ptr()},
@@ -37,7 +36,7 @@ func TestConfig_Deserialize(t *testing.T) {
 		},
 		{
 			name: "contains rule overrides only (as map)",
-			args: args{helperTestData(t, "config/rules_kvp.yml")},
+			args: args{"testdata/config/rules_kvp.yml"},
 			want: Config{RuleOverrides: &RuleOverrides{
 				{"D5:secret-aws-access-key", model.LowPriority.Ptr()},
 				{"D5:secret-aws-secret-access-key", model.CriticalPriority.Ptr()},
@@ -46,7 +45,7 @@ func TestConfig_Deserialize(t *testing.T) {
 		},
 		{
 			name: "contains ignores and rule overrides",
-			args: args{helperTestData(t, "config/ignores_and_rules.yml")},
+			args: args{"testdata/config/ignores_and_rules.yml"},
 			want: Config{
 				Ignore: []string{"D5:secret-aws-access-key", "D5:secret-aws-secret-access-key"},
 				RuleOverrides: &RuleOverrides{
@@ -58,7 +57,7 @@ func TestConfig_Deserialize(t *testing.T) {
 		},
 		{
 			name: "contains ignores and rule overrides",
-			args: args{helperTestData(t, "config/full_with_custom_rules.yml")},
+			args: args{"testdata/config/full_with_custom_rules.yml"},
 			want: Config{
 				Ignore: []string{"D5:secret-aws-access-key", "D5:secret-aws-secret-access-key"},
 				RuleOverrides: &RuleOverrides{
@@ -84,12 +83,11 @@ func TestConfig_Deserialize(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			c := Config{}
-			err := yaml.Unmarshal(tt.args.b, &c)
+			err := c.Load(tt.args.path)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("yaml.Unmarshal to Config{} error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			// TODO: Sort these configs to avoid random test failures on the map test (seems to come from yaml.Node)
 			assert.Equal(t, tt.want, c, "yaml.Unmarshal to  got = %v, want %v", c, tt.want)
 		})
 	}

model/rules/no_secrets.go

@@ -7,7 +7,7 @@ import (
 )
 
 const (
-	genericNoSecretsSummary = "Secrets should not be stored directly in the Dockerfile. You should remove and rotate any secrets used here."
+	genericNoSecretsSummary = "Secrets shouldn't be hard-coded. You should remove and rotate any secrets."
 )
 
 func noAwsAccessKey() validations.Rule {