Skip to content

feat: Add extension mechanism for third-party tools in .project format #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Aaravanand00 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Add extension mechanism for third-party tools in .project format #131

Aaravanand00 wants to merge 2 commits into from

Conversation

@Aaravanand00
Copy link

@Aaravanand00 Aaravanand00 commented Dec 29, 2025

Implements extension mechanism for third-party tools in .project format, resolving #125.

Changes

New Types (types.go)

  • Extension struct for tool-specific configuration
  • ExtensionMetadata struct for author, homepage, repository, license, version

Validation (validator.go)

  • Schema version check (requires >= 1.1.0 for extensions)
  • Reserved name protection (core fields like name, description, etc. cannot be used as extension keys)
  • Extension name format validation (alphanumeric, hyphens, underscores, dots)
  • Metadata URL validation

Tests (extensions_test.go)

  • Valid extension validation
  • Schema version requirement tests
  • Reserved name protection tests
  • Invalid name format tests
  • Metadata URL validation tests
  • Backward compatibility tests

Documentation (README.md)

  • Added extensions section with usage examples

Example Usage

schema_version: "1.1.0"
extensions:
  scorecard:
    metadata:
      author: "OSSF"
      homepage: "https://securityscorecards.dev"
    config:
      checks:
        - Binary-Artifacts
      threshold: 7.0

@Aaravanand00 Aaravanand00 force-pushed the feat/extension-mechanism-v2 branch from 247f71b to e1d9481 Compare December 29, 2025 17:56
@jeefy
Copy link
Member

jeefy commented Jan 13, 2026

@mlieberman85 Is this close to what you were thinking?

@jeefy jeefy requested a review from Copilot January 13, 2026 15:51
Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements an extension mechanism that allows third-party tools to store configuration within .project files without conflicts. It introduces the Extension and ExtensionMetadata types, validation logic to enforce schema version requirements (>= 1.1.0) and naming conventions, and comprehensive tests for the new functionality.

Changes:

  • Added Extension and ExtensionMetadata structs to support tool-specific configurations
  • Implemented validation for extensions including schema version checks, reserved name protection, name format validation, and metadata URL validation
  • Added comprehensive test coverage for extension validation scenarios and backward compatibility

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
utilities/dot-project/types.go Defines new Extension and ExtensionMetadata types with schema version constant
utilities/dot-project/validator.go Implements validation functions for extensions with reserved name checking and URL validation
utilities/dot-project/extensions_test.go Provides comprehensive test coverage for extension validation logic
utilities/dot-project/yaml/test-project.yaml Updates schema version and adds example extension configuration
utilities/dot-project/README.md Documents the extensions feature with usage examples and naming rules

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mlieberman85
Copy link

mlieberman85 commented Jan 13, 2026

@mlieberman85 Is this close to what you were thinking?

I think so. I'm out of the country but should be back on Thursday. I'll try and make a demo of the sorts of things, but I think this PR probably hits most of them.

@jeefy jeefy mentioned this pull request Jan 13, 2026
Open
@Aaravanand00
feat: Add extension mechanism for third-party tools in .project format
c15cefd 
Signed-off-by: Aaravanand00 <aaravanand5749@gmail.com>
@Aaravanand00
fix: address Copilot feedback on semantic version comparison
eff3e03 
- Replace string comparison with proper numeric comparison for semantic versions
- Fix edge case where '1.10.0' was incorrectly considered less than '1.2.0'
- Add comprehensive test cases including multi-digit version components
- Add proper error handling for invalid version formats

Addresses GitHub Copilot suggestions in PR review.

Signed-off-by: Aaravanand00 <aaravanand5749@gmail.com>
@Aaravanand00 Aaravanand00 force-pushed the feat/extension-mechanism-v2 branch from cb702b8 to eff3e03 Compare January 20, 2026 06:01
@Aaravanand00
Copy link
Author

Aaravanand00 commented Jan 20, 2026

Hi @jeefy and @mlieberman85 sir

Copilot Feedback Addressed

Fixed both issues:

  1. Semantic version comparison - Replaced string comparison with proper numeric parsing
  2. Test coverage - Added edge cases for multi-digit versions (1.10.0 vs 1.2.0)

Also added DCO signatures for compliance. All tests passing

Ready for your review - let me know if any other changes needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Aaravanand00 @jeefy @mlieberman85