Skip to content

Examples.md

Latest commit

 

History

History
189 lines (150 loc) · 4 KB

Examples.md

File metadata and controls

189 lines (150 loc) · 4 KB

Examples

Node.js Monorepo

A monorepo with services/ and packages/ directories, each containing Node.js projects.

[vars]
node_version = "18"

# Every service must have a package.json
["services/*"."package.json"]
check = "file_exists"

["packages/*"."package.json"]
check = "file_exists"

# No .env files committed
["services/*".no-env-files]
check = "file_not_exists"
expect = ".env"

# All tsconfigs must extend the shared base
["services/*"."tsconfig.json"]
name = "svc-tsconfig-extends-base"
check = "file_contains"
pattern = "extends"

["packages/*"."tsconfig.json"]
name = "pkg-tsconfig-extends-base"
check = "file_contains"
pattern = "extends"

# Every service must declare an engines field
["services/*".must-have-engines]
check = "field_exists"
expect = "package.json"
format = "json"
field = "engines"

# The engines.node field must reference the standard version
["services/*".correct-node-version]
check = "field_contains"
expect = "package.json"
format = "json"
field = "engines.node"
pattern = "var:node_version"

# Packages should not be marked private
["packages/*".packages-not-private]
check = "field_not_exists"
expect = "package.json"
format = "json"
field = "private"

Enforcing .node-version Consistency

Use a file: reference to ensure every project's engines.node matches the repo-level .node-version file.

["services/*".node-version-matches-file]
check = "field_contains"
expect = "package.json"
format = "json"
field = "engines.node"
pattern = "file:.node-version"

Kubernetes / YAML Config Enforcement

# Every service must declare resource limits
["services/*".k8s-has-resource-limits]
check = "field_exists"
expect = "deployment.yaml"
format = "yaml"
field = "spec.resources.limits"

# Must target the correct namespace
["services/*".correct-namespace]
check = "field_contains"
expect = "deployment.yaml"
format = "yaml"
field = "metadata.namespace"
pattern = "production"

Rust / TOML Workspace

[vars]
rust_edition = "2021"

# Every crate must declare an edition
["crates/*".must-have-edition]
check = "field_exists"
expect = "Cargo.toml"
format = "toml"
field = "package.edition"

# Edition must match the workspace standard
["crates/*".correct-edition]
check = "field_contains"
expect = "Cargo.toml"
format = "toml"
field = "package.edition"
pattern = "var:rust_edition"

CI-driven Version Enforcement

Use env: to pull expected values from the CI environment or from [vars] that delegate to environment variables:

[vars]
node_version = "env:EXPECTED_NODE_VERSION"

["services/*".correct-node-version]
check = "field_contains"
expect = "package.json"
format = "json"
field = "engines.node"
pattern = "var:node_version"

Or reference the environment variable directly in a pattern:

["services/*".correct-node-version]
check = "field_contains"
expect = "package.json"
format = "json"
field = "engines.node"
pattern = "env:EXPECTED_NODE_VERSION"

Conditional Rules with Modes

Use when to gate rules on environment or mode variables:

[vars]
ci = "env:CI"
mode = "env:ALIGN_MODE"

# Always runs
["services/*"."package.json"]
check = "file_exists"

# Only in CI
["services/*".strict-engines]
check = "field_exists"
expect = "package.json"
format = "json"
field = "engines"
when = "ci"

# Only in production mode
["services/*".prod-dockerfile]
check = "file_exists"
expect = "Dockerfile"
when = "mode=production"

Run with different modes:

ALIGN_MODE=production align    # runs all rules including prod-dockerfile
align                          # skips ci and production rules
CI=true align                  # runs ci rules, skips production rules

Multi-tier Service Architecture

For a monorepo with nested app directories:

# Every deployable app needs a Dockerfile
["platform/*"."apps/*"."Dockerfile"]
name = "must-have-dockerfile"
check = "file_exists"

# No debug logging in production services
["platform/*"."apps/*"."src/index.ts"]
name = "no-debug-logging"
check = "file_not_contains"
pattern = "console.log"