This is a set of plugins for Statick that will discover tooling related files and perform static analysis on those files.
Custom exceptions can be applied the same way they are with Statick exceptions.
This set of plugins was merged into the main [Statick] repository and Python package. All future development will happen in that repository.
The recommended method to install these Statick plugins is via pip:
pip install statick-toolingYou can also clone the repository and use it locally.
Make sure you install all the dependencies from apt/npm. See https://github.com/nodesource/distributions for Node/npm installation instructions.
Configure npm to allow a non-root user to install packages.
npm config set prefix '~/.local/'Make sure ~/.local/bin exists.
Check your PATH with echo $PATH.
If ~/.local/bin is not listed then add it to your PATH.
mkdir -p ~/.local/bin
echo 'export PATH="$HOME/.local/bin/:$PATH"' >> ~/.bashrcInstall npm packages.
npm install -g dockerfilelint
npm install -g dockerfile_lintThe most common usage is to use statick and statick-tooling from pip. In that case your directory structure will look like the following:
project-root
|- tooling-project
|- statick-configTo run with the default configuration for the statick-tooling tools use:
statick tooling-project/ --output-directory statick-output/ --profile tooling-profile.yamlThere are times when you will want to have a custom Statick configuration. This is usually done to run a different set of tools than are called out in the default profile, or to add exceptions. For this case you will have to add the new Statick configuration somewhere. This example will have custom exceptions in the tooling-project, such that the directory structure is:
project-root
|- tooling-project
|- statick-config
|- rsc
|- exceptions.yaml
|- statick-outputFor this setup you will run the following:
statick tooling-project/ --output-directory statick-output/ --user-paths tooling-project/statick-config/ --profile tooling-profile.yamlThe last type of setup will be to have all of the tools available from cloning repositories, not installing from pip. The directory structure will look like:
project-root
|- tooling-project
|- statick-config
|- rsc
|- exceptions.yaml
|- statick-output
|- statick
|- statick-toolingUsing the example where we want to override the default exceptions with custom ones in the tooling-project, the command to run would be:
./statick/statick tooling-project/ --output-directory statick-output/ --user-paths statick-tooling/,tooling-project/statick-config/ --profile tooling-profile.yamlNote that if a file exists without the extension listed it can still be discovered if the file command identifies it
as a specific file type.
This type of discovery must be supported by the discovery plugin and only works on operating systems where the file
command exists.
| File Type | Extensions |
|---|---|
| dockerfile | Dockerfile* |
| Tool | About |
|---|---|
| dockerfilelint | A rule based 'linter' for Dockerfiles. |
| dockerfile-lint | A rule based 'linter' for Dockerfiles. |
| hadolint | Dockerfile linter, validate inline bash, written in Haskell. |
If you write a new feature for Statick or are fixing a bug, you are strongly encouraged to add unit tests for your contribution. In particular, it is much easier to test whether a bug is fixed (and identify future regressions) if you can add a small unit test which replicates the bug.
Before submitting a change, please run tox to check that you have not introduced any regressions or violated any code style guidelines.
Statick Tooling uses mypy to check that type hints are being followed properly. Type hints are described in PEP 484 and allow for static typing in Python. To determine if proper types are being used in Statick Tooling the following command will show any errors, and create several types of reports that can be viewed with a text editor or web browser.
python3 -m pip install mypy
mkdir report
mypy --ignore-missing-imports --strict --html-report report/ --txt-report report srcIt is hoped that in the future we will generate coverage reports from mypy and use those to check for regressions.
Statick code is formatted using black. To fix locally use
python3 -m pip install black
black src tests