validation

package
v0.60.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package validation provides shared pipeline configuration validation utilities that are used by both the workflow engine (at startup) and the wfctl CLI tool (as static analysis). This avoids duplicating logic between the two consumers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractSQLColumns 

func ExtractSQLColumns(query string) []string

ExtractSQLColumns parses a SQL SELECT statement and returns the column names (or aliases) from the SELECT clause.

func GenerateChallenge added in v0.10.1 

func GenerateChallenge(adminSecret, rejectionHash string, t time.Time) string

GenerateChallenge generates a 3-word HMAC challenge token for the given rejection hash using the admin secret, anchored to the 1-hour bucket of t. Pass time.Now() for normal use; pass a fixed time in tests for determinism.

adminSecret should come from an environment variable (e.g. WFCTL_ADMIN_SECRET).

func IsBlockingRefWarningCode added in v0.60.0 

func IsBlockingRefWarningCode(code RefWarningCode) bool

IsBlockingRefWarningCode reports whether a warning code should fail strict validation. Hyphenated dot-access is non-blocking because the runtime rewrites it, but missing/forward/self refs and invalid output/SQL fields are runtime failures.

func ParseAPIHeaderOverride added in v0.10.1 

func ParseAPIHeaderOverride(r *http.Request) (string, bool)

ParseAPIHeaderOverride extracts an override token from the X-Workflow-Override HTTP request header. Returns (token, true) if present, ("", false) otherwise.

func ParsePRCommentOverride added in v0.10.1 

func ParsePRCommentOverride(comment string) (string, bool)

ParsePRCommentOverride extracts an override token from a GitHub PR comment. The expected format is "/wfctl-override <token>". Returns (token, true) if found, ("", false) otherwise.

func ParseWorkflowDispatchOverride added in v0.10.1 

func ParseWorkflowDispatchOverride(inputs map[string]string) (string, bool)

ParseWorkflowDispatchOverride extracts an override token from GitHub Actions workflow_dispatch inputs. Looks for the key "override_token" in the inputs map. Returns (token, true) if present, ("", false) otherwise.

func TokenFromParts added in v0.10.1 

func TokenFromParts(words []string) string

TokenFromParts joins three BIP-39 words with hyphens (inverse of parsing).

func VerifyChallenge added in v0.10.1 

func VerifyChallenge(adminSecret, rejectionHash, token string, t time.Time) bool

VerifyChallenge returns true if token matches the expected challenge for the given rejection hash at time t. It checks both the current and previous 1-hour buckets to provide a grace period across bucket boundaries. Comparison is constant-time to prevent timing side-channel attacks.

Types

type RefValidationResult 

type RefValidationResult struct {
	Warnings     []string
	WarningCodes []RefWarningCode
	Errors       []string
}

RefValidationResult holds the outcome of pipeline template reference validation. Warnings are suspicious but non-fatal references; WarningCodes classifies each warning at the same index. Errors are definitively wrong.

func ValidatePipelineTemplateRefs 

func ValidatePipelineTemplateRefs(pipelines map[string]any, reg ...*schema.StepSchemaRegistry) *RefValidationResult

ValidatePipelineTemplateRefs validates all pipeline step template expressions in the given pipelines map for dangling step references and output field mismatches. It performs the same checks as `wfctl template validate` at the pipeline template level.

The pipelines parameter is expected to be a map[string]any where each value is a pipeline config map containing a "steps" field (as parsed from YAML).

An optional *schema.StepSchemaRegistry may be provided to supply plugin-registered step schemas. When absent, a default built-in registry is created once and reused across all pipelines.

func (*RefValidationResult) AddWarning added in v0.60.0 

func (r *RefValidationResult) AddWarning(code RefWarningCode, message string)

AddWarning records a warning and its stable machine-readable code.

func (*RefValidationResult) BlockingWarningMessages added in v0.60.0 

func (r *RefValidationResult) BlockingWarningMessages() []string

BlockingWarningMessages returns warning messages that represent deterministic runtime failures and should fail strict validation.

func (*RefValidationResult) HasIssues 

func (r *RefValidationResult) HasIssues() bool

HasIssues returns true when there are any warnings or errors.

type RefWarningCode added in v0.60.0 

type RefWarningCode string

RefWarningCode classifies a pipeline reference warning so callers can make policy decisions without parsing human-readable warning text. 

const (
	RefWarningHyphenatedDotAccess RefWarningCode = "hyphenated_dot_access"
	RefWarningUnknownOutput       RefWarningCode = "unknown_output"
	RefWarningMissingStep         RefWarningCode = "missing_step"
	RefWarningSelfReference       RefWarningCode = "self_reference"
	RefWarningForwardReference    RefWarningCode = "forward_reference"
	RefWarningSQLColumnMismatch   RefWarningCode = "sql_column_mismatch"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.