alint_rules/
no_submodules.rs

1//! `no_submodules` — flag the presence of a `.gitmodules` file at
2//! the repo root.
3//!
4//! Submodules introduce a second source of truth (the submodule's
5//! commit pointer) that drifts silently, complicates CI, and
6//! surprises users who `git clone` without `--recurse-submodules`.
7//! Many projects have adopted vendoring or package managers and
8//! want to keep submodules banned forever.
9//!
10//! This rule is intentionally *not* configurable by `paths` —
11//! `.gitmodules` at the repo root is what actually enables git
12//! submodules, and letting users override that would invite
13//! footguns. For more general "file X must not exist" checks,
14//! use `file_absent` instead.
15//!
16//! Fixable via `file_remove`, which deletes `.gitmodules`. Note
17//! this is the surface-level fix — the user still needs to run
18//! `git submodule deinit` and clean up `.git/modules/` themselves.
19
20use alint_core::{
21    Context, Error, FixSpec, Fixer, Level, PathsSpec, Result, Rule, RuleSpec, Scope, Violation,
22};
23
24use crate::fixers::FileRemoveFixer;
25
26#[derive(Debug)]
27pub struct NoSubmodulesRule {
28    id: String,
29    level: Level,
30    policy_url: Option<String>,
31    message: Option<String>,
32    scope: Scope,
33    fixer: Option<FileRemoveFixer>,
34}
35
36impl Rule for NoSubmodulesRule {
37    fn id(&self) -> &str {
38        &self.id
39    }
40    fn level(&self) -> Level {
41        self.level
42    }
43    fn policy_url(&self) -> Option<&str> {
44        self.policy_url.as_deref()
45    }
46
47    fn evaluate(&self, ctx: &Context<'_>) -> Result<Vec<Violation>> {
48        let mut violations = Vec::new();
49        for entry in ctx.index.files() {
50            if !self.scope.matches(&entry.path) {
51                continue;
52            }
53            let msg = self.message.clone().unwrap_or_else(|| {
54                "`.gitmodules` present — git submodules are forbidden".to_string()
55            });
56            violations.push(Violation::new(msg).with_path(entry.path.clone()));
57        }
58        Ok(violations)
59    }
60
61    fn fixer(&self) -> Option<&dyn Fixer> {
62        self.fixer.as_ref().map(|f| f as &dyn Fixer)
63    }
64}
65
66pub fn build(spec: &RuleSpec) -> Result<Box<dyn Rule>> {
67    if spec.paths.is_some() {
68        return Err(Error::rule_config(
69            &spec.id,
70            "no_submodules does not accept a `paths` field; it always targets `.gitmodules` at \
71             the repo root. Use `file_absent` for more general patterns.",
72        ));
73    }
74    let fixer = match &spec.fix {
75        Some(FixSpec::FileRemove { .. }) => Some(FileRemoveFixer),
76        Some(other) => {
77            return Err(Error::rule_config(
78                &spec.id,
79                format!(
80                    "fix.{} is not compatible with no_submodules",
81                    other.op_name()
82                ),
83            ));
84        }
85        None => None,
86    };
87    let pinned = PathsSpec::Single(".gitmodules".to_string());
88    Ok(Box::new(NoSubmodulesRule {
89        id: spec.id.clone(),
90        level: spec.level,
91        policy_url: spec.policy_url.clone(),
92        message: spec.message.clone(),
93        scope: Scope::from_paths_spec(&pinned)?,
94        fixer,
95    }))
96}
97
98#[cfg(test)]
99mod tests {
100    use super::*;
101    use crate::test_support::{ctx, index, spec_yaml};
102    use std::path::Path;
103
104    #[test]
105    fn build_rejects_paths_field() {
106        let spec = spec_yaml(
107            "id: t\n\
108             kind: no_submodules\n\
109             paths: \"**\"\n\
110             level: warning\n",
111        );
112        let err = build(&spec).unwrap_err().to_string();
113        assert!(err.contains("paths"), "unexpected: {err}");
114    }
115
116    #[test]
117    fn build_accepts_minimal_config() {
118        let spec = spec_yaml(
119            "id: t\n\
120             kind: no_submodules\n\
121             level: warning\n",
122        );
123        assert!(build(&spec).is_ok());
124    }
125
126    #[test]
127    fn build_accepts_file_remove_fix() {
128        let spec = spec_yaml(
129            "id: t\n\
130             kind: no_submodules\n\
131             level: warning\n\
132             fix:\n  \
133               file_remove: {}\n",
134        );
135        let rule = build(&spec).unwrap();
136        assert!(rule.fixer().is_some());
137    }
138
139    #[test]
140    fn build_rejects_incompatible_fix() {
141        let spec = spec_yaml(
142            "id: t\n\
143             kind: no_submodules\n\
144             level: warning\n\
145             fix:\n  \
146               file_create:\n    \
147                 content: \"x\"\n",
148        );
149        assert!(build(&spec).is_err());
150    }
151
152    #[test]
153    fn evaluate_passes_without_gitmodules() {
154        let spec = spec_yaml(
155            "id: t\n\
156             kind: no_submodules\n\
157             level: warning\n",
158        );
159        let rule = build(&spec).unwrap();
160        let idx = index(&["README.md", ".gitignore"]);
161        let v = rule.evaluate(&ctx(Path::new("/fake"), &idx)).unwrap();
162        assert!(v.is_empty());
163    }
164
165    #[test]
166    fn evaluate_fires_when_gitmodules_present() {
167        let spec = spec_yaml(
168            "id: t\n\
169             kind: no_submodules\n\
170             level: warning\n",
171        );
172        let rule = build(&spec).unwrap();
173        let idx = index(&[".gitmodules", "README.md"]);
174        let v = rule.evaluate(&ctx(Path::new("/fake"), &idx)).unwrap();
175        assert_eq!(v.len(), 1);
176    }
177}
alint_rules/no_submodules.rs

alint_rules/
no_submodules.rs
