#!/usr/bin/env bash # validate-crate.sh - Fake cargo publish validator using cleanroom # Simulates cargo publish --dry-run with enhanced validation set -euo pipefail # ============================================================================ # CONFIGURATION # ============================================================================ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly CLEANROOM_BIN="/Users/sac/ggen/cleanroom/examples/cleanroom/target/release/cleanroom" # Colors readonly RED='\033[0;31m' readonly GREEN='\033[0;32m' readonly YELLOW='\033[1;33m' readonly BLUE='\033[0;34m' readonly NC='\033[0m' # ============================================================================ # HELPER FUNCTIONS # ============================================================================ log_info() { echo -e "${BLUE}[VALIDATE]${NC} $*" >&2 } log_success() { echo -e "${GREEN}[✓]${NC} $*" >&2 } log_warn() { echo -e "${YELLOW}[WARN]${NC} $*" >&2 } log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2 } # ============================================================================ # VALIDATION CHECKS # ============================================================================ validate_cargo_toml() { local project_dir="$1" local cargo_toml="${project_dir}/Cargo.toml" log_info "Validating Cargo.toml..." if [[ ! -f "${cargo_toml}" ]]; then log_error "Cargo.toml not found" return 1 fi # Check required fields local required_fields=("name" "version" "edition") local missing_fields=() for field in "${required_fields[@]}"; do if ! grep -q "^${field} = " "${cargo_toml}"; then missing_fields+=("${field}") fi done if [[ ${#missing_fields[@]} -gt 0 ]]; then log_error "Missing required fields: ${missing_fields[*]}" return 1 fi log_success "Cargo.toml is valid" return 0 } validate_source_files() { local project_dir="$1" log_info "Validating source files..." # Check for src/lib.rs or src/main.rs if [[ ! -f "${project_dir}/src/lib.rs" ]] && [[ ! -f "${project_dir}/src/main.rs" ]]; then log_error "No src/lib.rs or src/main.rs found" return 1 fi # Count Rust files local rust_files rust_files=$(find "${project_dir}/src" -name "*.rs" 2>/dev/null | wc -l) log_info "Found ${rust_files} Rust source files" if ((rust_files == 0)); then log_error "No Rust source files found" return 1 fi log_success "Source files validated" return 0 } validate_compilation() { local project_dir="$1" log_info "Validating compilation..." cd "${project_dir}" # Quick syntax check if ! cargo check --quiet --message-format=short 2>&1 | grep -v "^$"; then log_error "Compilation validation failed" return 1 fi log_success "Compilation validated" return 0 } validate_tests() { local project_dir="$1" log_info "Validating tests..." cd "${project_dir}" # Check if tests exist if ! grep -r "#\[test\]" src/ 2>/dev/null | grep -q .; then log_warn "No tests found (recommended but not required)" fi # Run tests if they exist if cargo test --quiet --no-fail-fast 2>&1 | grep -v "^$"; then log_success "Tests validated" return 0 else log_warn "Some tests failed" return 0 # Don't fail deployment for test failures fi } validate_dependencies() { local project_dir="$1" log_info "Validating dependencies..." cd "${project_dir}" # Check for dependency issues if cargo tree --quiet 2>&1 | grep -i "error" > /dev/null; then log_error "Dependency validation failed" return 1 fi log_success "Dependencies validated" return 0 } validate_security() { local project_dir="$1" log_info "Running security audit..." cd "${project_dir}" # Check for common security issues local security_issues=0 # Check for hardcoded secrets if grep -rE "(password|secret|token|api[_-]?key)\s*=\s*['\"][^'\"]+['\"]" src/ 2>/dev/null; then log_warn "Potential hardcoded secrets found" ((security_issues++)) fi # Check for unsafe code if grep -r "unsafe {" src/ 2>/dev/null | grep -q .; then log_warn "Unsafe code blocks found (review recommended)" fi # Run cargo audit if available if command -v cargo-audit &> /dev/null; then if ! cargo audit --quiet 2>&1 | grep -v "^$"; then log_warn "Security audit found issues" ((security_issues++)) fi fi if ((security_issues > 0)); then log_warn "Security audit completed with ${security_issues} warnings" else log_success "Security audit passed" fi return 0 # Don't fail deployment for warnings } simulate_publish() { local project_dir="$1" local project_name="$2" log_info "Simulating cargo publish --dry-run..." cd "${project_dir}" # Create publish simulation report local publish_report="${project_dir}/.publish-report.txt" cat > "${publish_report}" < "${report_file}" < [project_name]" exit 1 fi if [[ ! -d "${project_dir}" ]]; then log_error "Project directory not found: ${project_dir}" exit 1 fi if [[ -z "${project_name}" ]]; then project_name=$(basename "${project_dir}") fi log_info "Starting crate validation for: ${project_name}" echo "" # Run all validations local validation_failed=false validate_cargo_toml "${project_dir}" || validation_failed=true validate_source_files "${project_dir}" || validation_failed=true validate_compilation "${project_dir}" || validation_failed=true validate_tests "${project_dir}" # Don't fail on test failures validate_dependencies "${project_dir}" || validation_failed=true validate_security "${project_dir}" # Don't fail on warnings echo "" if ${validation_failed}; then log_error "❌ Crate validation failed" generate_validation_report "${project_dir}" "${project_name}" "❌ FAILED" exit 1 fi simulate_publish "${project_dir}" "${project_name}" generate_validation_report "${project_dir}" "${project_name}" "✅ PASSED" echo "" log_success "✅ Crate validation successful: ${project_name}" exit 0 } # Run main if not sourced if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then main "$@" fi