Add new option to pass the ruleset file as base64 encoded

[Brend-Smits]

Motivation

At Philips, we use Continuous Compliance Action to scan the entire organization with Repolinter on certain rulesets. The repositories are scanned from a central internal repository and thus we needed a way to pass along the proper ruleset for the target repository.

Proposed Changes

Add an optional parameter that allows the user to pass along a base64 encoded ruleset as a string.

--rulesetEncoded or -c can be used to add the ruleset. We have been using this approach, via our Fork, for several months now without any issues.

Test Plan

Tests have been added to verify functionality. To manually test, you can use the following command:

bin/repolinter.js lint -c ewogICAgIiRzY2hlbWEiOiAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BoaWxpcHMtbGFicy9yZXBvbGludGVyL2ZlYXR1cmUvZ2l0aHViLWlzc3VlLWZpeC9ydWxlc2V0cy9zY2hlbWEuanNvbiIsCiAgICAidmVyc2lvbiI6IDIsCiAgICAiYXhpb21zIjogewogICAgICAibGluZ3Vpc3QiOiAibGFuZ3VhZ2UiLAogICAgICAibGljZW5zZWUiOiAibGljZW5zZSIsCiAgICAgICJwYWNrYWdlcnMiOiAicGFja2FnZXIiCiAgICB9LAogICAgInJ1bGVzIjogewogICAgICAibGljZW5zZS1maWxlLWV4aXN0cyI6IHsKICAgICAgICAibGV2ZWwiOiAid2FybmluZyIsCiAgICAgICAgInJ1bGUiOiB7CiAgICAgICAgICAidHlwZSI6ICJmaWxlLWV4aXN0ZW5jZSIsCiAgICAgICAgICAib3B0aW9ucyI6IHsKICAgICAgICAgICAgImdsb2JzQW55IjogWwogICAgICAgICAgICAgICJMSUNFTlNFKiIsCiAgICAgICAgICAgICAgIkNPUFlJTkcqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAibm9jYXNlIjogdHJ1ZQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlYWRtZS1maWxlLWV4aXN0cyI6IHsKICAgICAgICAibGV2ZWwiOiAid2FybmluZyIsCiAgICAgICAgInJ1bGUiOiB7CiAgICAgICAgICAidHlwZSI6ICJmaWxlLWV4aXN0ZW5jZSIsCiAgICAgICAgICAib3B0aW9ucyI6IHsKICAgICAgICAgICAgImdsb2JzQW55IjogWwogICAgICAgICAgICAgICJSRUFETUUqIgogICAgICAgICAgICBdLAogICAgICAgICAgICAibm9jYXNlIjogdHJ1ZQogICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgImZpeCI6IHsKICAgICAgICAgICJ0eXBlIjogImdpdGh1Yi1pc3N1ZS1jcmVhdGUiLAogICAgICAgICAgIm9wdGlvbnMiOiB7CiAgICAgICAgICAgICJpc3N1ZUxhYmVscyI6IFsKICAgICAgICAgICAgICAiY29udGludW91cy1jb21wbGlhbmNlIiwKICAgICAgICAgICAgICAiYXV0b21hdGVkIgogICAgICAgICAgICBdLAogICAgICAgICAgICAiYnlwYXNzTGFiZWwiOiAiQ0M6IEJ5cGFzcyIsCiAgICAgICAgICAgICJpc3N1ZVRpdGxlIjogIkNvbnRpbnVvdXMgQ29tcGxpYW5jZSAtIENyZWF0ZSBhIFJlYWQtbWUg8J+RjSIsCiAgICAgICAgICAgICJpc3N1ZUJvZHkiOiAiSGkgdGhlcmUg8J+RiywgXG4gUGhpbGlwcyB0cmllcyB0byBtYWtlIHN1cmUgdGhhdCByZXBvc2l0b3JpZXMgaW4gdGhpcyBvcmdhbml6YXRpb24gZm9sbG93IGEgY2VydGFpbiBzdGFuZGFyZGl6YXRpb24uIFdoaWxlIHJldmlld2luZyB5b3VyIHJlcG9zaXRvcnksIHdlIGNvdWxkIG5vdCBzdG9wIG91cnNlbHZlcyB0byBmdXJ0aGVyIGltcHJvdmUgdGhpcyByZXBvc2l0b3J5ISBcbiBcbiBBY2NvcmRpbmcgdG8gb3VyIHN0YW5kYXJkcywgd2UgdGhpbmsgdGhlIGZvbGxvd2luZyBjYW4gYmUgaW1wcm92ZWQ6IFxuIC0gQWRkIGEgUmVhZC1tZSBmaWxlIHRvIGV4cGxhaW4gdG8gb3RoZXIgcGVvcGxlIHdoYXQgeW91ciByZXBvc2l0b3J5IGlzIGFib3V0LiBcbiBcbiBQbGVhc2UgcmVmZXIgdG8gdGhlIGRvY3VtZW50YXRpb24gZm9yIG1vcmUgaW5mb3JtYXRpb24uIFxuXG4iLAogICAgICAgICAgICAiY29tbWVudEJvZHkiOiAiSGV5LCBpdCdzIG1lLCBJIGFtIGJhY2vwn5iOLiBcbiBXZSBub3RpY2VkIHJlZ3Jlc3Npb24gb24gdGhpcyBpc3N1ZSwgc28gd2Ugb3BlbmVkIGFuZCB1cGRhdGVkIGl0LiBcbiBDb3VsZCB5b3UgcGxlYXNlIGhhdmUgYSBsb29rIHRvIHNlZSB3aGF0IGlzIGdvaW5nIG9uPyBcbiBcbiBJZiB5b3Ugd2FudCB0byBieXBhc3MgdGhlIGNoZWNrIGZvciB0aGlzIHJ1bGUsIGF0dGFjaCB0aGUgJ0NDOiBCeXBhc3MnIGxhYmVsLiBcbiBUaGFua3MhIiwKICAgICAgICAgICAgInVuaXF1ZVJ1bGVJZCI6ICI4OTMzYTg5OS0wZmFiLTQyM2MtOTliOS1lZDg4ZDk1OGYxOWQiCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICB9LAogICAgICAiY29udHJpYnV0aW5nLWZpbGUtZXhpc3RzIjogewogICAgICAgICJsZXZlbCI6ICJ3YXJuaW5nIiwKICAgICAgICAicnVsZSI6IHsKICAgICAgICAgICJ0eXBlIjogImZpbGUtZXhpc3RlbmNlIiwKICAgICAgICAgICJvcHRpb25zIjogewogICAgICAgICAgICAiZ2xvYnNBbnkiOiBbCiAgICAgICAgICAgICAgImRvY3MvQ09OVFJJQioiLAogICAgICAgICAgICAgICIuZ2l0aHViL0NPTlRSSUIqIiwKICAgICAgICAgICAgICAiQ09OVFJJQioiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJub2Nhc2UiOiB0cnVlCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICB9CiAgICB9CiAgfQo=

Co-authored-by: Jeroen Knoops [email protected] Signed-off-by: Brend Smits [email protected]

[Brend-Smits]

Thanks for the contribution! The code looks great, I'm mostly just curious why base64 as opposed to a JSON string or otherwise?

Appreciate the review. We chose to use base64 over just a regular string as it allows for easier integration with pipelines and scripts without having to perform tedious escaping. This is especially a problem when supplying the ruleset via i.e. GitHub secrets. GitHub tries to do some special sauce which makes the escaping part difficult to do in some cases. We have had a poor experience with this and thus we now always use base64 encoded strings in such cases.

[hyandell]

I'm +1 for this change. The use case feels valuable to others, and the impact on the code is limited.