Make the already existing predicates not use regex

FloThinksPi · FloThinksPi · commit d5f05c7cbf89 · 2025-03-11T17:35:47.000+01:00
diff --git a/policy/common/regexp.go b/policy/common/regexp.go
@@ -33,10 +33,21 @@ func NewRegexp(pattern string) (Regexp, error) {
 	return Regexp{r: r}, nil
 }
 
+func NewMustCompileRegexp(pattern string) Regexp {
+	return Regexp{r: regexp.MustCompile(pattern)}
+}
+
 func NewCompiledRegexp(r *regexp.Regexp) Regexp {
 	return Regexp{r: r}
 }
 
+// UnquoteMeta reverses the effect of QuoteMeta
+func UnquoteMeta(s string) string {
+	re := regexp.MustCompile(`\\([\\.?])`) // Match escaped characters \\, \., and \?
+	literalString := re.ReplaceAllString(s, "$1")
+	return literalString
+}
+
 func (r Regexp) Matches(s string) bool {
 	if r.r == nil {
 		return false
diff --git a/policy/predicate/status.go b/policy/predicate/status.go
@@ -44,7 +44,15 @@ func NewHasStatus(statuses []string, conclusions []string) *HasStatus {
 var _ Predicate = HasStatus{}
 
 func (pred HasStatus) Evaluate(ctx context.Context, prctx pull.Context) (*common.PredicateResult, error) {
-	return HasStatusCheck{Checks: pred.Statuses, Conclusions: pred.Conclusions}.Evaluate(ctx, prctx)
+	// Convert strings into a regex object to comply with function signature
+	var checks []common.Regexp
+	for _, status := range pred.Statuses {
+		check, err := common.NewRegexp(status)
+		if err == nil {
+			checks = append(checks, check)
+		}
+	}
+	return HasStatusCheck{Checks: checks, Conclusions: pred.Conclusions, noRegex: true}.Evaluate(ctx, prctx)
 }
 
 func (pred HasStatus) Trigger() common.Trigger {
@@ -61,7 +69,7 @@ type HasSuccessfulStatus []string
 var _ Predicate = HasSuccessfulStatus{}
 
 func (pred HasSuccessfulStatus) Evaluate(ctx context.Context, prctx pull.Context) (*common.PredicateResult, error) {
-	return HasStatusCheck{Checks: pred}.Evaluate(ctx, prctx)
+	return HasStatus{Statuses: pred}.Evaluate(ctx, prctx)
 }
 
 func (pred HasSuccessfulStatus) Trigger() common.Trigger {
diff --git a/policy/predicate/status_check.go b/policy/predicate/status_check.go
@@ -17,6 +17,7 @@ package predicate
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"slices"
 	"strings"
 
@@ -28,14 +29,16 @@ import (
 type HasStatusCheck struct {
 	Conclusions AllowedConclusions `yaml:"conclusions"`
 	Statuses    AllowedStatuses    `yaml:"statuses"`
-	Checks      []string           `yaml:"checks,omitempty"`
+	Checks      []common.Regexp    `yaml:"checks,omitempty"`
+	noRegex     bool
 }
 
-func NewHasStatusCheck(checks []string, statuses []string, conclusions []string) *HasStatusCheck {
+func NewHasStatusCheck(checks []common.Regexp, statuses []string, conclusions []string) *HasStatusCheck {
 	return &HasStatusCheck{
 		Conclusions: conclusions,
 		Statuses:    statuses,
 		Checks:      checks,
+		noRegex:     false,
 	}
 }
 
@@ -76,21 +79,38 @@ func (pred HasStatusCheck) Evaluate(ctx context.Context, prctx pull.Context) (*c
 
 	var missingResults []string
 	var failingStatuses []string
+	var allChecks []string
 	for _, check := range pred.Checks {
-		if checkResult, ok := checkStatuses[check]; ok {
-			isInvalidConclusion := !slices.Contains(allowedConclusions, *checkResult.Conclusion)
-			if (checkResult.Status == nil || !slices.Contains(allowedStatuses, *checkResult.Status)) ||
-				(slices.Contains(allowedStatuses, "completed") && checkResult.Conclusion != nil && isInvalidConclusion) {
-				failingStatuses = append(failingStatuses, check)
+		matched := false
+		check_to_use := check
+		if pred.noRegex {
+			check_to_use, err = common.NewRegexp(fmt.Sprintf("^%s$", regexp.QuoteMeta(check.String())))
+			if err != nil {
+				return nil, errors.Wrapf(err, "failed to create regexp for workflow %s", check.String())
 			}
-		} else if repoStatusResult, ok := repoStatuses[check]; ok {
-			if repoStatusResult == nil {
-				missingResults = append(missingResults, check)
-			} else if repoStatusResult.State == nil || !slices.Contains(allowedStatuses, *repoStatusResult.State) {
-				failingStatuses = append(failingStatuses, check)
+		}
+		for checkResultName, checkResult := range checkStatuses {
+			if check_to_use.Matches(checkResultName) {
+				matched = true
+				allChecks = append(allChecks, checkResultName)
+				isInvalidConclusion := !slices.Contains(allowedConclusions, *checkResult.Conclusion)
+				if (checkResult.Status == nil || !slices.Contains(allowedStatuses, *checkResult.Status)) ||
+					(slices.Contains(allowedStatuses, "completed") && checkResult.Conclusion != nil && isInvalidConclusion) {
+					failingStatuses = append(failingStatuses, checkResultName)
+				}
+			}
+		}
+		for repoStatusName, repoStatusResult := range repoStatuses {
+			if check_to_use.Matches(repoStatusName) {
+				matched = true
+				allChecks = append(allChecks, repoStatusName)
+				if repoStatusResult == nil || repoStatusResult.State == nil || !slices.Contains(allowedStatuses, *repoStatusResult.State) {
+					failingStatuses = append(failingStatuses, repoStatusName)
+				}
 			}
-		} else {
-			missingResults = append(missingResults, check)
+		}
+		if !matched {
+			missingResults = append(missingResults, check.String())
 		}
 	}
 
@@ -108,7 +128,7 @@ func (pred HasStatusCheck) Evaluate(ctx context.Context, prctx pull.Context) (*c
 		return &predicateResult, nil
 	}
 
-	predicateResult.Values = pred.Checks
+	predicateResult.Values = allChecks
 	predicateResult.Satisfied = true
 	return &predicateResult, nil
 }
diff --git a/policy/predicate/status_check_test.go b/policy/predicate/status_check_test.go
@@ -106,12 +106,17 @@ func mockRepoStatus(state string) *github.RepoStatus {
 }
 
 func TestHasSuccessfulStatusCheck(t *testing.T) {
-	hasStatusCheck := HasStatusCheck{Checks: []string{"status-name", "status-name-2"}}
+	hasStatusCheck := HasStatusCheck{Checks: []common.Regexp{
+		common.NewMustCompileRegexp("status-name"),
+		common.NewMustCompileRegexp("status-name-2"),
+	}}
 	hasStatusCheckSkippedOk := HasStatusCheck{
-		Checks:      []string{"status-name", "status-name-2"},
+		Checks: []common.Regexp{
+			common.NewMustCompileRegexp("status-name"),
+			common.NewMustCompileRegexp("status-name-2"),
+		},
 		Conclusions: AllowedConclusions{"success", "skipped"},
 	}
-	hasSuccessfulStatusCheck := HasSuccessfulStatus{"status-name", "status-name-2"}
 
 	commonTestCases := []StatusTestCase{
 		{
@@ -218,8 +223,6 @@ func TestHasSuccessfulStatusCheck(t *testing.T) {
 	testSuites := []StatusTestSuite{
 		{predicate: hasStatusCheck, testCases: commonTestCases},
 		{predicate: hasStatusCheck, testCases: okOnlyIfSkippedAllowed},
-		{predicate: hasSuccessfulStatusCheck, testCases: commonTestCases},
-		{predicate: hasSuccessfulStatusCheck, testCases: okOnlyIfSkippedAllowed},
 		{
 			nameSuffix: "skipped allowed",
 			predicate:  hasStatusCheckSkippedOk,
diff --git a/policy/predicate/workflow.go b/policy/predicate/workflow.go
@@ -17,6 +17,7 @@ package predicate
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"slices"
 	"strings"
 
@@ -29,13 +30,15 @@ type HasWorkflow struct {
 	Statuses    AllowedStatuses    `yaml:"statuses,omitempty"`
 	Conclusions AllowedConclusions `yaml:"conclusions,omitempty"`
 	Workflows   []common.Regexp    `yaml:"workflows,omitempty"`
+	noRegex     bool
 }
 
 func NewHasWorkflow(workflows []common.Regexp, conclusions AllowedConclusions, statuses AllowedStatuses) *HasWorkflow {
 	return &HasWorkflow{
 		Statuses:    statuses,
 		Conclusions: conclusions,
 		Workflows:   workflows,
+		noRegex:     false,
 	}
 }
 
@@ -68,12 +71,21 @@ func (pred HasWorkflow) Evaluate(ctx context.Context, prctx pull.Context) (*comm
 
 	var missingResults []string
 	var failingWorkflows []string
+	var allWorkflows []string
 	for _, workflow := range pred.Workflows {
 		matched := false
-		for name, workflowSteps := range workflowRuns {
-			if workflow.Matches(name) {
+		workflow_to_use := workflow
+		if pred.noRegex {
+			workflow_to_use, err = common.NewRegexp(fmt.Sprintf("^%s$", regexp.QuoteMeta(workflow.String())))
+			if err != nil {
+				return nil, errors.Wrapf(err, "failed to create regexp for workflow %s", workflow.String())
+			}
+		}
+		for name, workflowRun := range workflowRuns {
+			if workflow_to_use.Matches(name) {
 				matched = true
-				for _, workflowResult := range workflowSteps {
+				allWorkflows = append(allWorkflows, name)
+				for _, workflowResult := range workflowRun {
 					isStatusAllowed := workflowResult.Status != nil && slices.Contains(allowedStatuses, *workflowResult.Status)
 					isStatusCompletedAllowed := workflowResult.Status != nil && slices.Contains(allowedStatuses, "completed")
 					isConclusionAllowed := workflowResult.Conclusion != nil && slices.Contains(allowedConclusions, *workflowResult.Conclusion)
@@ -102,11 +114,7 @@ func (pred HasWorkflow) Evaluate(ctx context.Context, prctx pull.Context) (*comm
 		return &predicateResult, nil
 	}
 
-	workflows := make([]string, len(pred.Workflows))
-	for i, workflow := range pred.Workflows {
-		workflows[i] = workflow.String()
-	}
-	predicateResult.Values = workflows
+	predicateResult.Values = allWorkflows
 	predicateResult.Satisfied = true
 
 	return &predicateResult, nil
diff --git a/policy/predicate/workflow_test.go b/policy/predicate/workflow_test.go
@@ -31,8 +31,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test.yml": {mockWorkflowRun("completed", "success")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: true,
@@ -45,8 +45,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 				".github/workflows/test.yml":  {mockWorkflowRun("completed", "success")},
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "success")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: true,
@@ -58,8 +58,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test.yml": {mockWorkflowRun("completed", "failure")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -71,8 +71,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test.yml": {mockWorkflowRun("completed", "failure"), mockWorkflowRun("completed", "success")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -85,8 +85,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 				".github/workflows/test.yml":  {mockWorkflowRun("completed", "failure")},
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "failure")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -99,8 +99,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 				".github/workflows/test.yml":  {mockWorkflowRun("completed", "success")},
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "failure")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -110,8 +110,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 		{
 			name:                    "a workflow is missing",
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -121,8 +121,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 		{
 			name:                    "multiple workflow are missing",
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -134,8 +134,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows: []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows: []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
 				Satisfied: false,
@@ -147,8 +147,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test.yml": {mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows:   []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows:   []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 				Conclusions: AllowedConclusions{"skipped"},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
@@ -162,8 +162,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 				".github/workflows/test.yml":  {mockWorkflowRun("completed", "success")},
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows:   []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows:   []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 				Conclusions: AllowedConclusions{"skipped", "success"},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
@@ -176,8 +176,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test.yml": {mockWorkflowRun("completed", "success"), mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows:   []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows:   []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 				Conclusions: AllowedConclusions{"skipped", "success"},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
@@ -191,8 +191,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 				".github/workflows/test.yml":  {mockWorkflowRun("completed", "failure")},
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows:   []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows:   []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 				Conclusions: AllowedConclusions{"skipped", "success"},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
@@ -206,8 +206,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 				".github/workflows/test.yml":  {mockWorkflowRun("completed", "success")},
 				".github/workflows/test2.yml": {mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows:   []string{".github/workflows/test.yml", ".github/workflows/test2.yml"},
+			predicate: HasWorkflow{
+				Workflows:   []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml"), common.NewMustCompileRegexp(".github/workflows/test2.yml")},
 				Conclusions: AllowedConclusions{"skipped"},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
@@ -220,8 +220,8 @@ func TestHasSuccessfulWorkflowRun(t *testing.T) {
 			latestWorkflowRunsValue: map[string][]*github.WorkflowRun{
 				".github/workflows/test.yml": {mockWorkflowRun("completed", "success"), mockWorkflowRun("completed", "skipped")},
 			},
-			predicate: HasWorkflowResult{
-				Workflows:   []string{".github/workflows/test.yml"},
+			predicate: HasWorkflow{
+				Workflows:   []common.Regexp{common.NewMustCompileRegexp(".github/workflows/test.yml")},
 				Conclusions: AllowedConclusions{"skipped"},
 			},
 			ExpectedPredicateResult: &common.PredicateResult{
diff --git a/policy/predicate/workflowresult.go b/policy/predicate/workflowresult.go
