[Discussion] Travis about library HOT 14 CLOSED

Go for it! I have no idea how to use Travis.

from library.

FYI I have been periodically running jq '.' plugins/* to make sure they are valid json.

from library.

Not sure we need to overcomplicate this.

from library.

Yeah IMO I don't like automated code quality stuff, especially for this project because I can glance at it in 0.2s and tell if it's valid JSON, so I wouldn't use it, but if @Miserlou wants it then it's fine.

from library.

We use travisci and circleci at my real job. They are fine but they are also very large projects with thousands of tests so it makes more sense.

from library.

One of our projects can take about 2 hours to run tests LOL

from library.

Reopening because it would be nice to

• check valid JSON
• check valid SHA256
• upload to VirusTotal and assert less than 3 or so engines return suspicious for each ZIP

@Miserlou?

from library.

I can do it if you don't want to or don't have time @Miserlou

from library.

VirusTotal has a public API and I believe we satisfy the ToS. I don't think a synchronous API is available since the scans may take over a minute, but you can submit a file, get a ticket code, and poll on the code until all scans are complete.

from library.

This is now mostly implemented. I am currently working on fixing my test on another branch. I want to make sure I only scan zips if a download or sha256 value changes. So this diff command is what I am fixing. I am doing this because the zip scanning is time consuming and it is rate limited to 4 times in a minute. So I only want to use virus total when we really need to. So I will fix this test in the next day or so.

from library.

Additional assertions:

• ZIP must not contain a __MACOSX directory at root level.
• ZIP must not be a tarbomb. Yes, I know the first is a subset of this one, but it's better to have more feedback.
• We might even want to assert that the single folder at root level is named as the slug of the plugin. I'm for this.

from library.

Also, saw that linux->lin fix. I will add schema validation. I will rework the tests to handle all these checks. At first I was going to just do some simple checks and fail on any error. I will rewrite it to be more like real tests for all these things.

from library.

I admit that I underestimated how sloppy people are. So yeah:

• slug required
  • if we could have a "soft" warning for slugs matching /[a-zA-Z0-9_\-]/+, that'd be great, although I'd rather their slugs break this than change.
• version required
• version must begin with "0.5." (this will be changed with each version bump.)

from library.

done

from library.