Skip to content

Add oelint-adv linting with a clean, blocking CI gate#83

Merged
otavio merged 6 commits into
masterfrom
oelint-support
Jun 14, 2026
Merged

Add oelint-adv linting with a clean, blocking CI gate#83
otavio merged 6 commits into
masterfrom
oelint-support

Conversation

@otavio

@otavio otavio commented Jun 14, 2026

Copy link
Copy Markdown
Member

Adds the declarative oelint-adv setup used across the OEL layers and makes every recipe in this layer lint clean, so the CI gate can be blocking.

Tooling (last commit)

  • .oelint.cfg — pins the release (wrynose) and the only layer-wide suppression (oelint.var.bbclassextend).
  • oelint.constants.json — declares the project distro/machine override tokens.
  • contrib/oelint/run-oelint.sh — enumerates the recipes and runs the linter serially.
  • .github/workflows/oelint.yaml — runs it on PRs, merge groups and master pushes via the yocto-env.nix lint devshell.

Recipe fixes

  • shellhub-rootfs-postcommand — task docstring, whitespace, inline bbclass.underscores suppression.
  • packagegroup-shellhub — metadata, simplified RDEPENDS.
  • shellhub-agent-config — versioned filename (_1.0), metadata, here-doc → echo, inline suppressions for genuinely N/A rules.
  • shellhub-agent — metadata + lint fixes (install -d, RDEPENDS ordering, SRC_URI, network suppression), plus a separate commit setting CVE_PRODUCT = "shellhub" for cve-check.

Every remaining exception is documented inline as a # nooelint: <rule.id> comment. oelint-adv reports zero findings.

Note: based on the shellhub-agent-0.25.1 branch (PR #81) because the fixes touch shellhub-agent_0.25.1.bb. Will retarget to master once #81 merges.

@otavio otavio changed the base branch from shellhub-agent-0.25.1 to master June 14, 2026 03:08
otavio added 6 commits June 14, 2026 00:10
@otavio
shellhub-rootfs-postcommand: Add task docstring and tidy whitespace
af460cb 
Make the class pass oelint-adv:

 * document the rootfs postprocess function with a [doc] flag
   (oelint.task.docstrings),
 * drop the trailing blank and use double quotes in the
   ROOTFS_POSTPROCESS_COMMAND append (oelint.var.rootfspostcmd),
 * remove the duplicate blank line (oelint.newline.consecutive),
 * suppress oelint.bbclass.underscores inline, as the dash in the class
   name is harmless here (no EXPORT_FUNCTIONS).

No functional change.
@otavio
packagegroup-shellhub: Add metadata and simplify RDEPENDS
461ec65 
 * set DESCRIPTION (mandatory), BUGTRACKER and SECTION,
 * collapse the single-entry RDEPENDS into a plain assignment, which
   also drops the leading blank flagged by oelint.vars.inconspaces and
   oelint.vars.notneededspace.

No functional change.
@otavio
shellhub-agent-config: Version the recipe and fix oelint-adv findings
cbb6824 
 * rename to shellhub-agent-config_1.0.bb so the filename carries a
   version (oelint.file.underscores); PN is unchanged, so the RDEPENDS
   references to shellhub-agent-config keep resolving,
 * set DESCRIPTION, HOMEPAGE, BUGTRACKER and SECTION,
 * generate the configuration with an echo block instead of a
   tab-indented here-doc, dropping oelint.tabs.notabs and
   oelint.task.heredocs,
 * document the genuinely-not-applicable rules inline: the missing
   SRC_URI and CVE_PRODUCT (this recipe generates its config and ships
   no code), the layer-internal LIC_FILES_CHKSUM
   (oelint.var.licenseremotefile) and the parse-time SkipRecipe
   anonymous python (oelint.task.noanonpython).

The generated configuration file is identical; no functional change.
@otavio
shellhub-agent: Add metadata and fix oelint-adv findings
350df8f 
 * set DESCRIPTION, BUGTRACKER and SECTION,
 * drop the leading blank in SRC_URI (oelint.vars.notneededspace),
 * use 'install -d' instead of 'mkdir -p' in do_install
   (oelint.task.nomkdir),
 * order the RDEPENDS entries alphabetically and place RDEPENDS before
   RRECOMMENDS (oelint.vars.dependsordered, oelint.var.order),
 * suppress oelint.task.network inline, as the go modules are fetched
   during do_compile by design.

No functional change.
@otavio
shellhub-agent: Set CVE_PRODUCT for cve-check
b7da36c 
The recipe name (shellhub-agent) does not match the product name
ShellHub is tracked under in the NVD, so cve-check would not associate
any CVE with this recipe. Set CVE_PRODUCT = "shellhub" so its CVEs are
reported. This also satisfies oelint.var.suggestedvar.CVE_PRODUCT.
@otavio
oelint: Add oelint-adv lint tooling and CI gate
82a7658 
Add the declarative oelint-adv setup shared across the OEL layers:

 * .oelint.cfg pins the release (wrynose) and the only layer-wide
   suppression, oelint.var.bbclassextend, which never applies to a
   target-only layer,
 * oelint.constants.json declares the project distro/machine override
   tokens oelint cannot know when run standalone,
 * contrib/oelint/run-oelint.sh enumerates the recipes and runs the
   linter serially,
 * .github/workflows/oelint.yaml runs it on pull requests, merge groups
   and master pushes through the yocto-env.nix lint devshell.

The layer lints clean, with every remaining exception documented inline
as a '# nooelint: <rule.id>' comment, so the gate is blocking.
@otavio otavio merged commit 60aec30 into master Jun 14, 2026
1 check passed
@otavio otavio deleted the oelint-support branch June 14, 2026 03:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@otavio