22 lines
1.0 KiB
Bash
Executable File
22 lines
1.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Enforces INFRA-01 SC#2 / D-09: no literal *library/plugin* version strings outside catalog.
|
|
# Scans every *.gradle.kts for numeric version literals (e.g. version = "1.2.3") that would
|
|
# represent a library or plugin pin leaking out of the catalog.
|
|
#
|
|
# Exclusions (all semantic, not loopholes):
|
|
# - build-logic/build.gradle.kts needs literal plugin-dependency coordinates (`asDependency()`)
|
|
# - Top-level project-version assignments (unindented `^version = "x.y.z"`) are Gradle project
|
|
# metadata (artifact name) — NOT a library version pin. D-09 guards dependency versions,
|
|
# not project identity.
|
|
set -euo pipefail
|
|
VIOLATIONS=$(grep -rn -E 'version[[:space:]]*=[[:space:]]*"[0-9]' --include='*.gradle.kts' . 2>/dev/null \
|
|
| grep -v 'build-logic/build.gradle.kts' \
|
|
| grep -vE ':[0-9]+:version[[:space:]]*=[[:space:]]*"[0-9]' \
|
|
|| true)
|
|
if [ -n "$VIOLATIONS" ]; then
|
|
echo "ERROR: version literals found outside catalog:" >&2
|
|
echo "$VIOLATIONS" >&2
|
|
exit 1
|
|
fi
|
|
echo "OK: no version literals outside catalog."
|