Conversation
|
Hello! 👋 This repository uses Auto for releasing packages using PR labels. ✨ This PR can be merged. It will not be considered when calculating future versions of the npm packages and will not appear in the changelogs. |
grafana-plugins-platform-bot
bot
moved this from 📬 Triage
to 🔬 In review
in Grafana Catalog Team
There was a problem hiding this comment.
Pull request overview
Adds a new asset-validation rule runner to @grafana/plugin-docs-cli to enforce image hygiene in plugin documentation (location under img/, allowed formats, size limits, filename rules, reference integrity, and orphan detection).
Changes:
- Introduces 8 new asset-related rule IDs and wires a new
checkAssetsrunner into the validation pipeline. - Shares allowed image extension configuration between filesystem and asset validation.
- Adds a comprehensive Vitest suite for the new asset rules.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/plugin-docs-cli/src/validation/types.ts | Adds new rule identifiers for asset validation. |
| packages/plugin-docs-cli/src/validation/rules/index.ts | Registers the new checkAssets rule runner. |
| packages/plugin-docs-cli/src/validation/rules/filesystem.ts | Refactors allowed image extensions into a shared constant. |
| packages/plugin-docs-cli/src/validation/rules/assets.ts | Implements asset validation (formats, locations, sizes, refs, orphans). |
| packages/plugin-docs-cli/src/validation/rules/assets.test.ts | Adds tests for the asset validation behavior. |
mckn
left a comment
mckn
left a comment
There was a problem hiding this comment.
LGTM! Should we add a test that verifies that you can't add image refs outside of the current root folder? So you can't reference files higher in the folder structure than the plugin docs.
Just make sure that we don't allow things such as ../../../etc/passwd
Good idea, added!
yes - this will be covered in an upcoming PR for security related rules (see https://github.com/grafana/grafana-catalog-team/issues/769) |
github-project-automation
bot
moved this from 🔬 In review
to 🚀 Shipped
in Grafana Catalog Team
What this PR does / why we need it:
This PR adds 8 asset validation rules to the plugin-docs-cli validation engine. These rules enforce image hygiene in plugin documentation: images must live in
img/directories, use allowed formats (no SVG due to XSS risk), stay within size limits (300KB static, 1MB GIF, 5MB total) and use clean filenames. The rules also detect broken image references in markdown and flag orphaned images that are no longer used.Severity depends on the validation mode. In strict mode (
validatecommand), most rules are errors that block. In non-strict mode (servecommand), they surface as info-level hints. Two rules - total image size and orphan detection - only run in strict mode.The epic lists
images-in-img-dirandno-images-outside-imgas separate rows but notes they are the same enforcement from opposite directions. They are consolidated into one rule here.Which issue(s) this PR fixes:
Part of #771
Special notes for your reviewer: