fix(sarif): Include conftest version number (#1206)

Previously, the SARIF validator [0] raised an error due to the missing version.

[0] https://sarifweb.azurewebsites.net/Validation

Signed-off-by: James Alseth <james@jalseth.me>

Author: jalseth

.goreleaser.yml

@@ -20,7 +20,7 @@ builds:
   ldflags:
   - "-s"
   - "-w"
-  - "-X github.com/open-policy-agent/conftest/internal/commands.version={{.Version}}"
+  - "-X github.com/open-policy-agent/conftest/internal/version.Version={{.Version}}"
 
 archives:
 - name_template: >-

internal/commands/default.go

@@ -8,6 +8,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/open-policy-agent/conftest/internal/version"
 	"github.com/open-policy-agent/conftest/plugin"
 
 	"github.com/spf13/cobra"
@@ -19,11 +20,6 @@ import (
 	_ "github.com/open-policy-agent/conftest/builtins"
 )
 
-// These values are set at build time
-var (
-	version = ""
-)
-
 // NewDefaultCommand creates the default command
 func NewDefaultCommand() *cobra.Command {
 	cmd := cobra.Command{
@@ -97,7 +93,7 @@ func newCommandFromPlugin(ctx context.Context, p *plugin.Plugin) *cobra.Command
 }
 
 func createVersionString() string {
-	return fmt.Sprintf("Conftest: %s\nOPA: %s\n", version, opaversion.Version)
+	return fmt.Sprintf("Conftest: %s\nOPA: %s\n", version.Version, opaversion.Version)
 }
 
 func readInConfig() error {

internal/version/version.go

@@ -0,0 +1,4 @@
+package version
+
+// Version is the version of conftest. It is overridden by ldflags during releases.
+var Version = "dev"

output/sarif.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/open-policy-agent/conftest/internal/version"
 	"github.com/open-policy-agent/opa/v1/tester"
 	"github.com/owenrumney/go-sarif/v2/sarif"
 )
@@ -117,7 +118,10 @@ func (s *SARIF) Output(results CheckResults) error {
 		return fmt.Errorf("create sarif report: %w", err)
 	}
 
-	run := sarif.NewRunWithInformationURI(toolName, toolURI)
+	// SARIF versions must start with a number, so we remove the "v" prefix.
+	toolVersion := strings.TrimPrefix(version.Version, "v")
+	driver := sarif.NewVersionedDriver(toolName, toolVersion).WithInformationURI(toolURI)
+	run := sarif.NewRun(sarif.Tool{Driver: driver})
 	indices := make(map[string]int)
 
 	for _, result := range results {
@@ -164,23 +168,17 @@ func (s *SARIF) Output(results CheckResults) error {
 		}
 	}
 
-	// Add run metadata
-	exitCode := 0
 	exitDesc := exitNoViolations
 	if results.HasFailure() {
-		exitCode = 1
 		exitDesc = exitViolations
 	} else if results.HasWarning() {
 		exitDesc = exitWarnings
 	}
 
-	successful := true
-	invocation := sarif.NewInvocation()
-	invocation.ExecutionSuccessful = &successful
-	invocation.ExitCode = &exitCode
-	invocation.ExitCodeDescription = &exitDesc
-
-	run.Invocations = []*sarif.Invocation{invocation}
+	run.AddInvocations(sarif.NewInvocation().
+		WithExecutionSuccess(true).
+		WithExitCode(results.ExitCode()).
+		WithExitCodeDescription(exitDesc))
 
 	// Add the run to the report
 	report.AddRun(run)

output/sarif_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/open-policy-agent/conftest/internal/version"
 )
 
 func TestSARIF_Output(t *testing.T) {
@@ -25,8 +26,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules":          []any{},
 							},
 						},
@@ -66,8 +68,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules": []map[string]any{
 									{
 										"id": "main/deny",
@@ -135,8 +138,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules": []map[string]any{
 									{
 										"id": "main/warn",
@@ -203,8 +207,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules": []map[string]any{
 									{
 										"id": "main/allow",
@@ -290,8 +295,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules": []map[string]any{
 									{
 										"id": "main/skip",
@@ -366,8 +372,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules": []map[string]any{
 									{
 										"id": "main/deny",
@@ -445,8 +452,9 @@ func TestSARIF_Output(t *testing.T) {
 					{
 						"tool": map[string]any{
 							"driver": map[string]any{
-								"informationUri": "https://github.com/open-policy-agent/conftest",
-								"name":           "conftest",
+								"informationUri": toolURI,
+								"name":           toolName,
+								"version":        version.Version,
 								"rules": []map[string]any{
 									{
 										"id": "main/success",