Add "recommendation" severity analyzer (#309)

grafana · Feb 18, 2025 · c18a347 · c18a347
1 parent 8070a79
commit c18a347
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/pkg/analysis/analysis.go b/pkg/analysis/analysis.go
@@ -13,6 +13,7 @@ var (
 	Warning          Severity = "warning"
 	OK               Severity = "ok"
 	SuspectedProblem Severity = "suspected"
+	Recommendation   Severity = "recommendation"
 )
 
 type Pass struct {

diff --git a/pkg/analysis/passes/provenance/provenance.go b/pkg/analysis/passes/provenance/provenance.go
@@ -18,11 +18,11 @@ import (
 var (
 	noProvenanceAttestation = &analysis.Rule{
 		Name:     "no-provenance-attestation",
-		Severity: analysis.Warning,
+		Severity: analysis.Recommendation,
 	}
 	invalidProvenanceAttestation = &analysis.Rule{
 		Name:     "invalid-provenance-attestation",
-		Severity: analysis.Warning,
+		Severity: analysis.Recommendation,
 	}
 )
 
@@ -52,7 +52,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	}
 
 	matches := githubRe.FindStringSubmatch(pass.CheckParams.SourceCodeReference)
-	if matches == nil || len(matches) < 3 {
+	if len(matches) < 3 {
 		detail := "Cannot verify plugin build. It is recommended to use a pipeline that supports provenance attestation, such as GitHub Actions. https://github.com/grafana/plugin-actions/tree/main/build-plugin"
 
 		// add instructions if the source code reference is a github repo

diff --git a/pkg/cmd/plugincheck2/main.go b/pkg/cmd/plugincheck2/main.go
@@ -218,6 +218,8 @@ func main() {
 				if *strictFlag {
 					exitCode = 1
 				}
+			case analysis.Recommendation:
+				buf.WriteString(color.CyanString("recommendation: "))
 			case analysis.OK:
 				buf.WriteString(color.GreenString("ok: "))
 			case analysis.SuspectedProblem: