{"id":436,"date":"2015-10-03T12:24:06","date_gmt":"2015-10-03T12:24:06","guid":{"rendered":"http:\/\/www.scmgalaxy.com\/tutorials\/2015\/10\/03\/chef-code-analysis-using-foodcritic\/"},"modified":"2021-11-19T06:49:33","modified_gmt":"2021-11-19T06:49:33","slug":"chef-code-analysis-using-foodcritic","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/chef-code-analysis-using-foodcritic\/","title":{"rendered":"Chef Code Analysis using Foodcritic | Foodcritic Tutorial"},"content":{"rendered":"

\"chef-code-analysis-using-foodcritic\"<\/p>\n

What is Foodcritic?<\/strong> Foodcritic is a static linting tool that analyzes all of the Ruby code that is authored in a cookbook against a number of rules, and then returns a list of violations. In another word, Foodcritic is a helpful lint tool you can use to check your Chef cookbooks for common problems.<\/p>\n

We use Foodcritic to check cookbooks for common problems:<\/strong>
\nStyle
\nCorrectness
\nSyntax
\nBest practices
\nCommon mistakes
\nDeprecations<\/p>\n

Foodcritic does not <\/strong>
\nFoodcritic does not validate the intention of a recipe, rather it evaluates the structure of the code, and helps enforce specific behavior, detect portability of recipes, identify potential run-time failures, and spot common anti-patterns.<\/p>\n

When Foodcritic returns a violation, this does not automatically mean the code needs to be changed. It is important to first understand the intention of the rule before making the changes it suggests.<\/p>\n

Foodcritic has two goals:<\/strong><\/p>\n

To make it easier to flag problems in your Chef cookbooks that will cause Chef to blow up when you attempt to converge. This is about faster feedback. If you automate checks for common problems you can save a lot of time.<\/p>\n

To encourage discussion within the Chef community on the more subjective stuff – what does a good cookbook look like? Opscode have avoided being overly prescriptive which by and large I think is a good thing. Having a set of rules to base discussion on helps drive out what we as a community think is good style.<\/p>\n

Foodcritic built-in Rules<\/strong>
\nIt comes with 47 built-in rules that identify problems ranging from simple style inconsistencies to difficult to diagnose issues that will hurt in production. If you want to see the list of rules, please navigate the url as below;
\nhttp:\/\/www.foodcritic.io\/<\/a><\/p>\n

Prerequisites<\/strong>
\nFoodcritic runs on Ruby (MRI) 1.9.2+ which depending on your workstation setup may be a more recent version of Ruby than you have installed. The Ruby Version Manager (RVM) is a popular choice for running multiple versions of ruby on the same workstation, so you can try foodcritic out without running the risk of damaging your main install<\/p>\n

Foodcritic installation<\/strong><\/p>\n

Method 1<\/strong>
\nInstall RVM as non-root user<\/p>\n

$ sudo \/etc\/init.d\/iptables stop OR sudo start ufw<\/code><\/pre>\n
$ curl -s raw.github.com\/wayneeseguin\/rvm\/master\/binscripts\/rvm-installer | bash -s stable
\nOR
\n$ sudo bash -s stable < <(curl -s https:\/\/raw.github.com\/wayneeseguin\/rvm\/master\/binscripts\/rvm-installer )
\nOR
\n$ curl -s raw.github.com\/wayneeseguin\/rvm\/master\/binscripts\/rvm-installer | sudo bash -s stable
\nOR
\n$ gpg –keyserver hkp:\/\/keys.gnupg.net –recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\nOR
\n$ command curl -sSL https:\/\/rvm.io\/mpapis.asc | gpg –import –<\/p>\n
<\/code><\/pre>\n
$ rvm get stable
\n$ rvm install ruby-2.2.3
\n$ gem install foodcritic<\/p>\n
Method 2<\/strong>
\nInstall ruby<\/p>\n
$ sudo apt-get install ruby-2.2.3 (Ubantu)
\n$ sudo yum install ruby-2.2.3 (rhel)<\/p>\n
Install foodcritic
\n> gem install foodcritic<\/p>\n
Method 3<\/strong>
\nAlternatively install ChefDK which already includes foodcritic: https:\/\/downloads.getchef.com\/chef-dk\/<\/a><\/p>\n
How to run Foodcritic?<\/strong>
\nYou should now find you have a foodcritic command on your PATH. Run foodcritic to see what arguments it supports:<\/p>\n
foodcritic [cookbook_path]
\n-r, –[no-]repl Drop into a REPL for interactive rule editing.
\n-t, –tags TAGS Only check against rules with the specified tags.
\n-f, –epic-fail TAGS Fail the build if any of the specified tags are matched.
\n-C, –[no-]context Show lines matched against rather than the default summary.
\n-I, –include PATH Additional rule file path(s) to load.
\n-S, –search-grammar PATH Specify grammar to use when validating search syntax.
\n-V, –version Display version.<\/p>\n
How to setup Foodcritic with Jenkins<\/strong><\/p>\n
Configuring Jenkins to run foodcritic<\/strong>
\nTo manually add a new job to Jenkins to check your cookbooks with foodcritic do the following:<\/p>\n
    \n
  1. Ensure you have Ruby 1.9.2+ and the foodcritic gem installed on the box running Jenkins.<\/li>\n
  2. You\u2019ll probably need to install the Git plugin. In Jenkins select \u201cManage Jenkins\u201d -> \u201cManage Plugins\u201d. Select the \u201cAvailable\u201d tab. Check the checkbox next to the Git Plugin and click the \u201cInstall without restart\u201d button.<\/li>\n
  3. In Jenkins select \u201cNew Job\u201d. Enter a name for the job \u201cmy-cookbook\u201d, select \u201cBuild a free-style software project\u201d and click \u201cOK\u201d.<\/li>\n
  4. On the resulting page select \u201cGit\u201d under \u201cSource Code Management\u201d and enter the URL for your repo.<\/li>\n
  5. Check the checkbox \u201cPoll SCM\u201d under \u201cBuild Triggers\u201d.<\/li>\n
  6. Click \u201cAdd Build Step\u201d -> \u201cExecute shell\u201d under \u201cBuild\u201d. This is where we will call foodcritic.<\/li>\n
  7. Assuming you are using rvm enter the following as the command:<\/li>\n
  8. #!\/usr\/bin\/env rvm-shell 1.9.3
    \nfoodcritic .<\/li>\n
  9. Click \u201cSave\u201d.<\/li>\n
  10. Cool, we\u2019ve created your new job. Now lets see if it works. Click \u201cBuild Now\u201d on the left-hand side.<\/li>\n
  11. You can click the build progress bar to be taken directly to the console output.<\/li>\n
  12. After a moment you should see that the build has been successful and foodcritic warnings (if any) are shown in your console output.<\/li>\n
  13. Yes, for maximum goodness you should be automating all this with Chef. \ud83d\ude42<\/li>\n
  14. For more information refer to the instructions for building a \u201cfree-style software project\u201d here:
    \nhttps:\/\/wiki.jenkins-ci.org\/display\/JENKINS\/Building+a+software+project<\/li>\n
  15. See also this blog post about rvm-shell which ensures you have the right version of Ruby loaded when trying to build with foodcritic:
    \nhttp:\/\/blog.ninjahideout.com\/posts\/rvm-improved-support-for-hudson<\/li>\n<\/ol>\n
    Failing the build<\/strong>
    \nThe above is a start, but we\u2019d also like to fail the build if there are any warnings that might stop the cookbook from working.<\/p>\n
    CI is only useful if people will act on it. Lets start by only failing the build when there is a correctness problem that would likely break our Chef run. We\u2019ll continue to have the other warnings available for reference in the console log but only correctness issues will fail the build.<\/p>\n
    Select the \u201cmy-cookbook\u201d job in Jenkins and click \u201cConfigure\u201d.<\/p>\n
    Scroll down to our \u201cExecute shell\u201d command and change it to look like the following:<\/p>\n
    #!\/usr\/bin\/env rvm-shell 1.9.3
    \nfoodcritic -f correctness .
    \nClick \u201cSave\u201d and then \u201cBuild Now\u201d.<\/p>\n
    More complex expressions<\/strong>
    \nFoodcritic supports more complex expressions with the standard Cucumber tag syntax. For example:<\/p>\n
    #!\/usr\/bin\/env rvm-shell 1.9.3
    \nfoodcritic -f any -f ~FC014 .
    \nHere we use any to fail the build on any warning, but then use the tilde ~ to exclude FC014. The build will fail on any warning raised, except FC014.<\/p>\n
    You can find more detail on Cucumber tag expressions at the Cucumber wiki:<\/p>\n
    https:\/\/github.com\/cucumber\/cucumber\/wiki\/Tags<\/a><\/p>\n
    Tracking warnings over time<\/strong>
    \nThe Jenkins Warnings plugin can be configured to understand foodcritic output and track your cookbook warnings over time.<\/p>\n
    You\u2019ll need to install the Warnings plugin. In Jenkins select \u201cManage Jenkins\u201d -> \u201cManage Plugins\u201d. Select the \u201cAvailable\u201d tab. Check the checkbox next to the Warnings Plugin and click the \u201cInstall without restart\u201d button.<\/p>\n
    From \u201cManage Jenkins\u201d select \u201cConfigure System\u201d. Scroll down to the \u201cCompiler Warnings\u201d section and click the \u201cAdd\u201d button next to \u201cParsers\u201d.<\/p>\n
    Enter \u201cFoodcritic\u201d in the Name field.<\/p>\n
    Enter the following regex in the \u201cRegular Expression\u201d field:<\/p>\n
    ^(FC[0-9]+): (.*): ([^:]+):([0-9]+)$<\/p>\n
    Enter the following Groovy script into the \u201cMapping Script\u201d field:<\/strong><\/p>\n
    import hudson.plugins.warnings.parser.Warning<\/p>\n
    String fileName = matcher.group(3)
    \nString lineNumber = matcher.group(4)
    \nString category = matcher.group(1)
    \nString message = matcher.group(2)<\/p>\n
    return new Warning(fileName, Integer.parseInt(lineNumber), “Chef Lint Warning”, category, message);<\/p>\n
    To test the match, enter the following example message in the \u201cExample Log Message\u201d field:<\/strong><\/p>\n
    FC001: Use strings in preference to symbols to access node attributes: .\/recipes\/innostore.rb:30
    \nClick in the \u201cMapping Script\u201d field and you should see the following appear below the Example Log Message:<\/p>\n
    One warning found
    \nfile name: .\/recipes\/innostore.rb
    \nline number: 30
    \npriority: Normal Priority
    \ncategory: FC001
    \ntype: Chef Lint Warning
    \nmessage: Use strings in prefe[…]ols to access node attributes
    \nCool, it\u2019s parsed our example message successfully. Click \u201cSave\u201d to save the parser.<\/p>\n
    Select the \u201cmy-cookbook\u201d job in Jenkins and click \u201cConfigure\u201d.<\/p>\n
    Check the checkbox next to \u201cScan for compiler warnings\u201d underneath \u201cPost-build Actions\u201d.<\/p>\n
    Click the \u201cAdd\u201d button next to \u201cScan console log\u201d and select our \u201cFoodcritic\u201d parser from the drop-down list.<\/p>\n
    Click the \u201cAdvanced\u2026\u201d button and check the \u201cRun always\u201d checkbox.<\/p>\n
    Click \u201cSave\u201d and then \u201cBuild Now\u201d.<\/p>\n
    Add the bottom of the console log you should see something similar to this:<\/p>\n
    [WARNINGS] Parsing warnings in console log with parsers [Foodcritic]
    \n[WARNINGS] Foodcritic : Found 48 warnings.
    \nClick \u201cBack to Project\u201d. Once you have built the project a couple of times the warnings trend will appear here.<\/p>\n
    Reference:<\/strong>
    \n    http:\/\/acrmp.github.io\/foodcritic\/<\/a>
    \n    https:\/\/docs.chef.io\/foodcritic.html<\/a>
    \n    http:\/\/www.foodcritic.io\/<\/a>
    \n    https:\/\/atom.io\/packages\/linter-foodcritic<\/a>
    \n    http:\/\/www.slideshare.net\/harthoover\/rapid-chef-development-with-berkshelf-testkitchen-and-foodcritic<\/a><\/p>\n\n