v0.32.0

This release adds 3 new linter rules to Regal, as well as many improvements and fixes.

New Rule: redundant-loop-count

A loop iterating over empty collections evaluates to nothing, and counting the collection before the loop to ensure it's not empty is therefore redundant. This rule catches cases where this check is not needed. (Read more)

package policy

allow if {
    # redundant count and > comparison
    count(input.user.roles) > 0

    some role in input.user.roles
    # .. do more with role ..
}

PR #1452.

New Rule: import-shadows-rule

This new rule catches cases where users have named rules the same as an import. Imported identifier have higher precedence than rules and this can lead to confusing behaviours. (Read more)

package policy

import data.resources

# 'resources' shadowed by import 
resources contains resource if {
    # ...
}

PR #1450.

Thanks @kroekle for suggesting this rule!

New Rule: time-now-ns-twice

This new rule will catch cases where time.now_ns() is called multiple times within a single rule. This does not work in Rego since both calls will return the same value. This rule catches this case early and directs users to read about more appropriate tools. (Read more)

package policy

timed if {
    now := time.now_ns()
    # do some work here
    # this doesn't work! result is always 0
    print("work done in:", time.now_ns() - now, "ns)
}

PR #1457.

Other Rule Updates

• >, >=, <, <= operators added to the style/yoda-condition rule (#1454).
• Fixed a false positive in the performance/non-loop-expression rule (#1438).
• Ignored tests in style/messy-rule (#1449).

OPA v1.2.0

While this may not seem too exciting, OPA v1.2.0 contains some performance improvements that has quite a substantial impact on Regal. We know, because we made those improvements in OPA largely to speed up Regal's linting! v0.32.0 should be considerably faster than previous versions, which should be noticeable in large policy projects in particular.

Language Server

In the language server, we addressed two bugs relating to the fixing of the idiomatic/directory-package-mismatch rule. See #1427 & #1432.

Dependencies

Go Mod:

• github.com/go-git/go-git/v5 v5.13.2 -> v5.14.0
• github.com/google/go-cmp v0.6.0 -> v0.7.0
• github.com/open-policy-agent/opa v1.1.0 -> v1.2.0
• github.com/spf13/cobra v1.8.1 -> v1.9.1

GitHub Actions:

• actions/cache v4.2.1 -> v4.2.3
• actions/setup-go v5.3.0 -> v5.4.0
• actions/upload-artifact v4.6.1 -> v4.6.2
• codecov/codecov-action v5.3.1 -> v5.4.0
• github/codeql-action/analyze v3.28.10 -> v3.28.12
• github/codeql-action/autobuild v3.28.10 -> v3.28.12
• github/codeql-action/init v3.28.10 -> v3.28.12
• github/codeql-action/upload-sarif v3.28.10 -> v3.28.12
• golangci/golangci-lint-action v6.5.0 -> v7.0.0
• peter-evans/create-pull-request v7.0.7 -> v7.0.8

See #1453, #1442, #1435, #1426, #1422 and #1423 for PRs making the above updates. golangci-lint v2 update in #1455. OPA 1.2 update in #1429.

New Users

• mise via its aqua backend and aqua's regal definition added in #1437.

Add yourself to docs/adopters.md to get here next time!

New Contributors

• @jalseth made their first contribution in #1430

Changelog

• 253207c: docs: Add debug code lens to LS docs (#1421) (@charlieegan3)
• 9981393: build(deps): bump the dependencies group with 4 updates (#1422) (@dependabot[bot])
• 5f1be97: build(deps): bump the dependencies group with 2 updates (#1423) (@dependabot[bot])
• 58f9c79: [create-pull-request] automated change (#1424) (@github-actions[bot])
• 26b9cb1: build(deps): bump the dependencies group with 2 updates (#1426) (@dependabot[bot])
• c1ac66c: lsp: Correct path when fixing dir package mismatch (#1427) (@charlieegan3)
• 62cba31: lsp: Ensure rename target is within workspace root (#1432) (@charlieegan3)
• bd21ef1: OPA v1.2.0 (#1429) (@anderseknert)
• 7bb7cb2: test: fix deadline exceeded test issue in GitHub runners (#1433) (@anderseknert)
• f01af9c: [create-pull-request] automated change (@charlieegan3)
• b5422fb: adopters: mention mise+aqua (#1437) (@srenatus)
• 9ccd217: build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 (#1435) (@dependabot[bot])
• be88d57: Fix non-loop-expression false positive (#1438) (@anderseknert)
• 52e1a39: build: Make novelty package opt-in (#1430) (@jalseth)
• 1bc309c: [create-pull-request] automated change (@charlieegan3)
• 644a554: [create-pull-request] automated change (@srenatus)
• 4e5bff7: docs: Update slack inviter link (#1441) (@charlieegan3)
• a00e950: build(deps): bump golangci/golangci-lint-action (#1442) (@dependabot[bot])
• 455e1bc: Ignore tests in messy-rule (#1449) (@anderseknert)
• d3e144d: Rule: import-shadows-rule (#1450) (@anderseknert)
• 74a9f3f: Rule: redundant-loop-count (#1452) (@anderseknert)
• a36f32b: Add >, >=, <, <= to yoda-condition rule (#1454) (@anderseknert)
• 5ea70b6: build(deps): bump the dependencies group with 5 updates (#1453) (@dependabot[bot])
• 6b54316: Rule: time-now-ns-twice (#1457) (@anderseknert)
• fe6de2e: golangci-lint v2 (#1455) (@anderseknert)