v0.28.0

New Rule: missing-metadata #1131

The new missing-metadata rule helps ensure policies are documented by requiring METADATA comments on public packages and rules. Metadata comments are used to explain functionality and annotate Rego constructs with other data.

Note: missing-metadata is a custom rule and so is not enabled by default for all users.

fixer: Automated fixing of directory-package-mismatch

This release brings improvements to regal fix, the command to automatically fix supported violations (#1120, #1127).

Fixes for the directory-package-mismatch violations involve moving files based on their packages. For example a file with package foo.bar in policies/policy.rego would need to be moved to foo/policy.rego. In previous versions of Regal, when multiple files in a large code base with the same filename needed to be moved to the same package directory, Regal would output a confusing error message.

Regal v0.28.0 outputs a clear error message by default and adds a new --on-conflict=rename modifying flag to allow conflicting files to automatically be renamed when this scenario is encountered.

Linter Improvements

• Support for linting Rego syntax passed to Regal via Standard Input (stdin).
• An important yet under-the-hood improvement to use a new data format for AST node locations. This makes violation locations more specific and brings a 5% linting speed improvement too.

Language Server Performance Improvements

• An update to the implementation of the server to reduce the number of expensive ‘full workspace’ linting jobs. By caching the aggregate rule data and updating it incrementally, full workspace jobs can now be completed in less than a third of the time previously taken.
• Making CodeLenses configurable makes supporting other clients easier. Thanks @rinx for the work in #1176 and for all the work you do to make Regal and Neovim play nice.
• Update to the server templating to better handle projects without a Regal config file. Files in the workspace root will no longer be templated either, but will still violate directory-package-mismatch.
• Makes an improvement to ensure the loading of the Regal rules happens once, saving around 30ms on every keypress-trigger, file diagnostic update event.

Dependency Updates

• anderseknert/roast v0.2.0 -> v0.4.2 #1140, #1170
• open-policy-agent/opa v0.68.0 -> v0.69.0 #1152

Github Actions Updates

• golangci/golangci-lint-action 6.1.0 -> 6.1.1 #1163
• peter-evans/create-pull-request 7.0.3 -> 7.0.5 #1114
• github/codeql-action 3.26.7 -> 3.26.11 #1117, #1137, #1157, #1174
• actions/checkout 4.1.7 -> 4.2.0 #1142
• codecov/codecov-action 4.5.0 -> 4.6.0 #1162, #1164
• actions/cache 4.0.2 -> 4.1.0 #1179

Changelog

• 63ec93d: docs: correct line endings for GIF files (#1114) (@charlieegan3)
• 980f726: build(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#1116) (@dependabot[bot])
• 54c8c9d: build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#1117) (@dependabot[bot])
• 95a1bf3: tests: Minor test wait improvement (#1121) (@charlieegan3)
• 838c6fa: Allow regal lint - to lint from stdin (#1122) (@anderseknert)
• a23bb63: fixer: Address rename conflicts with explanation (#1120) (@charlieegan3)
• 23cb827: fixer: add --on-conflict flag to support renaming (#1127) (@charlieegan3)
• d41bea9: debug: registering custom built-ins (#1128) (@johanfylling)
• 4aa2fef: tests: Address incorrect built-in function check (#1129) (@charlieegan3)
• f6f2f6d: Rule: missing-metadata (#1131) (@anderseknert)
• ab3b3b8: tests: Remove global builtins state (#1134) (@charlieegan3)
• b424eb6: Use betteralign for struct alignment (#1132) (@anderseknert)
• 464a7bc: Completions: don't suggest loop vars as locals on same line (#1135) (@anderseknert)
• 6ecb36c: bundle: Load bundle once (#1136) (@charlieegan3)
• 7cd8744: build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#1137) (@dependabot[bot])
• a201715: linter: support single file aggregate data collection and parameterised aggregate data in Lint() (#1139) (@charlieegan3)
• 2730887: Bump roast to v0.3.0 and live free from annotations on module (#1140) (@anderseknert)
• 64cba9e: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#1142) (@dependabot[bot])
• efd4420: Fix detached-metadata issues (#1143) (@anderseknert)
• 75db465: Link to source code in rule docs (#1144) (@anderseknert)
• e205cd9: Go code cleanup (#1148) (@anderseknert)
• 3cba1c6: fix: fix var name for commit hash (#1150) (@rinx)
• 4a97b56: Adapt to new location format (#1153) (@anderseknert)
• 036a6b6: Bump OPA to v0.69.0 (#1152) (@anderseknert)
• 06db4bb: internal/lsp/hover: "fix" codeql finding (#1156) (@srenatus)
• bfc0f9e: internal/capabilities: update eopa caps (@srenatus)
• 1161ede: CONTRIBUTING: update script name (@srenatus)
• 81edb95: workflow: add update-caps (#1158) (@srenatus)
• f7acfda: build(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#1157) (@dependabot[bot])
• a55d2f4: Fix some minor issues reported by IntelliJ (#1159) (@anderseknert)
• 2f94fc7: Fix nits (#1161) (@srenatus)
• f208f46: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#1166) (@dependabot[bot])
• 94fea76: build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#1162) (@dependabot[bot])
• 7b5cd08: Exclude print from "function return value in args" check (#1165) (@anderseknert)
• 8ca0197: Custom rule authoring improvements (#1168) (@anderseknert)
• 85b7be7: Bump roast to v0.4.2 to solve data race (#1170) (@anderseknert)
• 67162e6: lsp: Update LSP linting to run incrementally after file change (#1146) (@charlieegan3)
• f70b892: build(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#1174) (@dependabot[bot])
• fc88817: Correct example index rego path (#1177) (@charlieegan3)
• b751858: lsp/templating: gracefully handle unknown root (#1171) (@charlieegan3)
• 69fb6ca: Use test logger for client handler (#1178) (@charlieegan3)
• ed287dc: build(deps): bump actions/cache from 4.0.2 to 4.1.0 (#1179) (@dependabot[bot])
• 9503967: feat(lsp): add initialization options about codelenses (#1176) (@rinx)