feat(cli): add naches mode (#490)

woodruffw · Jan 27, 2025 · eb31888 · eb31888
1 parent 59fa1b6
commit eb31888
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 3 deletions.
diff --git a/docs/release-notes.md b/docs/release-notes.md
@@ -13,6 +13,8 @@ of `zizmor`.
 
 * **New audit**: [overprovisioned-secrets] detects uses of the `secrets`
   context that result in excessive secret provisioning (#485)
+* Added a special naches mode for when you're feeling particularly proud of
+  your audit results (#490)
 
 ### Improvements 🌱
 

diff --git a/src/main.rs b/src/main.rs
@@ -109,6 +109,10 @@ struct App {
     #[arg(long, value_enum, default_value_t)]
     collect: CollectionMode,
 
+    /// Enable naches mode.
+    #[arg(long, hide = true, env = "ZIZMOR_NACHES")]
+    naches: bool,
+
     /// The inputs to audit.
     ///
     /// These can be individual workflow filenames, action definitions
@@ -406,7 +410,7 @@ fn run() -> Result<ExitCode> {
     }
 
     match app.format {
-        OutputFormat::Plain => render::render_findings(&registry, &results),
+        OutputFormat::Plain => render::render_findings(&app, &registry, &results),
         OutputFormat::Json => serde_json::to_writer_pretty(stdout(), &results.findings())?,
         OutputFormat::Sarif => {
             serde_json::to_writer_pretty(stdout(), &sarif::build(results.findings()))?

diff --git a/src/render.rs b/src/render.rs
@@ -3,13 +3,14 @@
 use std::collections::{hash_map::Entry, HashMap};
 
 use annotate_snippets::{Level, Renderer, Snippet};
-use anstream::{print, println};
+use anstream::{eprintln, print, println};
 use owo_colors::OwoColorize;
 use terminal_link::Link;
 
 use crate::{
     finding::{Finding, Location, Severity},
     registry::{FindingRegistry, InputKey, InputRegistry},
+    App,
 };
 
 impl From<&Severity> for Level {
@@ -74,7 +75,7 @@ pub(crate) fn finding_snippet<'w>(
     snippets
 }
 
-pub(crate) fn render_findings(registry: &InputRegistry, findings: &FindingRegistry) {
+pub(crate) fn render_findings(app: &App, registry: &InputRegistry, findings: &FindingRegistry) {
     for finding in findings.findings() {
         render_finding(registry, finding);
         println!();
@@ -104,6 +105,10 @@ pub(crate) fn render_findings(registry: &InputRegistry, findings: &FindingRegist
                 qualifiers = qualifiers.join(", ").bold(),
             );
         }
+
+        if app.naches {
+            naches();
+        }
     } else {
         let mut findings_by_severity = HashMap::new();
 
@@ -161,3 +166,23 @@ fn render_finding(registry: &InputRegistry, finding: &Finding) {
     let renderer = Renderer::styled();
     println!("{}", renderer.render(message));
 }
+
+fn naches() {
+    eprintln!(
+        "
+    ⣿⣿⣿⠟⠋⠙⣉⡉⣉⡙⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠿⠟⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
+    ⣿⡿⠋⠀⠀⣶⣾⣿⣿⣿⣷⡄⠙⠻⣿⣿⣿⣿⣿⡿⠿⠿⠟⠛⠛⠋⠍⠉⢡⢰⡦⠔⠀⠀⠁⠚⣿⣿⣿⣿⠿⠿⠛⠛⠋⠉⠉⢸
+    ⣿⡇⠀⠀⡾⣿⣿⣿⣿⣿⣿⣿⣖⠀⢻⣿⡏⢩⠉⠁⣄⣀⡄⣤⡥⢸⠂⣴⣿⢸⠇⠠⠇⠞⠒⡃⠛⠛⠉⠉⠀⠀⢀⣤⠀⢰⡆⢸
+    ⣿⡃⠀⠐⡵⢾⣿⣿⣿⣿⣿⣿⣿⠀⠈⣿⣷⣀⠇⠼⠋⠃⡃⢛⠁⠄⢉⡅⠀⠂⠁⠂⠈⠀⣡⡤⠄⠀⠀⡟⢷⡄⠀⣿⡄⠘⣷⢸
+    ⣿⡇⠀⡉⢌⠁⠨⢹⣯⡑⢊⢭⣻⡇⠠⣿⣿⣤⣬⣤⣷⡾⠶⠚⠋⠉⠀⠀⠀⠀⣶⡘⣧⠀⠸⣷⠒⠠⣀⣗⢩⠻⣦⢚⠓⠮⢩⢹
+    ⣿⡇⠐⡈⣀⣈⣰⢺⣿⣷⣾⣷⣾⡇⣶⣿⣿⡟⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣇⠈⡟⢀⠙⢳⠈⢹⠀⠂⡀⠒⣀⡀⠀⠑⢸
+    ⣿⣇⢡⢘⡵⣟⠣⠊⢟⣯⣿⣿⣿⢿⠊⠉⠀⠀⠀⠀⠀⠀⠀⠀⡀⠠⣀⠢⣌⠴⡡⠻⠊⢓⡁⠄⠑⠂⠈⠘⠠⠁⠄⢠⠐⡈⡮⢹
+    ⣿⣿⣤⡞⣰⠃⠧⣝⣿⣻⢟⣿⡻⠏⠀⠀⠀⠀⡀⠠⣀⠢⢌⣲⣈⡱⠊⡑⠈⣰⠀⠀⠂⢈⠀⠄⡐⣠⢂⡜⡤⣍⣞⣤⣟⢶⣿⣿
+    ⣿⣿⠛⠼⣥⣛⢴⣩⣟⣿⢯⣾⠅⠀⡀⡶⣚⡔⢠⡡⠌⡑⢾⣊⠁⠠⠁⠄⡁⢄⢠⡘⡰⣌⡞⣼⣱⣶⣯⣾⣷⣿⣾⣿⣿⣿⣿⣿
+    ⣿⢁⠉⡄⢈⢹⣌⣧⣹⣿⣿⢿⡄⡌⢁⠧⠹⠀⢀⠀⡀⠄⡀⠠⢈⡀⢇⠸⣸⣸⣤⣹⣧⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
+    ⣿⣦⡓⠜⣦⡄⢋⠞⣿⣻⣭⣻⣿⣶⡶⢬⣤⣅⡀⠠⡀⢤⠈⡰⣸⣀⣤⣃⣅⣯⣑⣃⣀⣂⣎⣸⡐⣄⣅⢿⣠⣀⣹⣐⣜⣿⣿⣿
+    ⣿⣿⣵⡊⠴⣻⣽⣮⡗⠻⢿⣿⣿⣿⣧⣼⣥⣥⢵⠤⠵⠢⢱⡤⠠⠧⠧⠼⡤⢤⡵⠧⢴⠭⠤⡤⠮⡬⠼⠤⢬⣼⡤⣼⣶⣤⣾⣿
+    ⠿⠿⠿⠿⠦⠽⠿⠟⠀⠸⠁⠝⠿⠿⠿⠿⠿⠿⠾⠶⠶⠷⠺⠷⠶⠶⠶⠶⠿⠷⠷⠶⠿⠶⠶⠿⠶⠷⠷⠶⢷⣶⣶⣿⢿⣿⣿⣿
+                thank you, dr. zizmor!"
+    )
+}