From d791064183a2428d5e4fb80a7823493ea8a25530 Mon Sep 17 00:00:00 2001
From: antux18 <antux18@gmail.com>
Date: Wed, 17 Jul 2024 14:56:38 +0200
Subject: [PATCH] Added Nickel constraint on values.

---
 artifacts_nickel/example.ncl          |  7 ++++---
 workflow/nickel/artifact_contract.ncl | 26 +++++++++++++++++++-------
 2 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/artifacts_nickel/example.ncl b/artifacts_nickel/example.ncl
index cf08657..921c003 100644
--- a/artifacts_nickel/example.ncl
+++ b/artifacts_nickel/example.ncl
@@ -1,3 +1,4 @@
+let { Artifact, .. } = import "../workflow/nickel/artifact_contract.ncl" in
 {
   artifact_url = "https://example.com/artifact.zip",
   type = "zip",
@@ -9,6 +10,6 @@
     { name = "pkg1", location = "path/to/git/repo"}
   ],
   misc_packages = [
-    { name = "mpkg1", url = "https://", type = "zip" }
-  ],
-}
+    { name = "mpkg1", url = "http://example.com/package.zip", type = "zip" }
+  ]
+} | Artifact
diff --git a/workflow/nickel/artifact_contract.ncl b/workflow/nickel/artifact_contract.ncl
index 579bf27..9b8d363 100644
--- a/workflow/nickel/artifact_contract.ncl
+++ b/workflow/nickel/artifact_contract.ncl
@@ -1,7 +1,10 @@
 let
   conf = {
     ARCHIVE_FORMATS = ["zip", "tar"],
-    PACKAGE_MANAGERS = ["dpkg", "rpm", "pacman", "pip", "conda"]
+    PACKAGE_MANAGERS = ["dpkg", "rpm", "pacman", "pip", "conda"],
+    FILEPATH_REGEX = "^[^\\x00]+$", # For UNIX, anything of length > 0 but without NULL characters, found at: https://stackoverflow.com/questions/537772/what-is-the-most-correct-regular-expression-for-a-unix-file-path
+    URL_REGEX = "^https?:\\/\\/(?:www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}\\b(?:[-a-zA-Z0-9()@:%_\\+.~#?&\\/=]*)$", # Found at: https://uibakery.io/regex-library/url
+    IMAGENAME_REGEX = "^[a-z0-9]+(([.]{0,1}|[_]{0,2}|[-]*)[a-z0-9]+)*(:[a-zA-Z0-9_]+[a-zA-Z0-9._-]*){0,1}$" # Based on, with modifications: https://regexr.com/3bsog
   }
 in
 {
@@ -10,14 +13,23 @@ in
   ),
   ArchiveType = std.contract.from_predicate (
       fun value => std.array.any (fun x => x == value) conf.ARCHIVE_FORMATS
-    ),
+  ),
+  FilePath = std.contract.from_predicate (
+      fun value => std.string.is_match conf.FILEPATH_REGEX value
+  ),
+  URL = std.contract.from_predicate (
+      fun value => std.string.is_match conf.URL_REGEX value
+  ),
+  ImageName = std.contract.from_predicate (
+      fun value => (std.string.is_match conf.IMAGENAME_REGEX value) && (std.string.length value < 128) # Length could be more than 128, but it's easier that way...
+  ),
   GitPackage = {
     name
       | doc "Name of the package for future identification"
       | String,
     location
       | doc "Path where cloned in the container"
-      | String
+      | FilePath
   },
   MiscPackage = {
     name
@@ -25,7 +37,7 @@ in
       | String,
     url
       | doc "URL of the package. Will be used to compute the hash"
-      | String,
+      | URL,
     type
       | doc "Type of the archive (zip, tar, ...)"
       | ArchiveType,
@@ -33,7 +45,7 @@ in
   Artifact = {
     artifact_url
       | doc "URL where to download the artifact"
-      | String,
+      | URL,
     type
       | doc "Type of the archive (zip, tar, ...)"
       | ArchiveType,
@@ -42,10 +54,10 @@ in
       | String,
     image_name
       | doc "Name to give the image when building"
-      | String,
+      | ImageName,
     dockerfile_location
       | doc "Path to the dockerfile in the artifact"
-      | String,
+      | FilePath,
     package_managers
       | doc "Package Managers used in the container"
       | Array PackageManager,