Switch to spectral 6.x

Makefile

@@ -25,6 +25,7 @@ spectral.yml: ./rules/
 	cat ./rules/rules-template.yml.template > $@
 	./rules/merge-yaml rules/*.yml >> $@
 	node ruleset_doc_generator.mjs --file $@ --title 'Italian API Guidelines'
+	node ruleset_migrator.mjs $@
 spectral-generic.yml: ./rules/  spectral.yml
 	./rules/merge-yaml spectral.yml rules/skip-italian.yml.template > $@
 	node ruleset_doc_generator.mjs --file $@ --title 'Best Practices Only'

package.json

@@ -3,7 +3,9 @@
     "api-oas-checker": "api-oas-checker"
   },
   "dependencies": {
-    "@stoplight/spectral": "^5.9.1",
+    "@stoplight/spectral-cli": "^6.1.0",
+    "@stoplight/spectral-parsers": "^1.0.1",
+    "@stoplight/spectral-ruleset-migrator": "^1.5.0",
     "axios": "^0.22.0",
     "bootstrap-italia": "^1.4.3",
     "classnames": "^2.3.1",

rules/casing.yml

@@ -1,7 +1,5 @@
 rules:
   paths-kebab-case:
-    x-tags:
-    - it
     description: |
       Paths should be kebab-case.
 
@@ -18,8 +16,6 @@ rules:
         match: "^(\/[a-z0-9-.]+|\/{[a-zA-Z0-9_]+})+$"
 
   request-headers-pascal-case: &request-headers-pascal-case
-    x-tags:
-    - it
     description: |
       Headers should be pascal-case.
 

rules/headers.yml

@@ -1,7 +1,5 @@
 rules:
   no-forbidden-headers:
-    x-tags:
-    - standards
     description: |-
       OAS do not allow using the following HTTP headers in a specification
       file: Authorization, Content-Type and Accept.
@@ -19,8 +17,6 @@ rules:
           /^(accept|content-type|authorization)$/i
 
   no-x-headers-request: &no-x-headers
-    x-tags:
-    - standards
     description: |-
       'HTTP' headers SHOULD NOT start with 'X-' RFC6648.
     severity: warn

rules/https.yml

@@ -1,8 +1,5 @@
 rules:
   servers-description:
-    x-tags:
-      - metadata
-      - it
     description: |-
       Servers must have a description.
     message: >-
@@ -17,16 +14,14 @@ rules:
       function: truthy
 
   servers-use-https:
-    x-tags:
-      - security
     description: |-
       Servers must use https to ensure the origin of the responses
       and protect the integrity and the  confidentiality of the communication.
 
       You can use `http://` only on sandboxes environment.
       Use `x-sandbox: true` to skip this kind of check.
     message: >-
-      Non-sandbox url  {{value}} {{error}}.
+      Non-sandbox url {{error}}.
       Add `x-sandbox: true` to skip this check on a specific server.
     given:
     -  $.servers[?(@["x-sandbox"] != true)]

rules/metadata.yml

@@ -1,8 +1,5 @@
 rules:
   has-x-summary:
-    x-tags:
-      - it
-      - metadata
     message: >-
       API MUST have an one-liner #/info/x-summary field
       containing a brief description.
@@ -24,8 +21,6 @@ rules:
       function: truthy
 
   has-termsOfService:
-    x-tags:
-      - metadata
     message: >-
       API MUST reference the URL of the Terms of Service 
       in #/info/termsOfService.
@@ -43,8 +38,6 @@ rules:
       function: truthy
 
   has-contact:
-    x-tags:
-      - metadata
     description: >-
       API MUST reference a contact, either url or email in #/info/contact
     given: $
@@ -58,9 +51,6 @@ rules:
       function: truthy
 
   has-x-api-id:
-    x-tags:
-      - it
-      - metadata
     message: >-
       API must have an unique identifier in x-api-id in #/info/x-api-id.
     description: |-

rules/numbers.yml

@@ -3,9 +3,6 @@
 #
 rules:
   number-format: &number-format
-    x-tags:
-    - "it"
-    - "RAC_REST_FORMAT_004"
     description: |-
       Schema of type number or integer must specify a format
       to express the associated datatype, eg. `int32`, `int64`, ...
@@ -20,48 +17,43 @@ rules:
     severity: error
     recommended: true
     given: >-
-      $.[?(@.type=="number")]
+      $.[?(@ && @.type == "number")]
     then:
       field: format
       function: truthy
   # Reuse the number-format description and message.
   integer-format:
     <<: *number-format
     given: >
-      $.[?(@.type=="integer")]
+      $.[?(@ && @.type == "integer")]
 
   allowed-integer-format: &allowed-integer-format
-    x-tags:
-    - "it"
-    - "RAC_REST_FORMAT_004"
     description: |-
       To improve interoperability, integer and number formats are constrained
       to a shared subset.
 
       See recommendation RAC_REST_FORMAT_004.
     message: >-
-      Type format is "{{value}}", expected one of [int32, int64]. {{path}}
+      Type format {{error}} in {{path}}
     formats:
     - oas3
     severity: hint
     recommended: true
     given: >
-      $.[?(@.type=="integer")]
+      $.[?(@ && @.type=="integer" && @.format)]
     then:
-      field: format
+    - field: format
       function: enumeration
       functionOptions:
         values:
         - int32
         - int64
   allowed-number-format:
     <<: *allowed-integer-format
-    message: >-
-      Type format is "{{value}}", expected one of [decimal32, decimal64, decimal128, float, double]. {{path}}
     given: >
-      $.[?(@.type=="number")]
+      $.[?(@ && @.type=="number" && @.format)]
     then:
-      field: format
+    - field: format
       function: enumeration
       functionOptions:
         values:

rules/oas3only.yml

@@ -1,5 +1,4 @@
 rules:
-  oas2: false
   no-swagger-2:
     description: >-
       Swagger 2 files are not allowed. Use OpenAPI >= 3.0

rules/patch.yml

@@ -1,7 +1,5 @@
 rules:
   patch-media-type:
-    x-tags:
-    - standards
     description: |-
       The PATCH specification explicits that the request body contains
       a "patch document" describing the changes to be applied

rules/paths.yml

@@ -1,7 +1,5 @@
 rules:
   paths-status:
-    x-tags:
-    - it
     description: |-
       You must define a `/status` path that can be used to health-check the API.
       Using this path avoids the arbitrary usage of a server URL for health-check
@@ -20,8 +18,6 @@ rules:
       field: "paths./status.get.responses.200"
       function: truthy  
   paths-status-return-problem:
-    x-tags:
-    - it
     description: |-
       "/status" must return a Problem object.
     message: |-
@@ -37,8 +33,6 @@ rules:
         - application/problem+xml
         - application/problem+json  
   paths-status-problem-schema:
-    x-tags:
-    - it
     description: |-
       "/status" schema is not a Problem object.
     message: |-
@@ -55,8 +49,6 @@ rules:
     - function: truthy
       field: 'properties.detail'
   paths-http-method:
-    x-tags:
-      - it
     description: |-
       When you design a REST API, you don't usually need to mention terms like
       `get`, `delete` and so on in your `paths`, because this information is

rules/ratelimit.yml

@@ -20,8 +20,6 @@ rules:
       field: Retry-After
       function: truthy
   missing-ratelimit:
-    x-tags:
-    - it
     description: |-
       Ratelimiting API preserves a service and limits attack scenario
       [see API4:2019 Lack of Resources & Rate Limiting](https://owasp.org/www-project-api-security).

rules/tests/cache-control-test.snapshot

@@ -1,16 +1,17 @@
 OpenAPI 3.x detected
+OpenAPI 3.0.x detected
 
 /code/rules/tests/cache-control-test.yml
-  50:19  information  cache-responses-indeterminate-behavior  Expires and Cache-Control cannot be both defined or both undefined                                                                                            paths./ko-empty-headers.put.responses[201].headers
-  63:9       warning  cache-control-parameter-undocumented    Cache usage SHOULD be documented when used.                                                                                                                   paths./ko-cache-control-request-nodescription.get.parameters[0]
-  77:22      warning  cache-control-parameter-undocumented    Cache usage SHOULD be documented when used.                                                                                                                   paths./ko-cache-control-request-short-description.get.parameters[0].description
-  90:19  information  cache-responses-indeterminate-behavior  Expires and Cache-Control cannot be both defined or both undefined                                                                                            paths./ko-cache-control-and-expires.get.responses[201].headers
- 102:19  information  cache-responses-indeterminate-behavior  Expires and Cache-Control cannot be both defined or both undefined                                                                                            paths./ko-cache-control-and-expires-lower.get.responses[201].headers
- 103:27  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. `cache-control.description` property is not truthy                             paths./ko-cache-control-and-expires-lower.get.responses[201].headers.cache-control
- 120:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. `description` property is not truthy                                           paths./ko-expires-nodescription.get.responses[201].headers.Expires.description
- 129:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. `description` property is not truthy                                           paths./ko-cache-control-response-nodescription.get.responses[201].headers.Cache-Control.description
- 137:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. must match the pattern '.*(max-age|private|no-store|no-cache|no-transform).*'  paths./ko-expires-short-description.get.responses[201].headers.Expires.description
- 146:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. must match the pattern '.*(max-age|private|no-store|no-cache|no-transform).*'  paths./ko-cache-control-response-short-description.get.responses[201].headers.Cache-Control.description
+  50:19  information  cache-responses-indeterminate-behavior  "Expires" and "Cache-Control" must not be both defined or both undefined                                                                                                           paths./ko-empty-headers.put.responses[201].headers
+  63:9       warning  cache-control-parameter-undocumented    Cache usage SHOULD be documented when used.                                                                                                                                        paths./ko-cache-control-request-nodescription.get.parameters[0]
+  77:22      warning  cache-control-parameter-undocumented    Cache usage SHOULD be documented when used.                                                                                                                                        paths./ko-cache-control-request-short-description.get.parameters[0].description
+  90:19  information  cache-responses-indeterminate-behavior  "Expires" and "Cache-Control" must not be both defined or both undefined                                                                                                           paths./ko-cache-control-and-expires.get.responses[201].headers
+ 102:19  information  cache-responses-indeterminate-behavior  "Expires" and "Cache-Control" must not be both defined or both undefined                                                                                                           paths./ko-cache-control-and-expires-lower.get.responses[201].headers
+ 103:27  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. `cache-control.description` property must be truthy                                                 paths./ko-cache-control-and-expires-lower.get.responses[201].headers.cache-control
+ 120:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. `description` property must be truthy                                                               paths./ko-expires-nodescription.get.responses[201].headers.Expires.description
+ 129:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. `description` property must be truthy                                                               paths./ko-cache-control-response-nodescription.get.responses[201].headers.Cache-Control.description
+ 137:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. "short description" must match the pattern ".*(max-age|private|no-store|no-cache|no-transform).*"   paths./ko-expires-short-description.get.responses[201].headers.Expires.description
+ 146:28  information  cache-responses-undocumented            Cache usage in responses SHOULD be documented in Cache-Control and/or Expires. "this is very short" must match the pattern ".*(max-age|private|no-store|no-cache|no-transform).*"  paths./ko-cache-control-response-short-description.get.responses[201].headers.Cache-Control.description
 
 ✖ 10 problems (0 errors, 2 warnings, 8 infos, 0 hints)
 

rules/tests/casing-test.snapshot

@@ -1,11 +1,12 @@
 OpenAPI 3.x detected
+OpenAPI 3.0.x detected
 
 /code/rules/tests/casing-test.yml
- 15:15     hint  request-headers-pascal-case   ko-header must be pascal case in #/paths/~1header/parameters/0/name                           paths./header.parameters[0].name
- 17:15     hint  request-headers-pascal-case   KO_REQUEST_HEADER must be pascal case in #/paths/~1header/parameters/1/name                   paths./header.parameters[1].name
- 23:32     hint  response-headers-pascal-case  Header must be pascal case: #/paths/~1header/get/responses/200/headers/KO_RESPONSE_HEADER     paths./header.get.responses[200].headers.KO_RESPONSE_HEADER
- 38:17  warning  paths-kebab-case              /KO_NON_KEBAB is not kebab-case: must match the pattern '^(/[a-z0-9-.]+|/{[a-zA-Z0-9_]+})+$'  paths./KO_NON_KEBAB
- 39:15  warning  paths-kebab-case              /koNonKebab is not kebab-case: must match the pattern '^(/[a-z0-9-.]+|/{[a-zA-Z0-9_]+})+$'    paths./koNonKebab
+ 15:15     hint  request-headers-pascal-case   ko-header must be pascal case in #/paths/~1header/parameters/0/name                                    paths./header.parameters[0].name
+ 17:15     hint  request-headers-pascal-case   KO_REQUEST_HEADER must be pascal case in #/paths/~1header/parameters/1/name                            paths./header.parameters[1].name
+ 23:32     hint  response-headers-pascal-case  Header must be pascal case: #/paths/~1header/get/responses/200/headers/KO_RESPONSE_HEADER              paths./header.get.responses[200].headers.KO_RESPONSE_HEADER
+ 38:17  warning  paths-kebab-case              /KO_NON_KEBAB is not kebab-case: Object{} must match the pattern "^(/[a-z0-9-.]+|/{[a-zA-Z0-9_]+})+$"  paths./KO_NON_KEBAB
+ 39:15  warning  paths-kebab-case              /koNonKebab is not kebab-case: Object{} must match the pattern "^(/[a-z0-9-.]+|/{[a-zA-Z0-9_]+})+$"    paths./koNonKebab
 
 ✖ 5 problems (0 errors, 2 warnings, 0 infos, 3 hints)