@commerce-apps/raml-toolkit
Advanced tools
A linting tool for raml for commerce cloud and beyond
$ npm install @commerce-apps/raml-toolkit
The npm installs the binaries as both raml-toolkit and ramlint and they can be used interchangeably. You can always run with --help to get available options, currently the options are as follows.
OPTIONS
-h, --help show CLI help
-p, --profile=(mercury, other-profile) profile to apply
-v, --version show CLI version
-w, --warnings Show all the warnings
In your Jenkinsfile just make sure you init npm and then its a very simple one line command
stage('Init') {
// Needed only for SFCI instances to add npm to the instance
npmInit()
}
stage('Whatever') {
sh "npx raml-toolkit --profile mercury file1.raml file2.raml etc.raml"
}
NOTE: Violations will return a non-zero exit code and fail the build, which warnings will still return a 0 exit code so the build will not fail with warnings
To check your RAML currently the CLI just takes a list of files
$ ramlint --profile mercury file.raml
# or
$ ramlint --profile mercury file1.raml file2.raml etc.raml
The response will look something like
Model: file://data-products-api-v1.raml
Profile: mercury
Conforms? false
Number of results: 2
Level: Violation
- Source: http://a.ml/vocabularies/data#require-api-description
Message: The API Description must be set
Level: Violation
Target: file://data-products-api-v1.raml#/web-api
Property: http://schema.org/description
Position: Some(LexicalInformation([(2,0)-(1885,0)]))
Location: file://data-products-api-v1.raml
- Source: http://a.ml/vocabularies/data#version-format
Message: The version must be formatted as v[Major], for example v2
Level: Violation
Target: file://data-products-api-v1.raml#/web-api
Property: http://schema.org/version
Position: Some(LexicalInformation([(3,9)-(3,11)]))
Location: file://data-products-api-v1.raml
› Error: ./data-products-api-v1.raml is invalid
Let us look more closely at each of these errors.
The first error is saying that the API description is not set, but we need to have it set according to our standards. There is a "Position:" field in the response, but it is saying 2-1885. This happens to be the entire RAML document. Ranges like this will be common for "Missing" components since the parser doesn't know where you want to put it, but knows you need to put it somewhere.
The second error, however, is because it exists, but doesn't match our standard. There you can see that the position leads you to the exact line number and column of the non-conforming component.
When there are no more violations, the output will say it conforms, but also provide you with some warnings you might want to fix as well.
The default profile validates the following rules from the Mercury API Definition of Done
title MUST be set and not be emptyprotocols MUST be HTTPSversion MUST be set and follow the pattern /v[0-9]+/mediaType default of application/jsondescription MUST be set and not be emptydescription MUST not include the word TODOdisplayName setdisplayName MUST be in camelCasedescription field setdescription MUST NOT contain the word TODOqueryParameters MUST be camelCasedescriptiondescription MUST NOT contain the word TODOYou can read all about our contribution model here!
Here is an AMF validation example from Mulesoft. This includes some custom rules you can use for reference when building rules.
FAQs
A collection of raml tools for commerce cloud and beyond
The npm package @commerce-apps/raml-toolkit receives a total of 19 weekly downloads. As such, @commerce-apps/raml-toolkit popularity was classified as not popular.
We found that @commerce-apps/raml-toolkit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.