fix: remove strict pattern on grafanaDependency

[darrenjaneczek]

Resolves part of:

• The validation of grafanaDependency uses a regex pattern that is too strict #279

[academo]

You can disable specific validations for your plugin via a configuration file as described here https://github.com/grafana/plugin-validator?tab=readme-ov-file#using-a-configuration-file

The current condition, even though strict, still serves a meaningful purpose for most of the cases, removing it will open the possibility to plugins submitting wrong versions (that are not as complex as your specific case). Keep in mind we run the validator for community submissions and in the review process we can manually decide to overlook an specific problem such as this if the author explains the problem or we note it.

Additionally, this file is a fallback for the validator, the validator always fetches the latest schema from the grafana/grafana repository https://github.com/grafana/grafana/blob/ad3fc957558022dc4199a6c060f06bf038c7d7bd/docs/sources/developers/plugins/plugin.schema.json#L

Alternatively maybe you can propose an updated regex that covers the condition instead of removing it?

[darrenjaneczek]

You can disable specific validations for your plugin via a configuration file as described here https://github.com/grafana/plugin-validator?tab=readme-ov-file#using-a-configuration-file

It is not clear how I can disable this specific check for the grafanaDependency entry.
Until I can, my only other options are to disable this check entirely, or change my version range to something simpler like >=10.4.11 to comply.

Additionally, this file is a fallback for the validator, the validator always fetches the latest schema from the grafana/grafana repository https://github.com/grafana/grafana/blob/ad3fc957558022dc4199a6c060f06bf038c7d7bd/docs/sources/developers/plugins/plugin.schema.json#L

That is definitely a problem here.

Alternatively maybe you can propose an updated regex that covers the condition instead of removing it?

I don't believe a regex is a the best tool for parsing a valid semver version range. It would be difficult (if possible?) to derive an exhaustive pattern that covers all cases, and it would be repetitious and hard to read as a human. I gave it a time-boxed try, and failed to find something satisfactory.

In #279, I suggest an alternative check which makes use of the semver library itself. I don't think that's an option though if we're just checking through the schema.

[darrenjaneczek]

@academo, I have closed this PR since based on what you said it doesn't disable the pattern (due to it being expressed in grafana/grafana). This is still a unresolved problem for our project. See #279 for more detail.

You can disable specific validations for your plugin via a configuration file as described here https://github.com/grafana/plugin-validator?tab=readme-ov-file#using-a-configuration-file

Looking at the documentation, it is not clear how I can disable this specific check for the grafanaDependency entry. Any help would be appreciated.

[academo]

hey @darrenjaneczek my apologies for responding so late to your message

Looking at the documentation, it is not clear how I can disable this specific check for the grafanaDependency entry.

You can disable the whole metadataschema validator. like this

analyzers:
  metadataschema:
    enabled: false

you are correct this will disable the whole schema validation not only the specific one for grafanaDependency but maybe this will help with your problem of having errors in your CI?

[darrenjaneczek]

Disabling the analyzers seems to be the best solution for our project:

global:
  enabled: true
  severity: warning
  jsonOutput: false
  reportAll: false
analyzers:
  license:
    enabled: false
  # The metadatavalid metadataschema checkers are too strict for our plugin
  # Our grafanaDependency version range is complicated,
  # and our plugin ids have internal dashes.
  metadatavalid:
    enabled: false    
  metadataschema:
    enabled: false