Check buildkite plugins for compliance with a whitelist

checkPlugins.py

#!/usr/bin/env python

import os
import json
import sys

whitelist = {
    'github.com/buildkite-plugins/docker-buildkite-plugin',
    'github.com/buildkite-plugins/docker-compose-buildkite-plugin',
    'github.com/buildkite-plugins/ecr-buildkite-plugin',
    'github.com/buildkite-plugins/artifacts-buildkite-plugin',
    'github.com/buildkite-plugins/junit-annotate-buildkite-plugin',
    'github.com/buildkite-plugins/junit-annotate-buildkite-plugin',
    'github.com/cultureamp/aws-assume-role-buildkite-plugin',
    'github.com/seek-oss/github-merged-pr-buildkite-plugin',
    'github.com/seek-oss/ssm-buildkite-plugin'
 }

def check_plugins():
    plugins = json.loads(os.environ['BUILDKITE_PLUGINS'])
    plugin_names = map(lambda p: p.keys()[0], plugins)
    plugin_names_no_versions = map(lambda p: p.partition('#')[0], plugin_names)
    disallowed_plugins = set(plugin_names_no_versions) - whitelist
    if len(disallowed_plugins) > 0:
        print "Disallowed plugins found:"
        for p in disallowed_plugins:
            print "-- :x: {} is not allowed".format(p)
        sys.exit(1)
    print "Plugins checked against whitelist, all OK"

if __name__ == "__main__":
    check_plugins()