Repo Grep Checks
Verify the existence or contents of files or folders in your repo.
After setting up a Git Repository Integration, OpsLevel can continuously scan your code repositories and verify all of the operational best practices you've defined.
Repo Grep Checks operate very similarly to Repo File Checks. As such, we recommend reading the docs on Repo File and Repo Search Checks before beginning to experiment further with Repo Grep Checks. Note that we also have a special Package Version check as well, which may cover your use case.
The Repo Grep Check
With Repo Grep Checks, you can verify the existence or contents of files or folders in your repo. While Repo File and Repo Search Checks can resolve most use-cases, there are certain circumstances with which Repo Grep Checks can offer additional capabilities. For example:
- Searching multiple specific files
- Searching using glob patterns
- Searching for certain special characters
- Repo Grep checks support exists, fixed-string, regex, and version constraints
How File Path Globbing Works
Repo Grep Checks use Bash globbing to match file paths, with two shell options enabled:
globstar- enables**for recursive directory matchingextglob- enables extended glob patterns like*.*(yml|yaml)
This means file paths support standard Bash glob syntax, not regular expressions or the globbing from other tools (e.g., .gitignore or ripgrep's --glob).
Supported Patterns
| Pattern | Meaning | Example |
|---|---|---|
* | Matches any characters within a single directory level | *.py matches app.py but not src/app.py |
** | Matches zero or more directories recursively | **/*.py matches app.py, src/app.py, a/b/c/app.py |
? | Matches exactly one character | ?.py matches a.py but not ab.py |
*(pattern|pattern) | Extglob - matches zero or more occurrences of the given patterns | *.*(yml|yaml) matches config.yml and config.yaml |
Hidden (Dot) Directories and **
**Bash's globstar does not match hidden directories (those starting with .) when using **. For example, **/CODEOWNERS will match CODEOWNERS and docs/CODEOWNERS but will not match .github/CODEOWNERS. To include hidden directories, specify them explicitly or list multiple paths.
Path Sanitization
OpsLevel normalizes file paths before execution. Leading /, ~/, ../, and ./ prefixes are stripped. All paths are treated as relative to the repository root (or the service's configured repo sub-path for monorepos). For example, /src/*.py becomes src/*.py.
Common Patterns
| Use Case | File Paths |
|---|---|
| All Python files recursively | **/*.py |
| YAML files in any directory | **/*.yml, **/*.yaml or **/*.*(yml|yaml) |
| Dockerfiles at repo root or one level deep | Dockerfile, */Dockerfile |
All files in .github/workflows | .github/workflows/* |
| CODEOWNERS in common locations | CODEOWNERS, .github/CODEOWNERS, docs/CODEOWNERS |
Repo Grep Check Examples
Ensure services are declaring code ownership
You may have a mandate for all services to declare code owners within their repo. While these could exist in a CODEOWNERS file at the repo root, there might be situations where a legacy service defines owners in a .github folder, or in the docs folder as supported by GitHub. If both of these are permissible, you can use Repo Grep Checks to ensure at least one of the files exists:
| Predicate | File Paths |
|---|---|
Exists | CODEOWNERS, .github/CODEOWNERS, docs/CODEOWNERS |
We use explicit paths here instead of **/CODEOWNERS because Bash's ** does not descend into hidden directories like .github/. See Hidden (Dot) Directories and ** above for details.
Ensure JavaScript services lock their dependencies using yarn or npm
You may have a policy that all JavaScript services use yarn or npm. You can use Repo Grep Checks to make sure this policy is being followed:
| Predicate | File Paths |
|---|---|
Exists | package-lock.json, yarn.lock |
Ensure Python services no longer use the deprecated "plank" library
Say you have a policy that all Python services can no longer use a deprecated library called plank. You can use Repo Grep Checks to enforce this policy:
| Predicate | Search Term | File Paths |
|---|---|---|
Does Not Contain | import plank | **/*.py |
And More!
Those were just some examples to get the creative juices flowing. But there's tons more you can do with Repo Grep Checks. If you have any questions, or just come up with some interesting checks you want to share, hit us up at [email protected].
Updated 10 days ago