feat: toolcahin directive pattern

cmd/gomoddirectives/gomoddirectives.go

@@ -32,6 +32,7 @@ type config struct {
 	ToolForbidden             bool
 	GoDebugForbidden          bool
 	GoVersionPattern          string
+	ToolchainPattern          string
 }
 
 func main() {
@@ -42,6 +43,7 @@ func main() {
 	flag.BoolVar(&cfg.ReplaceAllowLocal, "local", false, "Allow local replace directives")
 	flag.BoolVar(&cfg.RetractAllowNoExplanation, "retract-no-explanation", false, "Allow to use retract directives without explanation")
 	flag.BoolVar(&cfg.ToolchainForbidden, "toolchain", false, "Forbid the use of toolchain directive")
+	flag.StringVar(&cfg.ToolchainPattern, "toolchain-pattern", "", "Pattern to validate toolchain directive")
 	flag.BoolVar(&cfg.ToolForbidden, "tool", false, "Forbid the use of tool directives")
 	flag.BoolVar(&cfg.GoDebugForbidden, "godebug", false, "Forbid the use of godebug directives")
 	flag.StringVar(&cfg.GoVersionPattern, "goversion", "", "Pattern to validate go min version directive")
@@ -73,6 +75,14 @@ func main() {
 		}
 	}
 
+	if cfg.ToolchainPattern != "" {
+		var err error
+		opts.ToolchainPattern, err = regexp.Compile(cfg.ToolchainPattern)
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+
 	results, err := gomoddirectives.Analyze(opts)
 	if err != nil {
 		log.Fatal(err)

gomoddirectives.go

@@ -16,6 +16,7 @@ const (
 	reasonRetract          = "a comment is mandatory to explain why the version has been retracted"
 	reasonExclude          = "exclude directive is not allowed"
 	reasonToolchain        = "toolchain directive is not allowed"
+	reasonToolchainPattern = "toolchain directive (%s) doesn't match the pattern '%s'"
 	reasonTool             = "tool directive is not allowed"
 	reasonGoDebug          = "godebug directive is not allowed"
 	reasonGoVersion        = "go directive (%s) doesn't match the pattern '%s'"
@@ -52,6 +53,7 @@ type Options struct {
 	ExcludeForbidden          bool
 	RetractAllowNoExplanation bool
 	ToolchainForbidden        bool
+	ToolchainPattern          *regexp.Regexp
 	ToolForbidden             bool
 	GoDebugForbidden          bool
 	GoVersionPattern          *regexp.Regexp
@@ -120,6 +122,26 @@ func checkGoVersionDirectives(file *modfile.File, opts Options) []Result {
 	return []Result{NewResult(file, file.Go.Syntax, fmt.Sprintf(reasonGoVersion, file.Go.Version, opts.GoVersionPattern.String()))}
 }
 
+func checkToolchainDirective(file *modfile.File, opts Options) []Result {
+	if file.Toolchain == nil {
+		return nil
+	}
+
+	if opts.ToolchainForbidden {
+		return []Result{NewResult(file, file.Toolchain.Syntax, reasonToolchain)}
+	}
+
+	if opts.ToolchainPattern == nil {
+		return nil
+	}
+
+	if !opts.ToolchainPattern.MatchString(file.Toolchain.Name) {
+		return []Result{NewResult(file, file.Toolchain.Syntax, fmt.Sprintf(reasonToolchainPattern, file.Toolchain.Name, opts.ToolchainPattern.String()))}
+	}
+
+	return nil
+}
+
 func checkRetractDirectives(file *modfile.File, opts Options) []Result {
 	if opts.RetractAllowNoExplanation {
 		return nil
@@ -211,14 +233,6 @@ func checkReplaceDirective(opts Options, r *modfile.Replace) string {
 	return fmt.Sprintf("%s: %s", reasonReplace, r.Old.Path)
 }
 
-func checkToolchainDirective(file *modfile.File, opts Options) []Result {
-	if !opts.ToolchainForbidden || file.Toolchain == nil {
-		return nil
-	}
-
-	return []Result{NewResult(file, file.Toolchain.Syntax, reasonToolchain)}
-}
-
 func checkGoDebugDirectives(file *modfile.File, opts Options) []Result {
 	if !opts.GoDebugForbidden {
 		return nil

gomoddirectives_test.go

@@ -251,25 +251,6 @@ func TestAnalyzeFile(t *testing.T) {
 				ToolForbidden: false,
 			},
 		},
-		{
-			desc:       "toolchain: don't allow",
-			modulePath: "toolchain/go.mod",
-			opts: Options{
-				ToolchainForbidden: true,
-			},
-			expected: []Result{{
-				Reason: "toolchain directive is not allowed",
-				Start:  token.Position{Filename: "go.mod", Offset: 0, Line: 5, Column: 1},
-				End:    token.Position{Filename: "go.mod", Offset: 0, Line: 5, Column: 19},
-			}},
-		},
-		{
-			desc:       "toolchain: allow",
-			modulePath: "toolchain/go.mod",
-			opts: Options{
-				ToolchainForbidden: false,
-			},
-		},
 		{
 			desc:       "godebug: don't allow",
 			modulePath: "godebug/go.mod",
@@ -319,10 +300,10 @@ func TestAnalyzeFile(t *testing.T) {
 			desc:       "goversion: pattern not matched",
 			modulePath: "goversion_family/go.mod",
 			opts: Options{
-				GoVersionPattern: regexp.MustCompile(`\d\.\d+\.0`),
+				GoVersionPattern: regexp.MustCompile(`\d\.\d+\.0$`),
 			},
 			expected: []Result{{
-				Reason: "go directive (1.22) doesn't match the pattern '\\d\\.\\d+\\.0'",
+				Reason: "go directive (1.22) doesn't match the pattern '\\d\\.\\d+\\.0$'",
 				Start:  token.Position{Filename: "go.mod", Offset: 0, Line: 3, Column: 1},
 				End:    token.Position{Filename: "go.mod", Offset: 0, Line: 3, Column: 8},
 			}},
@@ -331,7 +312,53 @@ func TestAnalyzeFile(t *testing.T) {
 			desc:       "goversion: no Go version",
 			modulePath: "empty/go.mod",
 			opts: Options{
-				GoVersionPattern: regexp.MustCompile(`\d\.\d+(\.0)?`),
+				GoVersionPattern: regexp.MustCompile(`\d\.\d+(\.0)?$`),
+			},
+		},
+		{
+			desc:       "toolchain: don't allow",
+			modulePath: "toolchain/go.mod",
+			opts: Options{
+				ToolchainForbidden: true,
+				ToolchainPattern:   regexp.MustCompile(`go\d\.\d+\.\d+$`),
+			},
+			expected: []Result{{
+				Reason: "toolchain directive is not allowed",
+				Start:  token.Position{Filename: "go.mod", Offset: 0, Line: 5, Column: 1},
+				End:    token.Position{Filename: "go.mod", Offset: 0, Line: 5, Column: 19},
+			}},
+		},
+		{
+			desc:       "toolchain: allow",
+			modulePath: "toolchain/go.mod",
+			opts: Options{
+				ToolchainForbidden: false,
+			},
+		},
+		{
+			desc:       "toolchain: pattern match",
+			modulePath: "toolchain/go.mod",
+			opts: Options{
+				ToolchainPattern: regexp.MustCompile(`go\d\.\d+\.\d+$`),
+			},
+		},
+		{
+			desc:       "toolchain: pattern not matched",
+			modulePath: "toolchain/go.mod",
+			opts: Options{
+				ToolchainPattern: regexp.MustCompile(`go\d\.22\.\d+$`),
+			},
+			expected: []Result{{
+				Reason: "toolchain directive (go1.23.3) doesn't match the pattern 'go\\d\\.22\\.\\d+$'",
+				Start:  token.Position{Filename: "go.mod", Offset: 0, Line: 5, Column: 1},
+				End:    token.Position{Filename: "go.mod", Offset: 0, Line: 5, Column: 19},
+			}},
+		},
+		{
+			desc:       "toolchain: no Go version",
+			modulePath: "empty/go.mod",
+			opts: Options{
+				ToolchainPattern: regexp.MustCompile(`go\d\.22\.\d+$`),
 			},
 		},
 		{
@@ -346,9 +373,10 @@ func TestAnalyzeFile(t *testing.T) {
 				ExcludeForbidden:          true,
 				RetractAllowNoExplanation: false,
 				ToolchainForbidden:        true,
+				ToolchainPattern:          regexp.MustCompile(`go\d\.\d+\.\d+$`),
 				ToolForbidden:             true,
 				GoDebugForbidden:          true,
-				GoVersionPattern:          regexp.MustCompile(`\d\.\d+(\.0)?`),
+				GoVersionPattern:          regexp.MustCompile(`\d\.\d+(\.0)?$`),
 			},
 		},
 	}

readme.md

@@ -34,6 +34,10 @@ linters-settings:
     # Default: false
     toolchain-forbidden: true
 
+    # Defines a pattern to validate `toolchain` directive.
+    # Default: '' (no match)
+    toolchain-pattern: 'go1\.22\.\d+$'
+
     # Forbid the use of the `tool` directives.
     # Default: false
     tool-forbidden: true
@@ -44,7 +48,7 @@ linters-settings:
 
     # Defines a pattern to validate `go` minimum version directive.
     # Default: '' (no match)
-    go-version-pattern: '\d\.\d+(\.0)?'
+    go-version-pattern: '1\.\d+(\.0)?$'
 ```
 
 ### As a CLI
@@ -70,6 +74,8 @@ Flags:
         Forbid the use of tool directives
   -toolchain
         Forbid the use of toolchain directive
+  -toolchain-pattern string
+        Pattern to validate toolchain directive
 ```
 
 ## Details
@@ -149,6 +155,7 @@ tool (
 ### [`toolchain`](https://golang.org/ref/mod#go-mod-file-toolchain) directive
 
 - Ban `toolchain` directive.
+- Use a regular expression to constraint the Go minimum version.
 
 ```go
 module example.com/foo