twoliter: add check-advisories task to lint BRSAs

Lint BRSAs for non-ASCII characters that may be included in advisory
information in a new task, check-advisories. Also ensure that each
directory under "advisories" in a project has an associated tag on the
project

Add this to the list in the meta task "check"

Signed-off-by: Gavin Inglis <[email protected]>

Author: ginglis13

twoliter/embedded/Makefile.toml

@@ -416,6 +416,7 @@ done
 [tasks.check]
 dependencies = [
    "check-cargo-version",
+   "check-advisories",
    "unit-tests",
    "check-fmt",
    "check-lints",
@@ -540,6 +541,31 @@ fi
 '''
 ]
 
+# Task to lint Bottlerocket Security Advisories by checking for non-ASCII characters
+# and verifying that each versioned directory under "advisories" has a corresponding
+# tag on the Twoliter project this task runs against.
+[tasks.check-advisories]
+script_runner = "bash"
+script = [
+'''
+if find advisories -name '*.toml' -type f >/dev/null 2>&1 ; then
+  export LC_ALL=C
+  if grep --include '*.toml' -R -l -P ['\x80'-'\xFF'] advisories ; then
+    echo "error: found non-ASCII characters in advisories" >&2
+    exit 1
+  fi
+
+  for version in $(find advisories/* -type d -not -path advisories/staging); do
+    grep v$(basename ${version})$ <(PAGER= git tag)
+    if [ "$?" -ne 0  ]; then
+      echo "error: no corresponding tag found for ${version} directory"
+      exit 1
+    fi
+  done
+fi
+'''
+]
+
 [tasks.check-golangci-lint]
 script = [
 '''