StableKeywordsCheck: detect packages using stable keywords

[falbrechtskirchinger]

Add an optional check to scan for packages using stable keywords. This is useful for overlays like ::guru, which require that all packages be keyworded unstable.

The implementation is based on UnstableOnlyCheck, though strictly copying the restrictions mechanism results in O(N * M), where a simple set intersection could be O(N).
The severity was chosen based on the language in the regulations (rule 4): "Stable keywords must not be used." (emphasis mine)

Tests

• Added a new repo, as this check conflicts with other test cases using stable keywords.
• Added test ebuilds to exercise both positive and negative paths.
• Added expected.json and fix.patch.

[thesamesam]

It looks reasonable to me.

[arthurzam]

Please handle those comments. Sorry for long delay

[arthurzam]

not a good result name and description - what does it even mean? A developer that gets such error won't understand it's reason.

[falbrechtskirchinger]

Fair point. Does DisallowedStableKeywords sound reasonable to you? If yes, I'd rename stable_keywords to disallowed_stable (mirroring unstable_only).

I've renamed the check, but want to avoid renaming the test data more than once.

[falbrechtskirchinger]

I've renamed the check to DisallowedStableKeywordsCheck and addressed the mutability, encapsulation, and scope issues.

I've also added ignored categories (acct-group, acct-user) because the related eclasses define KEYWORDS, which triggers this check. There hasn't been any progress on resolving the KEYWORDS-in-eclasses issue in 15 years (see https://bugs.gentoo.org/342185).

Pending a final decision on the name, I will rename/regenerate the test data, rebase, and reword the commits.

As I mentioned, the check is based on UnstableOnlyCheck with minimal changes, and I just want to ask if this much simpler version might be preferable:

class DisallowedStableKeywordsCheck(OptionalCheck):
    """Scan for packages using stable keywords in repositories where they are not allowed."""

    known_results = frozenset({DisallowedStableKeywords})

    # acct-group and acct-user eclasses define KEYWORDS
    # See https://bugs.gentoo.org/342185
    ignored_categories = frozenset({"acct-group", "acct-user"})

    def feed(self, pkg):
        if pkg.category in self.ignored_categories:
            return

        arches = {k for k in pkg.keywords if not k.startswith(('~', '-'))}
        if not arches:
            return

        yield DisallowedStableKeywords(arches, pkg=pkg)

No addons, and no use of package restrictions.