diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml new file mode 100644 index 0000000000..9b855a5853 --- /dev/null +++ b/.github/workflows/megalinter.yaml @@ -0,0 +1,71 @@ +name: linter (non-Python) + +on: + push: + branches: + - main + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + name: MegaLinter + runs-on: ubuntu-latest + permissions: + contents: write + issues: write + pull-requests: write + steps: + - name: Checkout Code + uses: actions/checkout@v3 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + + - name: MegaLinter + id: ml + uses: oxsecurity/megalinter/flavors/cupcake@v7.7.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Archive production artifacts + if: ${{ success() }} || ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + # Create pull request if applicable (for now works only on PR from same repository, not from forks) + - name: Create Pull Request with applied fixes + id: cpr + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + commit-message: "[MegaLinter] Apply linters automatic fixes" + title: "[MegaLinter] Apply linters automatic fixes" + labels: bot + - name: Create PR output + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + # Push new commit if applicable (for now works only on PR from same repository, not from forks) + - name: Prepare commit + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + run: sudo chown -Rc $UID .git/ + - name: Commit and push applied linter fixes + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + uses: stefanzweifel/git-auto-commit-action@v4 + with: + branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} + commit_message: "[MegaLinter] Apply linters fixes" + commit_user_name: megalinter-bot + commit_user_email: nicolas.vuillamy@ox.security diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 0000000000..65d479a1e7 --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,18 @@ +APPLY_FIXES: all +APPLY_FIXES_EVENT: all +DEFAULT_BRANCH: main +ENABLE_LINTERS: + - MARKDOWN_MARKDOWNLINT + - MARKDOWN_MARKDOWN_LINK_CHECK + - MARKDOWN_MARKDOWN_TABLE_FORMATTER + - REPOSITORY_GIT_DIFF + - YAML_PRETTIER + - YAML_YAMLLINT +EXCLUDED_DIRECTORIES: [.github, tests] +GITHUB_COMMENT_REPORTER: false +MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true +PRINT_ALPACA: false +PYTHON_BLACK_CONFIG_FILE: pyproject.toml +PYTHON_ISORT_CONFIG_FILE: pyproject.toml +PYTHON_PYRIGHT_CONFIG_FILE: pyproject.toml +VALIDATE_ALL_CODEBASE: true