-
Notifications
You must be signed in to change notification settings - Fork 0
156 lines (151 loc) · 5.21 KB
/
megalinter.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# ref: <https://github.com/oxsecurity/megalinter/blob/225e1b5c3a044775005d0ec772cabee5d21006ed/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml>
# ref: <https://megalinter.io>
name: MegaLinter
on:
push:
pull_request:
branches:
- main
env:
APPLY_FIXES: all
APPLY_FIXES_EVENT: pull_request
APPLY_FIXES_MODE: commit
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
megalinter:
name: MegaLinter
permissions:
contents: write
issues: write
pull-requests: write
security-events: write
statuses: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ github.token }}
- id: ml
name: MegaLinter
uses: oxsecurity/megalinter@v8
# ref: <https://megalinter.io/latest/config-file/>
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Common Variables
MEGALINTER_CONFIG: .github/.mega-linter.yaml
VALIDATE_ALL_CODEBASE: true
# Linters
PYTHON_PYRIGHT_DISABLE_ERRORS: true
# Reporters
TEXT_REPORTER: true
GITHUB_COMMENT_REPORTER: true
GITHUB_STATUS_REPORTER: true
SARIF_REPORTER: true
UPDATED_SOURCES_REPORTER: true
CONFIG_REPORTER: true
CONSOLE_REPORTER: true
JSON_REPORTER: true
MARKDOWN_SUMMARY_REPORTER: true
- if: success() || failure()
name: Archive production artifacts
uses: actions/upload-artifact@v4
with:
name: MegaLinter reports
path: |-
mega-linter.log
megalinter-reports/
- if: success() || failure()
name: Upload MegaLinter scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: megalinter-reports/megalinter-report.sarif
- if: success() || failure()
name: Add GitHub summary
run: cat megalinter-reports/megalinter-report.md >> "$GITHUB_STEP_SUMMARY"
- name: Remove MegaLinter reports
run: >-
sudo rm --force --recursive
.checkov.yml
.devskim.json
kics.config
mega-linter.log
megalinter-reports/
- id: cpr
if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'pull_request' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
name: Create Pull Request with applied fixes
uses: peter-evans/create-pull-request@v7
with:
token: ${{ github.token }}
commit-message: "chore(MegaLinter): apply linters automatic fixes"
title: "chore(MegaLinter): apply linters automatic fixes"
# TODO: add labels
- if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'pull_request' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
name: Create PR output
run: |
echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
- if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'commit' &&
github.ref != 'refs/heads/main' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
name: Prepare commit
run: sudo chown -Rc $UID .git/
- if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'commit' &&
github.ref != 'refs/heads/main' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
name: Commit and push applied linter fixes
uses: stefanzweifel/git-auto-commit-action@v5
with:
branch: >-
${{
github.event.pull_request.head.ref ||
github.head_ref ||
github.ref
}}
commit_message: "chore(MegaLinter): apply linters fixes"
commit_user_name: megalinter-bot
commit_user_email: nicolas.vuillamy@ox.security