---
# original template from: https://github.com/bretfisher/super-linter-workflow/blob/main/.github/workflows/reusable-super-linter.yaml

###########################
###########################
## Linter GitHub Actions ##
###########################
###########################
name: Lint all the codes

#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#

on:

  workflow_call:
    inputs:
      devops-only:
        description: For a DevOps-focused repository. Prevents some code-language linters from running
        required: false
        type: boolean
        default: false
      filter-regex-exclude:
        description: A regex to exclude files from linting
        required: false
        type: string

permissions:
  contents: read            # git permissions to repo pull/push
  statuses: write           # read/write to repo custom statuses and checks

jobs:
  super-lint:

    name: Super-Linter

    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3
        with:
          # Full git history is needed to get a proper list of changed files within super-linter
          fetch-depth: 0

      #############################
      # custom DEFAULT_BRANCH for repos where PR target isn't always main/master
      #############################
      - name: Set DEFAULT_BRANCH to PR target
        # if base_ref has a value, this is a PR
        # we save the PR target branch name to a variable for use in linter config
        # we pass string between job steps by echoing to $GITHUB_ENV, making it available in $env later
        if: ${{ github.base_ref != '' }}
        run: |
          # shellcheck disable=2086
          echo "DEFAULT_BRANCH=${{ github.base_ref }}" >> $GITHUB_ENV
          echo "this is a PR branch. Let's only lint the files that are changed against the target branch '${{ github.base_ref }}'"

      - name: Set DEFAULT_BRANCH to current branch
        # if base_ref has no value, this is just a commit on a branch
        # we need to strip refs/heads from github.ref to find the current branch name
        # then save the current branch name to a variable for use in linter config later
        # we pass strings between job steps by echoing to $GITHUB_ENV, making it available in $env later
        if: ${{ github.base_ref == '' }}
        run: |
          # shellcheck disable=2086
          echo "DEFAULT_BRANCH=$(echo '${{ github.ref }}' | sed 's/refs\/heads\///')" >> $GITHUB_ENV
          echo "this is just a branch push, not a PR."

      # used as a debug step to ensure we're only linting all files on release branches
      - name: Are we linting all files?
        run: |
          echo VALIDATE_ALL_CODEBASE=${{ !contains(github.event_name, 'pull_request') }}

      # customize excluded paths and files with regex
      - name: FILTER_REGEX_EXCLUDE
        if: ${{ inputs.filter-regex-exclude }}
        run: |
          # shellcheck disable=2086
          {
            echo "FILTER_REGEX_EXCLUDE=${{ inputs.filter-regex-exclude }}" >> $GITHUB_ENV
          }

      # disable non-DevOps focused linters that might run on sample code or 3rd party code
      # these env's will get pass to the next step
      - name: Disable non-DevOps linters
        if: ${{ inputs.devops-only == true }}
        run: |
          # shellcheck disable=2086
          { 
            echo "VALIDATE_CSS=false"; 
            echo "VALIDATE_HTML=false"; 
            echo "VALIDATE_JAVASCRIPT_ES=false";
            echo "VALIDATE_TYPESCRIPT_ES=false";
            echo "VALIDATE_TYPESCRIPT_STANDARD=false";
            echo "VALIDATE_JAVASCRIPT_STANDARD=false";
            echo "VALIDATE_PYTHON_MYPY=false";
            echo "VALIDATE_PYTHON_BLACK=false";
            echo "VALIDATE_PYTHON_FLAKE8=false";
            echo "VALIDATE_PYTHON_ISORT=false";
            echo "VALIDATE_RUBY=false";
            echo "VALIDATE_PHP=false";
            echo "VALIDATE_CSHARP=false";

          } >> $GITHUB_ENV

      #############################
      # Run many Linters against changed files on PRs, and ALL files on commit to release branch
      #############################
      # https://github.com/marketplace/actions/super-linter
      - name: Lint Code Base
        uses: super-linter/super-linter/slim@v5.2.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # by default super-linter assumes our repo default branch doesn't change
          # and it also assumes our PRs are always against that default branch
          # for multi-trunk (releases) repos, this get the base branch from the previous steps
          # see issue https://github.com/github/super-linter/issues/1123
          DEFAULT_BRANCH: ${{ env.DEFAULT_BRANCH }}
          # setting this to false means that only changed files will be scanned in each commit
          VALIDATE_ALL_CODEBASE: ${{ !contains(github.event_name, 'pull_request') }}
          # turn off dockerfilelint, as its a dead project
          # https://github.com/replicatedhq/dockerfilelint/issues/169
          # hadolint will still run and is sufficient (no need for two linters)
          VALIDATE_DOCKERFILE: false
          # turn off JSCPD copy/paste detection, which results in lots of results for examples and devops repos
          VALIDATE_JSCPD: false
          # turn off shfmt shell formatter as we already have shellcheck
          VALIDATE_SHELL_SHFMT: false
          # editorconfig is great, but...
          # editorconfig-linter is rather generic and file-specific linters are better
          # turn off editorconfig-checker, which flags too many false positives
          VALIDATE_EDITORCONFIG: false
          # prevent Kubernetes CRD API's from causing kubeval to fail
          # also change schema location to an up-to-date list
          # https://github.com/yannh/kubernetes-json-schema/#kubeval
          KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/