509b908417
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.5 to 4.8.7. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md) - [Commits](https://github.com/github/super-linter/compare/v4.8.5...v4.8.7) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
158 lines
6.4 KiB
YAML
158 lines
6.4 KiB
YAML
---
|
|
# original template from: https://github.com/bretfisher/super-linter-example/blob/main/.github/workflows/super-linter.yaml
|
|
|
|
###########################
|
|
###########################
|
|
## Linter GitHub Actions ##
|
|
###########################
|
|
###########################
|
|
name: Lint all the codes
|
|
|
|
#
|
|
# Documentation:
|
|
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
|
#
|
|
|
|
#############################
|
|
# lint on push to release/main branches
|
|
# also lint on all pushes to PRs
|
|
#############################
|
|
on:
|
|
# runs when PRs are merged, or pushes directly to these branches
|
|
# if you have multiple release branches, add them to push
|
|
push:
|
|
branches:
|
|
- main
|
|
# runs on pushed commits to any PR
|
|
pull_request:
|
|
# allow reuse of this workflow in other repos
|
|
workflow_call:
|
|
inputs:
|
|
devops-only:
|
|
description: For a DevOps-focused repository. Prevents some code-language linters from running
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
filter-regex-exclude:
|
|
description: A regex to exclude files from linting
|
|
required: false
|
|
type: string
|
|
|
|
|
|
permissions:
|
|
actions: none
|
|
checks: none # add custom pass/fail checks to the PR
|
|
contents: read # git permissions to repo pull/push
|
|
deployments: none
|
|
issues: none # read/write to repo Issues
|
|
packages: none # read/write to repo Packages (ghcr, gems, npm)
|
|
pull-requests: none # read/write to repo PRs
|
|
repository-projects: none
|
|
security-events: none # read/write to repo Security tab API
|
|
statuses: write # read/write to repo custom statuses and checks
|
|
|
|
|
|
jobs:
|
|
super-lint:
|
|
# Name the Job
|
|
name: Super-Linter
|
|
|
|
# Set the agent to run on
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v2.4.0
|
|
with:
|
|
# Full git history is needed to get a proper list of changed files within `super-linter`
|
|
fetch-depth: 0
|
|
|
|
#############################
|
|
# custom DEFAULT_BRANCH for repos where PR target isn't always main/master
|
|
#############################
|
|
- name: Set DEFAULT_BRANCH to PR target
|
|
# if base_ref has a value, this is a PR
|
|
# we save the PR target branch name to a variable for use in linter config
|
|
# we pass string between job steps by echoing to $GITHUB_ENV, making it available in $env later
|
|
if: ${{ github.base_ref != '' }}
|
|
run: |
|
|
# shellcheck disable=2086
|
|
echo "DEFAULT_BRANCH=${{ github.base_ref }}" >> $GITHUB_ENV
|
|
echo "this is a PR branch. Let's only lint the files that are changed against the target branch '${{ github.base_ref }}'"
|
|
|
|
- name: Set DEFAULT_BRANCH to current branch
|
|
# if base_ref has no value, this is just a commit on a branch
|
|
# we need to strip refs/heads from github.ref to find the current branch name
|
|
# then save the current branch name to a variable for use in linter config later
|
|
# we pass strings between job steps by echoing to $GITHUB_ENV, making it available in $env later
|
|
if: ${{ github.base_ref == '' }}
|
|
run: |
|
|
# shellcheck disable=2086
|
|
echo "DEFAULT_BRANCH=$(echo '${{ github.ref }}' | sed 's/refs\/heads\///')" >> $GITHUB_ENV
|
|
echo "this is just a branch push, not a PR."
|
|
|
|
# used as a debug step to ensure we're only linting all files on release branches
|
|
- name: Are we linting all files?
|
|
run: |
|
|
echo VALIDATE_ALL_CODEBASE=${{ !contains(github.event_name, 'pull_request') }}
|
|
|
|
# customize excluded paths and files with regex
|
|
- name: FILTER_REGEX_EXCLUDE
|
|
if: ${{ inputs.filter-regex-exclude }}
|
|
run: |
|
|
# shellcheck disable=2086
|
|
{
|
|
echo "FILTER_REGEX_EXCLUDE=${{ inputs.filter-regex-exclude }}" >> $GITHUB_ENV
|
|
}
|
|
|
|
# disable non-DevOps focused linters that might run on sample code or 3rd party code
|
|
# these env's will get pass to the next step
|
|
- name: Disable non-DevOps linters
|
|
if: ${{ inputs.devops-only == true }}
|
|
run: |
|
|
# shellcheck disable=2086
|
|
{
|
|
echo "VALIDATE_CSS=false";
|
|
echo "VALIDATE_HTML=false";
|
|
echo "VALIDATE_JAVASCRIPT_ES=false";
|
|
echo "VALIDATE_TYPESCRIPT_ES=false";
|
|
echo "VALIDATE_TYPESCRIPT_STANDARD=false";
|
|
echo "VALIDATE_JAVASCRIPT_STANDARD=false";
|
|
echo "VALIDATE_PYTHON_MYPY=false";
|
|
echo "VALIDATE_PYTHON_BLACK=false";
|
|
echo "VALIDATE_RUBY=false";
|
|
echo "VALIDATE_PHP=false";
|
|
echo "VALIDATE_CSHARP=false";
|
|
|
|
} >> $GITHUB_ENV
|
|
|
|
#############################
|
|
# Run many Linters against changed files on PRs, and ALL files on commit to release branch
|
|
#############################
|
|
# https://github.com/marketplace/actions/super-linter
|
|
- name: Lint Code Base
|
|
uses: github/super-linter@v4.8.7
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# by default super-linter assumes our repo default branch doesn't change
|
|
# and it also assumes our PRs are always against that default branch
|
|
# for multi-trunk (releases) repos, this get the base branch from the previous steps
|
|
# see issue https://github.com/github/super-linter/issues/1123
|
|
DEFAULT_BRANCH: ${{ env.DEFAULT_BRANCH }}
|
|
# setting this to false means that only changed files will be scanned in each commit
|
|
VALIDATE_ALL_CODEBASE: ${{ !contains(github.event_name, 'pull_request') }}
|
|
# turn off dockerfilelint, as its a dead project
|
|
# https://github.com/replicatedhq/dockerfilelint/issues/169
|
|
# hadolint will still run and is sufficient (no need for two linters)
|
|
VALIDATE_DOCKERFILE: false
|
|
# turn off JSCPD copy/paste detection, which results in lots of results for examples and devops repos
|
|
VALIDATE_JSCPD: false
|
|
# turn off shfmt shell formatter as we already have shellcheck
|
|
VALIDATE_SHELL_SHFMT: false
|
|
# editorconfig is great, but...
|
|
# editorconfig-linter is rather generic and file-specific linters are better
|
|
# turn off editorconfig-checker, which flags too many false positives
|
|
VALIDATE_EDITORCONFIG: false
|
|
# prevent Kubernetes CRD API's from causing kubeval to fail
|
|
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
|