-
-
Notifications
You must be signed in to change notification settings - Fork 0
267 lines (247 loc) · 8.62 KB
/
mega-linter.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# kics-scan disable=555ab8f9-2001-455e-a077-f2d0f41e2fb9
##
# MegaLinter GitHub Action configuration file.
#
# @link https://megalinter.io
#
---
name: MegaLinter
on:
##
# Run whenever Pull Requests merge into environment Branches.
#
# Later logic enforces a full code-wide test on only the `production` and `staging` Branches. The `main` Branch only
# has changed files linted for efficiency.
#
# TEMPLATE TODO - Remove any environment Branches this project won't use.
#
push:
branches:
- main
- production
- staging
##
# Run whenever a Pull Request occurs on any Branch, regardless of target.
#
# Later logic enforces linting on only changed files in these instances for efficiency.
#
pull_request:
##
# All steps should have read-only access, unless explicitly given.
#
permissions: read-all
##
# Environment configurations.
#
# @link https://docs.github.com/en/actions/learn-github-actions/contexts#env-context
#
env:
##
# Automatically apply formatting fixes during linting for minor formatting and consistency problems.
#
# With this configuration, both `push` and `pull_request` events apply fixes directly into the commit, as opposed to
# opening a separate Pull Request with the changes.
#
# @link https://megalinter.io/latest/config-apply-fixes/
#
APPLY_FIXES: all
APPLY_FIXES_EVENT: all
APPLY_FIXES_MODE: commit
##
# Cancel any in-progress GitHub Actions for the same Branch when triggering a new workflow.
#
# @link https://docs.github.com/en/actions/using-jobs/using-concurrency
#
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
##
# Linting steps.
#
# @link https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow
#
jobs:
build:
name: MegaLinter
runs-on: ubuntu-latest
##
# This job's `GITHUB_TOKEN` or `PAT` must have these permissions.
#
# Always aim to provide as few permissions as possible for personal access tokens.
#
# @link https://docs.github.com/en/actions/security-guides/automatic-token-authentication
#
# TEMPLATE TODO - Adjust permissions to the minimum possible for how you use this linter.
#
permissions:
contents: write
issues: write
pull-requests: write
steps:
##
# Checkout the Repository for linting.
#
# @link https://github.com/actions/checkout
#
- name: Checkout code
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
##
# A fetch depth of `0` pulls the entire Repository's history, Branches, and Tags. Limiting this to `1`
# increases efficiency, but is only applicable for end-to-end code tests.
#
# End-to-end tests only occur when pushing to environment Branches, or when the `production` or `staging`
# Branches have a Pull Request. Any Pull Requests into `main` tests only changed files, and therefore requires
# requires a full checkout of the Repository.
#
fetch-depth: >-
${{
(
github.event_name == 'push' ||
( github.event_name == 'pull_request' && github.ref != 'refs/head/main' )
)
&& 1
|| 0
}}
##
# Run MegaLinter.
#
# @link https://github.com/oxsecurity/megalinter
#
- name: Lint with MegaLinter
id: ml
##
# The template that generated this project uses the full MegaLinter image, by default, which is extremely large
# and has numerous linters likely not needed by any one specific project.
#
# @link https://megalinter.io/flavors/
#
# TEMPLATE TODO - Select a more-specific MegaLinter flavor for the project and update the `uses` configuration
# here to significantly increase GitHub Action performance.
#
uses: oxsecurity/megalinter@v7
##
# Variables are overridden on GitHub workflows for certain conditions.
#
# https://megalinter.io/configuration/
#
env:
##
# Lint the entire codebase any time a push, or merge, occurs on any environment Branch, or for any Pull
# Requests that are on any Branch but `main`.
#
VALIDATE_ALL_CODEBASE: >-
${{
(
github.event_name == 'push' ||
( github.event_name == 'pull_request' && github.ref != 'refs/head/main' )
)
&& 'true'
|| 'false'
}}
##
# This token is automatically created on the GitHub server.
#
# If running locally, provide this token with the `gh` utility. For example, with `act`:
#
# ```sh
# act -s GITHUB_TOKEN="$(gh auth token)"
# ```
#
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
##
# TEMPLATE TODO - Add custom environment variables here to override anything from the root .mega-linter.yml
#
##
# Upload MegaLinter artifacts.
#
# This stores each report and log from tests for reference after CI/CD.
#
# @link https://github.com/actions/upload-artifact
# @link https://megalinter.io/latest/reporters/
#
- name: Archive production artifacts
if: success() || failure()
uses: actions/upload-artifact@v3
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
##
# Create a Pull Request with any automatic fixes, if configured to do so.
#
# This doesn't currently work for Forks, only Pull Requests from the same Repository.
#
- name: Create Pull Request with applied fixes
id: cpr
if: |
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'pull_request' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
uses: peter-evans/create-pull-request@v5
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[MegaLinter] Apply linters automatic fixes"
title: "[MegaLinter] Apply linters automatic fixes"
labels: bot
- name: Create Pull Request output
if: |
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'pull_request' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
- name: Prepare commit
if: |
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'commit' &&
github.ref != 'refs/heads/main' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
run: sudo chown -Rc $UID .git/
- name: Commit and push applied linter fixes
if: |
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'commit' &&
github.ref != 'refs/heads/main' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
uses: stefanzweifel/git-auto-commit-action@v4
with:
branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
commit_message: "[MegaLinter] Apply linters fixes"
commit_user_name: megalinter-bot
commit_user_email: [email protected]