-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (135 loc) · 5.82 KB
/
megalinter.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
# MegaLinter GitHub Action configuration file
# More info at https://megalinter.github.io
name: MegaLinter
# yamllint disable-line rule:truthy
on:
workflow_dispatch:
pull_request:
branches: [master, main, staging]
types: [opened, reopened, labeled, synchronize]
push:
branches:
- main
permissions: read-all
env: # Comment env block if you do not want to apply fixes
# Apply linter fixes configuration
APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
APPLY_FIXES_MODE: pull_request # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR ()
PRINT_ALL_FILES: true
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
build:
name: MegaLinter
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
statuses: write
pull-requests: write
contents: write
steps:
# Git Checkout
- name: Checkout Code
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
fetch-depth: 0
# MegaLinter
- name: MegaLinter
id: ml
# More info at https://megalinter.github.io/flavors/
uses: oxsecurity/megalinter/flavors/javascript@v6
env:
# https://megalinter.github.io/configuration/
VALIDATE_ALL_CODEBASE: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# CUSTOM SETTINGS FOR MEGALINTER
REPORT_OUTPUT_FOLDER: megalinter-reports
FORMATTERS_DISABLE_ERRORS: true # Treat formatting as a warning
DISABLE: COPYPASTE # Disable categories of linters
DISABLE_LINTERS: JAVASCRIPT_STANDARD,REPOSITORY_TRIVY
SHOW_ELAPSED_TIME: true
FILEIO_REPORTER: false
# eslint
JAVASCRIPT_ES_CONFIG_FILE: ./eslintrc.js
# cspell settings
SPELL_CSPELL_CONFIG_FILE: .github/cspell.json
SPELL_CSPELL_DISABLE_ERRORS: true # Treat misspellings as a warning
# proselint settings
SPELL_PROSELINT_CONFIG_FILE: .github/proselintrc.json
SPELL_PROSELINT_DISABLE_ERRORS: true # Treat misspellings as a warning
# markdownlint
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .github/markdownlint.json
# markdown link check
MARKDOWN_MARKDOWN_LINK_CHECK_CONFIG_FILE: .github/markdown-link-check.json
MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true # Treat dead links as a warning
# checkov settings
REPOSITORY_CHECKOV_CONFIG_FILE: .github/checkov.yml
REPOSITORY_CHECKOV_DISABLE_ERRORS: true # Disable errors until we decide how to handle this one.
# secretlint settings
REPOSITORY_SECRETLINT_CONFIG_FILE: .github/secretlintrc.json
REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignores "**/megalinter-reports/**"
# Other linters
REPOSITORY_GIT_DIFF_DISABLE_ERRORS: true
COPYPASTE_JSCPD_DISABLE_ERRORS: true
ACTION_ACTIONLINT_FILTER_REGEX_EXCLUDE: (defender-sentinel-deployer.yml)
REPOSITORY_GITLEAKS_CONFIG_FILE: .github/gitleaks.toml
YAML_V8R_FILTER_REGEX_EXCLUDE: serverless|\.github/
# code style
JAVASCRIPT_DEFAULT_STYLE: prettier
TYPESCRIPT_DEFAULT_STYLE: prettier
JAVASCRIPT_PRETTIER_CONFIG_FILE: .prettierrc.js
TYPESCRIPT_PRETTIER_CONFIG_FILE: .prettierrc.js
YAML_PRETTIER_CONFIG_FILE: .prettierrc.js
JSON_PRETTIER_CONFIG_FILE: .prettierrc.js
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: ${{ success() }} || ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: MegaLinter reports
path: |
megalinter-reports
# Create pull request if applicable
# Note: This step will fail if megalinter tries to modify any file in the .github/workflow
# directory. Github has a protection that workflows can't modify workflows. Please fix those
# files manually.
- name: Restore Workflow and github_conf Directories
if: ${{ always() }}
run: |
git restore .github/workflows/*.yml
sudo rm -rf github_conf
- name: Create Pull Request with applied fixes
id: cpr
if: ${{ always() }}
# Use head_ref when PR is created and ref_name when manually run
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[MegaLinter] Apply linter automatic fixes"
title: "[MegaLinter] Fixes for ${{ env.BRANCH_NAME }}"
labels: bot
base: ${{ env.BRANCH_NAME }}
branch: auto-fix/${{ env.BRANCH_NAME }}
delete-branch: true # Deletes temp branch after close or merge.
- name: Update PR status
if: ${{ success() }}
# set the merge commit status check
# using GitHub REST API
# see https://docs.github.com/en/rest/reference/repos#create-a-commit-status
run: |
curl --request POST \
--url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }} \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"context": "MegaLinter",
"state": "success",
"description": "MegaLinter checks passed",
"target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}'