[automation] Auto-update linters version, help and documentation #5806
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ######################### | |
| ######################### | |
| ## Deploy Docker Image Linters ## | |
| ######################### | |
| ######################### | |
| # Documentation: | |
| # https://help.github.com/en/articles/workflow-syntax-for-github-actions | |
| # | |
| ####################################### | |
| # Start the job on all push to main # | |
| ####################################### | |
| name: "Build & Deploy - DEV linters" | |
| on: | |
| pull_request: | |
| branches-ignore: [] | |
| paths-ignore: | |
| - .github/CONTRIBUTING.md | |
| - CHANGELOG.md | |
| - README.md | |
| - .github/workflows/slash-command-dispatch.yml | |
| - .github/workflows/help-command.yml | |
| - .github/workflows/build-command.yml | |
| ############### | |
| # Set the Job # | |
| ############### | |
| concurrency: | |
| group: ${{ github.ref_name }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| prepare: | |
| name: Prepare matrix | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag: ${{ steps.image_tag.outputs.tag }} | |
| steps: | |
| - name: Build image tag name | |
| id: image_tag | |
| run: | | |
| BRANCH_NAME="${GITHUB_REF##*/}" | |
| TAG="test-${{ github.actor }}-${BRANCH_NAME}" | |
| echo "Tag name: ${TAG}" | |
| echo "tag=${TAG}" >>"$GITHUB_OUTPUT" | |
| build: | |
| # Name the Job | |
| name: Deploy Docker Image - DEV - Linters | |
| needs: prepare | |
| # Set the agent to run on | |
| runs-on: ${{ matrix.os }} | |
| permissions: read-all | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 10 | |
| matrix: | |
| os: [ubuntu-latest] | |
| # linters-start | |
| linter: | |
| [ | |
| "action_actionlint", | |
| "ansible_ansible_lint", | |
| "arm_arm_ttk", | |
| "bash_exec", | |
| "bash_shellcheck", | |
| "bash_shfmt", | |
| "bicep_bicep_linter", | |
| "c_cpplint", | |
| "clojure_clj_kondo", | |
| "clojure_cljstyle", | |
| "cloudformation_cfn_lint", | |
| "coffee_coffeelint", | |
| "copypaste_jscpd", | |
| "cpp_cpplint", | |
| "csharp_dotnet_format", | |
| "csharp_csharpier", | |
| "css_stylelint", | |
| "css_scss_lint", | |
| "dart_dartanalyzer", | |
| "dockerfile_hadolint", | |
| "editorconfig_editorconfig_checker", | |
| "env_dotenv_linter", | |
| "gherkin_gherkin_lint", | |
| "go_golangci_lint", | |
| "go_revive", | |
| "graphql_graphql_schema_linter", | |
| "groovy_npm_groovy_lint", | |
| "html_djlint", | |
| "html_htmlhint", | |
| "java_checkstyle", | |
| "java_pmd", | |
| "javascript_es", | |
| "javascript_standard", | |
| "javascript_prettier", | |
| "json_jsonlint", | |
| "json_eslint_plugin_jsonc", | |
| "json_v8r", | |
| "json_prettier", | |
| "json_npm_package_json_lint", | |
| "jsx_eslint", | |
| "kotlin_ktlint", | |
| "kubernetes_kubeconform", | |
| "kubernetes_helm", | |
| "kubernetes_kubescape", | |
| "latex_chktex", | |
| "lua_luacheck", | |
| "makefile_checkmake", | |
| "markdown_markdownlint", | |
| "markdown_remark_lint", | |
| "markdown_markdown_link_check", | |
| "markdown_markdown_table_formatter", | |
| "openapi_spectral", | |
| "perl_perlcritic", | |
| "php_phpcs", | |
| "php_phpstan", | |
| "php_psalm", | |
| "php_phplint", | |
| "powershell_powershell", | |
| "powershell_powershell_formatter", | |
| "protobuf_protolint", | |
| "puppet_puppet_lint", | |
| "python_pylint", | |
| "python_black", | |
| "python_flake8", | |
| "python_isort", | |
| "python_bandit", | |
| "python_mypy", | |
| "python_pyright", | |
| "python_ruff", | |
| "r_lintr", | |
| "raku_raku", | |
| "repository_checkov", | |
| "repository_devskim", | |
| "repository_dustilock", | |
| "repository_git_diff", | |
| "repository_gitleaks", | |
| "repository_grype", | |
| "repository_kics", | |
| "repository_secretlint", | |
| "repository_semgrep", | |
| "repository_syft", | |
| "repository_trivy", | |
| "repository_trivy_sbom", | |
| "repository_trufflehog", | |
| "rst_rst_lint", | |
| "rst_rstcheck", | |
| "rst_rstfmt", | |
| "ruby_rubocop", | |
| "rust_clippy", | |
| "salesforce_sfdx_scanner_apex", | |
| "salesforce_sfdx_scanner_aura", | |
| "salesforce_sfdx_scanner_lwc", | |
| "scala_scalafix", | |
| "snakemake_lint", | |
| "snakemake_snakefmt", | |
| "spell_cspell", | |
| "spell_proselint", | |
| "spell_vale", | |
| "spell_lychee", | |
| "sql_sql_lint", | |
| "sql_sqlfluff", | |
| "sql_tsqllint", | |
| "swift_swiftlint", | |
| "tekton_tekton_lint", | |
| "terraform_tflint", | |
| "terraform_terrascan", | |
| "terraform_terragrunt", | |
| "terraform_terraform_fmt", | |
| "tsx_eslint", | |
| "typescript_es", | |
| "typescript_standard", | |
| "typescript_prettier", | |
| "vbdotnet_dotnet_format", | |
| "xml_xmllint", | |
| "yaml_prettier", | |
| "yaml_yamllint", | |
| "yaml_v8r", | |
| ] | |
| # linters-end | |
| # Only run this on the main repo | |
| if: | | |
| ( | |
| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) || | |
| (github.event_name == 'push' && github.repository == 'oxsecurity/megalinter') | |
| ) | |
| && !contains(github.event.head_commit.message, 'skip deploy') | |
| ################## | |
| # Load all steps # | |
| ################## | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Get current date | |
| run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} | |
| - name: Build Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: linters/${{ matrix.linter }}/Dockerfile | |
| platforms: linux/amd64 | |
| build-args: | | |
| BUILD_DATE=${{ env.BUILD_DATE }} | |
| BUILD_REVISION=${{ github.sha }} | |
| BUILD_VERSION=${{ needs.prepare.outputs.tag }} | |
| load: true | |
| push: false | |
| secrets: | | |
| GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| tags: | | |
| oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }} | |
| ##################################### | |
| # Run Linter test cases # | |
| ##################################### | |
| - name: Run Test Cases | |
| shell: bash | |
| run: | | |
| GITHUB_REPOSITORY=$([ "${{ github.event_name }}" == "pull_request" ] && echo "${{ github.event.pull_request.head.repo.full_name }}" || echo "${{ github.repository }}") | |
| GITHUB_BRANCH=$([ "${{ github.event_name }}" == "pull_request" ] && echo "${{ github.head_ref }}" || echo "${{ github.ref_name }}") | |
| TEST_KEYWORDS_TO_USE_UPPER="${{ matrix.linter }}" | |
| TEST_KEYWORDS_TO_USE="${TEST_KEYWORDS_TO_USE_UPPER,,}" | |
| docker image ls | |
| docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }} | |
| timeout-minutes: 30 | |
| ############################################## | |
| # Check Docker image security with Trivy # | |
| ############################################## | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| scanners: vuln | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| timeout: 10m0s |