chore(repo): sync with repository template #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ref: <https://github.com/oxsecurity/megalinter/blob/225e1b5c3a044775005d0ec772cabee5d21006ed/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml> | |
# ref: <https://megalinter.io> | |
name: MegaLinter | |
on: | |
push: | |
pull_request: | |
branches: | |
- main | |
env: | |
APPLY_FIXES: all | |
APPLY_FIXES_EVENT: pull_request | |
APPLY_FIXES_MODE: commit | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
megalinter: | |
name: MegaLinter | |
permissions: | |
contents: write | |
issues: write | |
pull-requests: write | |
security-events: write | |
statuses: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ github.token }} | |
- id: ml | |
name: MegaLinter | |
uses: oxsecurity/megalinter@v8 | |
# ref: <https://megalinter.io/latest/config-file/> | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Common Variables | |
MEGALINTER_CONFIG: .github/.mega-linter.yaml | |
VALIDATE_ALL_CODEBASE: true | |
# Linters | |
PYTHON_PYRIGHT_DISABLE_ERRORS: true | |
# Reporters | |
TEXT_REPORTER: true | |
GITHUB_COMMENT_REPORTER: true | |
GITHUB_STATUS_REPORTER: true | |
SARIF_REPORTER: true | |
UPDATED_SOURCES_REPORTER: true | |
CONFIG_REPORTER: true | |
CONSOLE_REPORTER: true | |
JSON_REPORTER: true | |
MARKDOWN_SUMMARY_REPORTER: true | |
- if: success() || failure() | |
name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MegaLinter reports | |
path: |- | |
mega-linter.log | |
megalinter-reports/ | |
- if: success() || failure() | |
name: Upload MegaLinter scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: megalinter-reports/megalinter-report.sarif | |
- if: success() || failure() | |
name: Add GitHub summary | |
run: cat megalinter-reports/megalinter-report.md >> "$GITHUB_STEP_SUMMARY" | |
- name: Remove MegaLinter reports | |
run: >- | |
sudo rm --force --recursive | |
.checkov.yml | |
.devskim.json | |
kics.config | |
mega-linter.log | |
megalinter-reports/ | |
- id: cpr | |
if: >- | |
steps.ml.outputs.has_updated_sources == 1 && | |
( | |
env.APPLY_FIXES_EVENT == 'all' || | |
env.APPLY_FIXES_EVENT == github.event_name | |
) && | |
env.APPLY_FIXES_MODE == 'pull_request' && | |
( | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
) && | |
!contains(github.event.head_commit.message, 'skip fix') | |
name: Create Pull Request with applied fixes | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
token: ${{ github.token }} | |
commit-message: "chore(MegaLinter): apply linters automatic fixes" | |
title: "chore(MegaLinter): apply linters automatic fixes" | |
# TODO: add labels | |
- if: >- | |
steps.ml.outputs.has_updated_sources == 1 && | |
( | |
env.APPLY_FIXES_EVENT == 'all' || | |
env.APPLY_FIXES_EVENT == github.event_name | |
) && | |
env.APPLY_FIXES_MODE == 'pull_request' && | |
( | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
) && | |
!contains(github.event.head_commit.message, 'skip fix') | |
name: Create PR output | |
run: | | |
echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}" | |
- if: >- | |
steps.ml.outputs.has_updated_sources == 1 && | |
( | |
env.APPLY_FIXES_EVENT == 'all' || | |
env.APPLY_FIXES_EVENT == github.event_name | |
) && | |
env.APPLY_FIXES_MODE == 'commit' && | |
github.ref != 'refs/heads/main' && | |
( | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
) && | |
!contains(github.event.head_commit.message, 'skip fix') | |
name: Prepare commit | |
run: sudo chown -Rc $UID .git/ | |
- if: >- | |
steps.ml.outputs.has_updated_sources == 1 && | |
( | |
env.APPLY_FIXES_EVENT == 'all' || | |
env.APPLY_FIXES_EVENT == github.event_name | |
) && | |
env.APPLY_FIXES_MODE == 'commit' && | |
github.ref != 'refs/heads/main' && | |
( | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
) && | |
!contains(github.event.head_commit.message, 'skip fix') | |
name: Commit and push applied linter fixes | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
branch: >- | |
${{ | |
github.event.pull_request.head.ref || | |
github.head_ref || | |
github.ref | |
}} | |
commit_message: "chore(MegaLinter): apply linters fixes" | |
commit_user_name: megalinter-bot | |
commit_user_email: nicolas.vuillamy@ox.security |