Skip to content

Commit

Permalink
chore(repo): sync with repository template
Browse files Browse the repository at this point in the history
  • Loading branch information
liblaf-bot[bot] committed Oct 12, 2024
1 parent c47f266 commit 00b6b19
Show file tree
Hide file tree
Showing 9 changed files with 290 additions and 10 deletions.
18 changes: 18 additions & 0 deletions .cspell.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"$schema": "https://raw.githubusercontent.com/streetsidesoftware/cspell/main/packages/cspell-types/cspell.schema.json",
"version": "0.2",
"language": "en",
"words": [],
"ignorePaths": [
".vscode",
"**/.cspell.*",
"**/.git/**",
"**/*-lock.*",
"**/*.lock*",
"**/node_modules/**",
"**/vscode-extension/**",
"megalinter",
"report"
],
"allowCompoundWords": true
}
6 changes: 6 additions & 0 deletions .github/auto-label.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@

language:
pullrequest: true
labelprefix: "lang: "

path:
pullrequest: true
paths:
docs: "type: docs"

staleness:
pullrequest: true
Expand Down
1 change: 1 addition & 0 deletions .github/blunderbuss.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ assign_prs:

ignore_authors:
- dependabot[bot]
- pre-commit-ci[bot]
- renovate[bot]
9 changes: 9 additions & 0 deletions .github/megalinter/.checkov.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# ref: <https://github.com/oxsecurity/megalinter/blob/225e1b5c3a044775005d0ec772cabee5d21006ed/TEMPLATES/.checkov.yml>

# You can see all available properties here: https://github.com/bridgecrewio/checkov#configuration-using-a-config-file
quiet: true

skip-check:
- CKV_DOCKER_2
- CKV_GHA_7
- CKV2_GHA_1
4 changes: 4 additions & 0 deletions .github/megalinter/.devskim.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"IgnoreRuleIds": ["DS176209"],
"Globs": ["**/.git/**", "**/megalinter-reports/**"]
}
2 changes: 2 additions & 0 deletions .github/megalinter/kics.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
exclude-queries:
- 555ab8f9-2001-455e-a077-f2d0f41e2fb9
202 changes: 202 additions & 0 deletions .github/workflows/megalinter.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,202 @@
# ref: <https://github.com/oxsecurity/megalinter/blob/225e1b5c3a044775005d0ec772cabee5d21006ed/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml>

# MegaLinter GitHub Action configuration file
# More info at https://megalinter.io
---
name: MegaLinter

# Trigger mega-linter at every push. Action will also be visible from
# Pull Requests to main
on:
# Comment this line to trigger action only on pull-requests
# (not recommended if you don't pay for GH Actions)
push:

pull_request:
branches:
- main
- master

# Comment env block if you do not want to apply fixes
env:
# Apply linter fixes configuration
#
# When active, APPLY_FIXES must also be defined as environment variable
# (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES: all

# Decide which event triggers application of fixes in a commit or a PR
# (pull_request, push, all)
APPLY_FIXES_EVENT: pull_request

# If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
# or posted in a PR (pull_request)
APPLY_FIXES_MODE: commit

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
megalinter:
name: MegaLinter
runs-on: ubuntu-latest

# Give the default GITHUB_TOKEN write permission to commit and push, comment
# issues, and post new Pull Requests; remove the ones you do not need
permissions:
contents: write
issues: write
pull-requests: write

steps:
# Git Checkout
- name: Checkout Code
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}

# If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
# improve performance
fetch-depth: 0

# MegaLinter
- name: MegaLinter

# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/latest/flavors/
uses: oxsecurity/megalinter@v8

id: ml

# All available variables are described in documentation
# https://megalinter.io/latest/config-file/
env:
# Validates all source when push on main, else just the git diff with
# main. Override with true if you always want to lint all sources
#
# To validate the entire codebase, set to:
# VALIDATE_ALL_CODEBASE: true
#
# To validate only diff with main, set to:
# VALIDATE_ALL_CODEBASE: >-
# ${{
# github.event_name == 'push' &&
# github.ref == 'refs/heads/main'
# }}
VALIDATE_ALL_CODEBASE: true

GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# Uncomment to use ApiReporter (Grafana)
# API_REPORTER: true
# API_REPORTER_URL: ${{ secrets.API_REPORTER_URL }}
# API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_BASIC_AUTH_USERNAME }}
# API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_BASIC_AUTH_PASSWORD }}
# API_REPORTER_METRICS_URL: ${{ secrets.API_REPORTER_METRICS_URL }}
# API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_USERNAME }}
# API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_PASSWORD }}
# API_REPORTER_DEBUG: false

# ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF
# .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
MARKDOWN_SUMMARY_REPORTER: true
continue-on-error: true

- if: success() || failure()
name: Add GitHub Summary
run: cat megalinter-reports/megalinter-report.md >> "$GITHUB_STEP_SUMMARY"

# Upload MegaLinter artifacts
- name: Archive production artifacts
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
# Create pull request if applicable
# (for now works only on PR from same repository, not from forks)
- name: Create Pull Request with applied fixes
uses: peter-evans/create-pull-request@v6
id: cpr
if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'pull_request' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[MegaLinter] Apply linters automatic fixes"
title: "[MegaLinter] Apply linters automatic fixes"
labels: bot

- name: Create PR output
if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'pull_request' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
run: |
echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
# Push new commit if applicable
# (for now works only on PR from same repository, not from forks)
- name: Prepare commit
if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'commit' &&
github.ref != 'refs/heads/main' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
run: sudo chown -Rc $UID .git/

- name: Commit and push applied linter fixes
uses: stefanzweifel/git-auto-commit-action@v5
if: >-
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
env.APPLY_FIXES_MODE == 'commit' &&
github.ref != 'refs/heads/main' &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
) &&
!contains(github.event.head_commit.message, 'skip fix')
with:
branch: >-
${{
github.event.pull_request.head.ref ||
github.head_ref ||
github.ref
}}
commit_message: "[MegaLinter] Apply linters fixes"
commit_user_name: megalinter-bot
commit_user_email: nicolas.vuillamy@ox.security
43 changes: 43 additions & 0 deletions .mega-linter.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/megalinter/megalinter/main/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json

# Configuration file for MegaLinter
#
# See all available variables at https://megalinter.io/latest/config-file/ and in
# linters documentation

# all, none, or list of linter keys
APPLY_FIXES: all

# If you use ENABLE variable, all other languages/formats/tooling-formats will
# be disabled by default
# ENABLE:

# If you use ENABLE_LINTERS variable, all other linters will be disabled by
# default
# ENABLE_LINTERS:

# DISABLE:
# - COPYPASTE # Uncomment to disable checks of excessive copy-pastes
# - SPELL # Uncomment to disable checks of spelling mistakes

SHOW_ELAPSED_TIME: true

FILEIO_REPORTER: false
# Uncomment if you want MegaLinter to detect errors but not block CI to pass
# DISABLE_ERRORS: true

DISABLE_LINTERS:
- BASH_EXEC
- PYTHON_BANDIT
- PYTHON_BLACK
- PYTHON_FLAKE8
- PYTHON_ISORT
- PYTHON_MYPY
- PYTHON_PYLINT

DISABLE_ERRORS_LINTERS:
- SPELL_CSPELL

REPOSITORY_CHECKOV_CONFIG_FILE: .github/megalinter/.checkov.yml
REPOSITORY_DEVSKIM_CONFIG_FILE: .github/megalinter/.devskim.json
REPOSITORY_KICS_CONFIG_FILE: .github/megalinter/kics.config
15 changes: 5 additions & 10 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ ci:
- cspell
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.5.6
rev: v0.6.5
hooks:
- id: ruff
args:
Expand All @@ -26,14 +26,9 @@ repos:
- --modifylinebreaks
- --GCString
- repo: https://github.com/commitizen-tools/commitizen
rev: v3.28.0
rev: v3.29.0
hooks:
- id: commitizen
- repo: https://github.com/liblaf/pre-commit-hooks
rev: dev
hooks:
- id: prettier
exclude: (.*-lock\..*)|(.*\.lock)$
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
Expand All @@ -57,16 +52,16 @@ repos:
- id: mixed-line-ending
- id: trailing-whitespace
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.29.1
rev: 0.29.2
hooks:
- id: check-github-workflows
- repo: https://github.com/sirosen/texthooks
rev: 0.6.6
rev: 0.6.7
hooks:
- id: fix-ligatures
- id: fix-spaces
- id: forbid-bidi-controls
- repo: https://github.com/streetsidesoftware/cspell-cli
rev: v8.13.1
rev: v8.13.3
hooks:
- id: cspell

0 comments on commit 00b6b19

Please sign in to comment.