Fix/megalinter #1137
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# MegaLinter GitHub Action configuration file | |
# More info at https://megalinter.io | |
name: MegaLinter | |
on: | |
push: | |
branches: [main, "release/**"] | |
pull_request: | |
branches: [main] | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
env: # Comment env block if you do not want to apply fixes | |
# Apply linter fixes configuration | |
APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) | |
APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) | |
APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) | |
jobs: | |
build: | |
name: MegaLinter | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: MegaLinter | |
id: ml | |
uses: oxsecurity/megalinter/flavors/java@v8.1.0 | |
env: | |
# All available variables are described in documentation | |
# https://megalinter.io/configuration/ | |
LINTER_RULES_PATH: "tools" | |
VALIDATE_ALL_CODEBASE: true | |
DISABLE: "COPYPASTE,SPELL" | |
DISABLE_LINTERS: "REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_GRYPE,SPELL_LYCHEE,JSON_JSONLINT,MARKDOWN_MARKDOWN_LINK_CHECK" | |
EXCLUDED_DIRECTORIES: ".git,.github,.devcontainer,target,avrorecord" | |
FILTER_REGEX_EXCLUDE: "catalog-info.yaml" | |
JAVA_CHECKSTYLE_CONFIG_FILE: "checkstyle.xml" | |
REPOSITORY_CHECKOV_ARGUMENTS: "--skip-check CKV2_GHA_1,CKV_DOCKER_2,CKV_GHA_7,CKV_SECRET_6" | |
- name: Archive production artifacts | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MegaLinter reports | |
path: | | |
megalinter-reports | |
mega-linter.log | |
# Create pull request if applicable (for now works only on PR from same repository, not from forks) | |
- name: Create Pull Request with applied fixes | |
id: cpr | |
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')}} | |
uses: peter-evans/create-pull-request@v7.0.5 | |
with: | |
token: ${{ secrets.WRITE_PACKAGE_PAT }} | |
commit-message: "[MegaLinter] Apply linters automatic fixes" | |
title: "[MegaLinter] Apply linters automatic fixes" | |
labels: bot | |
branch-token: ${{ secrets.GITHUB_TOKEN }} | |
sign-commits: true | |
- name: Create PR output | |
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')}} | |
run: | | |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" | |
- name: Check for changes | |
id: git_status | |
run: | | |
if git diff --quiet; then | |
echo "changes=false" >> $GITHUB_ENV | |
echo "No changes detected." | |
else | |
echo "Changes detected" | |
echo "changes=true" >> $GITHUB_ENV | |
fi | |
# Push new commit if applicable (for now works only on PR from same repository, not from forks) | |
- name: Prepare commit | |
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') && env.changes == 'true' }} | |
run: sudo chown -Rc $UID .git/ | |
- name: Setup git and add changes | |
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') && env.changes == 'true' }} | |
env: | |
branch_name: ${{ github.head_ref || github.ref_name }} | |
run: | | |
git config --global user.email "nicolas.vuillamy@ox.security" | |
git config --global user.name "megalinter-bot" | |
git config --global commit.gpgSign false | |
git checkout -b $branch_name | |
git add -A | |
- name: Commit applied linter fixes | |
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') && env.changes == 'true' }} | |
id: commit | |
uses: qoomon/actions--create-commit@v1 | |
with: | |
message: "[MegaLinter] Apply linters fixes" | |
allow-empty: false | |
- name: Push changes | |
if: ${{ steps.commit.outputs.commit || env.changes == 'true' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
git push origin ${{ github.head_ref || github.ref_name }} |