Skip to content

Fix/megalinter

Fix/megalinter #1137

Workflow file for this run

---
# MegaLinter GitHub Action configuration file
# More info at https://megalinter.io
name: MegaLinter
on:
push:
branches: [main, "release/**"]
pull_request:
branches: [main]
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env: # Comment env block if you do not want to apply fixes
# Apply linter fixes configuration
APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request)
jobs:
build:
name: MegaLinter
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: MegaLinter
id: ml
uses: oxsecurity/megalinter/flavors/java@v8.1.0
env:
# All available variables are described in documentation
# https://megalinter.io/configuration/
LINTER_RULES_PATH: "tools"
VALIDATE_ALL_CODEBASE: true
DISABLE: "COPYPASTE,SPELL"
DISABLE_LINTERS: "REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_GRYPE,SPELL_LYCHEE,JSON_JSONLINT,MARKDOWN_MARKDOWN_LINK_CHECK"
EXCLUDED_DIRECTORIES: ".git,.github,.devcontainer,target,avrorecord"
FILTER_REGEX_EXCLUDE: "catalog-info.yaml"
JAVA_CHECKSTYLE_CONFIG_FILE: "checkstyle.xml"
REPOSITORY_CHECKOV_ARGUMENTS: "--skip-check CKV2_GHA_1,CKV_DOCKER_2,CKV_GHA_7,CKV_SECRET_6"
- name: Archive production artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
# Create pull request if applicable (for now works only on PR from same repository, not from forks)
- name: Create Pull Request with applied fixes
id: cpr
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')}}
uses: peter-evans/create-pull-request@v7.0.5
with:
token: ${{ secrets.WRITE_PACKAGE_PAT }}
commit-message: "[MegaLinter] Apply linters automatic fixes"
title: "[MegaLinter] Apply linters automatic fixes"
labels: bot
branch-token: ${{ secrets.GITHUB_TOKEN }}
sign-commits: true
- name: Create PR output
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')}}
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
- name: Check for changes
id: git_status
run: |
if git diff --quiet; then
echo "changes=false" >> $GITHUB_ENV
echo "No changes detected."
else
echo "Changes detected"
echo "changes=true" >> $GITHUB_ENV
fi
# Push new commit if applicable (for now works only on PR from same repository, not from forks)
- name: Prepare commit
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') && env.changes == 'true' }}
run: sudo chown -Rc $UID .git/
- name: Setup git and add changes
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') && env.changes == 'true' }}
env:
branch_name: ${{ github.head_ref || github.ref_name }}
run: |
git config --global user.email "nicolas.vuillamy@ox.security"
git config --global user.name "megalinter-bot"
git config --global commit.gpgSign false
git checkout -b $branch_name
git add -A
- name: Commit applied linter fixes
if: ${{ steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') && env.changes == 'true' }}
id: commit
uses: qoomon/actions--create-commit@v1
with:
message: "[MegaLinter] Apply linters fixes"
allow-empty: false
- name: Push changes
if: ${{ steps.commit.outputs.commit || env.changes == 'true' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git push origin ${{ github.head_ref || github.ref_name }}