Skip to content

Update oxsecurity/megalinter action to v7 - autoclosed #14

Update oxsecurity/megalinter action to v7 - autoclosed

Update oxsecurity/megalinter action to v7 - autoclosed #14

Workflow file for this run

---
# MegaLinter GitHub Action configuration file
# More info at https://megalinter.github.io
name: MegaLinter
# yamllint disable-line rule:truthy
on:
workflow_dispatch:
pull_request:
branches: [master, main, staging]
types: [opened, reopened, labeled, synchronize]
push:
branches:
- main
permissions: read-all
env: # Comment env block if you do not want to apply fixes
# Apply linter fixes configuration
APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
APPLY_FIXES_MODE: pull_request # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR ()
PRINT_ALL_FILES: true
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
build:
name: MegaLinter
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
statuses: write
pull-requests: write
contents: write
steps:
# Git Checkout
- name: Checkout Code
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
fetch-depth: 0
# MegaLinter
- name: MegaLinter
id: ml
# More info at https://megalinter.github.io/flavors/
uses: oxsecurity/megalinter/flavors/javascript@v7
env:
# https://megalinter.github.io/configuration/
VALIDATE_ALL_CODEBASE: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# CUSTOM SETTINGS FOR MEGALINTER
REPORT_OUTPUT_FOLDER: megalinter-reports
FORMATTERS_DISABLE_ERRORS: true # Treat formatting as a warning
DISABLE: COPYPASTE # Disable categories of linters
DISABLE_LINTERS: JAVASCRIPT_STANDARD,REPOSITORY_TRIVY
SHOW_ELAPSED_TIME: true
FILEIO_REPORTER: false
# eslint
JAVASCRIPT_ES_CONFIG_FILE: ./eslintrc.js
# cspell settings
SPELL_CSPELL_CONFIG_FILE: .github/cspell.json
SPELL_CSPELL_DISABLE_ERRORS: true # Treat misspellings as a warning
# proselint settings
SPELL_PROSELINT_CONFIG_FILE: .github/proselintrc.json
SPELL_PROSELINT_DISABLE_ERRORS: true # Treat misspellings as a warning
# markdownlint
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .github/markdownlint.json
# markdown link check
MARKDOWN_MARKDOWN_LINK_CHECK_CONFIG_FILE: .github/markdown-link-check.json
MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true # Treat dead links as a warning
# checkov settings
REPOSITORY_CHECKOV_CONFIG_FILE: .github/checkov.yml
REPOSITORY_CHECKOV_DISABLE_ERRORS: true # Disable errors until we decide how to handle this one.
# secretlint settings
REPOSITORY_SECRETLINT_CONFIG_FILE: .github/secretlintrc.json
REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignores "**/megalinter-reports/**"
# Other linters
REPOSITORY_GIT_DIFF_DISABLE_ERRORS: true
COPYPASTE_JSCPD_DISABLE_ERRORS: true
ACTION_ACTIONLINT_FILTER_REGEX_EXCLUDE: (defender-sentinel-deployer.yml)
REPOSITORY_GITLEAKS_CONFIG_FILE: .github/gitleaks.toml
YAML_V8R_FILTER_REGEX_EXCLUDE: serverless|\.github/
# code style
JAVASCRIPT_DEFAULT_STYLE: prettier
TYPESCRIPT_DEFAULT_STYLE: prettier
JAVASCRIPT_PRETTIER_CONFIG_FILE: .prettierrc.js
TYPESCRIPT_PRETTIER_CONFIG_FILE: .prettierrc.js
YAML_PRETTIER_CONFIG_FILE: .prettierrc.js
JSON_PRETTIER_CONFIG_FILE: .prettierrc.js
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: ${{ success() }} || ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: MegaLinter reports
path: |
megalinter-reports
# Create pull request if applicable
# Note: This step will fail if megalinter tries to modify any file in the .github/workflow
# directory. Github has a protection that workflows can't modify workflows. Please fix those
# files manually.
- name: Restore Workflow and github_conf Directories
if: ${{ always() }}
run: |
git restore .github/workflows/*.yml
sudo rm -rf github_conf
- name: Create Pull Request with applied fixes
id: cpr
if: ${{ always() }}
# Use head_ref when PR is created and ref_name when manually run
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[MegaLinter] Apply linter automatic fixes"
title: "[MegaLinter] Fixes for ${{ env.BRANCH_NAME }}"
labels: bot
base: ${{ env.BRANCH_NAME }}
branch: auto-fix/${{ env.BRANCH_NAME }}
delete-branch: true # Deletes temp branch after close or merge.
- name: Update PR status
if: ${{ success() }}
# set the merge commit status check
# using GitHub REST API
# see https://docs.github.com/en/rest/reference/repos#create-a-commit-status
run: |
curl --request POST \
--url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }} \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"context": "MegaLinter",
"state": "success",
"description": "MegaLinter checks passed",
"target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}'