Fully Templated Docker cached build job

Fully Templated Docker cached build job
- most parameters are defaulted based on git variables
- all of defaulted parameters can be overwritten using inputs
- fixes to existing workflows due to naming convention miss-match between action pull_request and push

Signed-off-by: Milosz Linkiewicz <[email protected]>

.github/configs/super-linter/.golangci.yml

@@ -31,12 +31,7 @@ linters-settings:
     check-blank: true
   govet:
     enable:
-      # report about shadowed variables
-      - shadowing
+      - shadow
   gocyclo:
     # minimal code complexity to report, 30 by default
     min-complexity: 15
-  maligned:
-    # print struct with more effective memory layout or not, false by default
-    suggest-new: true
-

.github/workflows/codeql.yml

@@ -20,7 +20,7 @@ permissions:
   contents: read
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || env.GITHUB_SHA }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number ||  github.sha }}
   cancel-in-progress: true
 
 jobs:

.github/workflows/coverity.yml

@@ -21,7 +21,7 @@ permissions:
   contents: read
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || env.GITHUB_SHA }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
 jobs:
@@ -93,7 +93,7 @@ jobs:
             ${{ github.workspace }}/ffmpeg-plugin/configure-ffmpeg.sh && \
             ${{ github.workspace }}/ffmpeg-plugin/build-ffmpeg.sh
 
-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
       with:
         name: coverity-reports
         path: '${{ github.workspace }}/cov-int'

.github/workflows/dependency-review.yml

@@ -9,7 +9,7 @@ env:
   LINTER_RULES_PATH: .github/configs/super-linter
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || env.GITHUB_SHA }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
 jobs:
@@ -32,8 +32,14 @@ jobs:
     name: 'super-linter: Workflow initializing'
     runs-on: 'ubuntu-22.04'
     permissions:
-      statuses: write
+      contents: read
+      packages: read
     timeout-minutes: 90
+    env:
+      SUPER_LINTER_OUTPUT_DIRECTORY_NAME: super-linter-output
+      SUPER_LINTER_SUMMARY_FILE_NAME: super-linter-summary.md
+      SAVE_SUPER_LINTER_SUMMARY: true
+      ENABLE_GITHUB_ACTIONS_STEP_SUMMARY : true
     steps:
     - name: 'super-linter: Harden Runner'
       uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
@@ -46,7 +52,26 @@ jobs:
         fetch-depth: 0
         ref: ${{ inputs.branch }}
 
-    - name: 'super-linter: perform supe-linter scan workflow.'
-      uses: super-linter/super-linter@v7.2.0 # x-release-please-version
+    - name: 'super-linter: perform super-linter scan workflow.'
+      uses: super-linter/super-linter/slim@e1cb86b6e8d119f789513668b4b30bf17fe1efe4 # v7.2.0 x-release-please-version
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        DISABLE_ERRORS: true
+        VALIDATE_PROTOBUF: true
+        VALIDATE_MARKDOWN: true
+        VALIDATE_MARKDOWN_PRETTIER: true
+        VALIDATE_JSONC: true
+        VALIDATE_GO: true
+        VALIDATE_GITHUB_ACTIONS: true
+        VALIDATE_CPP: true
+        VALIDATE_CLANG_FORMAT: true
+        VALIDATE_BASH: true
+        VALIDATE_BASH_EXEC: true
+
+    - name: 'super-linter: upload linter results as an artifact.'
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      if: env.SAVE_SUPER_LINTER_SUMMARY == 'true' || env.ENABLE_GITHUB_ACTIONS_STEP_SUMMARY == 'true'
+      with:
+        name: coverity-reports
+        path:
+          '${{ github.workspace }}/${{ env.SUPER_LINTER_OUTPUT_DIRECTORY_NAME }}/${{ env.SUPER_LINTER_SUMMARY_FILE_NAME }}'