diff --git a/CHANGELOG.md b/CHANGELOG.md index fd3ec9fd3ff..76c59ea76b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-linter.yml file, or with `oxsecurity/megalinter:beta` docker image +- Workflow job name changed from `build` to `megalinter` to prevent conflicts with other workflows - Linter versions upgrades - Secretlint logo - reduce size to 150 and remove background - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.4.1 to **1.5.0** on 2023-08-11 diff --git a/README.md b/README.md index 2e56e3c2090..ce6d4ac3f74 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ _Github PR reporter_ ## Table of Contents -- [MegaLinter, by](#megalinter-by-) +- [MegaLinter, by ](#megalinter-by-) - [Table of Contents](#table-of-contents) - [Why MegaLinter](#why-megalinter) - [Quick Start](#quick-start) @@ -136,6 +136,7 @@ _Github PR reporter_ - [Frequently Asked Questions](#frequently-asked-questions) - [How to contribute](#how-to-contribute) - [Special thanks](#special-thanks) + - [Maintainers](#maintainers) - [Contributors](#contributors) - [Open-source teams](#open-source-teams) - [Super-Linter team](#super-linter-team) @@ -443,7 +444,7 @@ concurrency: cancel-in-progress: true jobs: - build: + megalinter: name: MegaLinter runs-on: ubuntu-latest permissions: diff --git a/TEMPLATES/mega-linter.yml b/TEMPLATES/mega-linter.yml index 3f5f69a921b..8fa4bd91490 100644 --- a/TEMPLATES/mega-linter.yml +++ b/TEMPLATES/mega-linter.yml @@ -1,91 +1,189 @@ ---- # MegaLinter GitHub Action configuration file # More info at https://megalinter.io +--- name: MegaLinter +# Trigger mega-linter at every push. Action will also be visible from Pull +# Requests to main on: - # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main - push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions) + # Comment this line to trigger action only on pull-requests + # (not recommended if you don't pay for GH Actions) + push: + pull_request: - branches: [master, main] + branches: + - main + - master -env: # Comment env block if you do not want to apply fixes +# Comment env block if you do not want to apply fixes +env: # Apply linter fixes configuration - APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) - APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) - APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) + # + # When active, APPLY_FIXES must also be defined as environment variable + # (in github/workflows/mega-linter.yml or other CI tool) + APPLY_FIXES: all + + # Decide which event triggers application of fixes in a commit or a PR + # (pull_request, push, all) + APPLY_FIXES_EVENT: pull_request + + # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) + # or posted in a PR (pull_request) + APPLY_FIXES_MODE: commit concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true jobs: - build: + megalinter: name: MegaLinter runs-on: ubuntu-latest + + # Give the default GITHUB_TOKEN write permission to commit and push, comment + # issues & post new PR; remove the ones you do not need permissions: - # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR - # Remove the ones you do not need contents: write issues: write pull-requests: write + steps: + # Git Checkout - name: Checkout Code uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances + + # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to + # improve performance + fetch-depth: 0 # MegaLinter - name: MegaLinter - id: ml + # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/flavors/ uses: oxsecurity/megalinter@v7 + + id: ml + + # All available variables are described in documentation + # https://megalinter.io/configuration/ env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # Validates all source when push on main, else just the git diff with main. Override with true if you always want to lint all sources + + # Validates all source when push on main, else just the git diff with + # main. Override with true if you always want to lint all sources + # + # To validate the entire codebase, set to: + # VALIDATE_ALL_CODEBASE: true + # + # To validate only diff with main, set to: + # VALIDATE_ALL_CODEBASE: >- + # ${{ + # github.event_name == 'push' && + # github.ref == 'refs/heads/main' + # }} + VALIDATE_ALL_CODEBASE: >- + ${{ + github.event_name == 'push' && + github.ref == 'refs/heads/main' + }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY - # DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks + + # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE + # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY + + # Uncomment to disable copy-paste and spell checks + # DISABLE: COPYPASTE,SPELL # Upload MegaLinter artifacts - name: Archive production artifacts - if: ${{ success() }} || ${{ failure() }} uses: actions/upload-artifact@v3 + if: ${{ success() }} || ${{ failure() }} with: name: MegaLinter reports path: | megalinter-reports mega-linter.log - # Create pull request if applicable (for now works only on PR from same repository, not from forks) + # Create pull request if applicable + # (for now works only on PR from same repository, not from forks) - name: Create Pull Request with applied fixes - id: cpr - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) uses: peter-evans/create-pull-request@v5 + id: cpr + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'pull_request' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} commit-message: "[MegaLinter] Apply linters automatic fixes" title: "[MegaLinter] Apply linters automatic fixes" labels: bot + - name: Create PR output - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'pull_request' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}" - # Push new commit if applicable (for now works only on PR from same repository, not from forks) + # Push new commit if applicable + # (for now works only on PR from same repository, not from forks) - name: Prepare commit - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'commit' && + github.ref != 'refs/heads/main' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) run: sudo chown -Rc $UID .git/ + - name: Commit and push applied linter fixes - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) uses: stefanzweifel/git-auto-commit-action@v4 + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'commit' && + github.ref != 'refs/heads/main' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) with: - branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} + branch: >- + ${{ + github.event.pull_request.head.ref || + github.head_ref || + github.ref + }} commit_message: "[MegaLinter] Apply linters fixes" commit_user_name: megalinter-bot commit_user_email: nicolas.vuillamy@ox.security diff --git a/mega-linter-runner/generators/mega-linter/index.js b/mega-linter-runner/generators/mega-linter/index.js index 6acc9681fc9..86426f5d1e3 100644 --- a/mega-linter-runner/generators/mega-linter/index.js +++ b/mega-linter-runner/generators/mega-linter/index.js @@ -193,9 +193,13 @@ When you don't know what option to select, please use default values` } // VALIDATE_ALL_CODE_BASE if (this.props.validateAllCodeBase === "all") { - this.validateAllCodeBaseGha = `true # Set \${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} to validate only diff with main branch`; + this.validateAllCodeBaseGha = "true"; } else { - this.validateAllCodeBaseGha = `\${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # Validates all source when push on main, else just the git diff with main. Set 'true' if you always want to lint all sources`; + this.validateAllCodeBaseGha = ">-\n" + this.validateAllCodeBaseGha += " ${{"; + this.validateAllCodeBaseGha += " github.event_name == 'push' &&" + this.validateAllCodeBaseGha += " github.ref == 'refs/heads/main'" + this.validateAllCodeBaseGha += " }}"; } this.disable = false; // COPY PASTES diff --git a/mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml b/mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml index 71438a33268..43531b5eda7 100644 --- a/mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml +++ b/mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml @@ -3,15 +3,23 @@ mega-linter: stage: test + # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/flavors/ image: <%= DOCKER_IMAGE_NAME %>:<%= DOCKER_IMAGE_VERSION %> - script: ["true"] # if script: ["true"] does not work, you may try -> script: [ "/bin/bash /entrypoint.sh" ] + + # if script: ["true"] does not work, you may try this instead: + # script: [ "/bin/bash /entrypoint.sh" ] + script: ["true"] + variables: # All available variables are described in documentation # https://megalinter.io/configuration/ DEFAULT_WORKSPACE: $CI_PROJECT_DIR - # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY + + # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml + # AT THE ROOT OF YOUR REPOSITORY + artifacts: when: always paths: diff --git a/mega-linter-runner/generators/mega-linter/templates/.mega-linter.yml b/mega-linter-runner/generators/mega-linter/templates/.mega-linter.yml index bb570ab5998..98f2f342478 100644 --- a/mega-linter-runner/generators/mega-linter/templates/.mega-linter.yml +++ b/mega-linter-runner/generators/mega-linter/templates/.mega-linter.yml @@ -1,12 +1,26 @@ # Configuration file for MegaLinter -# See all available variables at https://megalinter.io/configuration/ and in linters documentation +# +# See all available variables at https://megalinter.io/configuration/ and in +# linters documentation + +# all, none, or list of linter keys +APPLY_FIXES: <%= APPLY_FIXES %> + +# If you use ENABLE variable, all other languages/formats/tooling-formats will +# be disabled by default +# ENABLE: + +# If you use ENABLE_LINTERS variable, all other linters will be disabled by +# default +# ENABLE_LINTERS: -APPLY_FIXES: <%= APPLY_FIXES %> # all, none, or list of linter keys -# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default -# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default <%= DISABLE %> <%= COPYPASTE %> <%= SPELL %> + SHOW_ELAPSED_TIME: <%= SHOW_ELAPSED_TIME %> + FILEIO_REPORTER: <%= FILEIO_REPORTER %> -# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass + +# Uncomment if you want MegaLinter to detect errors but not block CI to pass +# DISABLE_ERRORS: true diff --git a/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml b/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml index 5dc948525f0..bc917c71b29 100644 --- a/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml +++ b/mega-linter-runner/generators/mega-linter/templates/mega-linter.yml @@ -1,90 +1,184 @@ ---- # MegaLinter GitHub Action configuration file # More info at https://megalinter.io +--- name: MegaLinter +# Trigger mega-linter at every push. Action will also be visible from +# Pull Requests to main on: - # Trigger mega-linter at every push. Action will also be visible from Pull Requests to master - push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions) + # Comment this line to trigger action only on pull-requests + # (not recommended if you don't pay for GH Actions) + push: + pull_request: - branches: [master, main] + branches: + - main + - master -env: # Comment env block if you do not want to apply fixes +# Comment env block if you do not want to apply fixes +env: # Apply linter fixes configuration - APPLY_FIXES: <%= APPLY_FIXES %> # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) - APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) - APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) + # + # When active, APPLY_FIXES must also be defined as environment variable + # (in github/workflows/mega-linter.yml or other CI tool) + APPLY_FIXES: <%= APPLY_FIXES %> + + # Decide which event triggers application of fixes in a commit or a PR + # (pull_request, push, all) + APPLY_FIXES_EVENT: pull_request + + # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) + # or posted in a PR (pull_request) + APPLY_FIXES_MODE: commit concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true jobs: - build: + megalinter: name: MegaLinter runs-on: ubuntu-latest + + # Give the default GITHUB_TOKEN write permission to commit and push, comment + # issues, and post new Pull Requests; remove the ones you do not need permissions: - # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR - # Remove the ones you do not need contents: write issues: write pull-requests: write + steps: # Git Checkout - name: Checkout Code uses: actions/checkout@v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances + + # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to + # improve performance + fetch-depth: 0 # MegaLinter - name: MegaLinter - id: ml + # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/flavors/ uses: <%= GITHUB_ACTION_NAME %>@<%= GITHUB_ACTION_VERSION %> + + id: ml + + # All available variables are described in documentation + # https://megalinter.io/configuration/ env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ + # Validates all source when push on main, else just the git diff with + # main. Override with true if you always want to lint all sources + # + # To validate the entire codebase, set to: + # VALIDATE_ALL_CODEBASE: true + # + # To validate only diff with main, set to: + # VALIDATE_ALL_CODEBASE: >- + # ${{ + # github.event_name == 'push' && + # github.ref == 'refs/heads/main' + # }} VALIDATE_ALL_CODEBASE: <%- VALIDATE_ALL_CODE_BASE_GHA %> + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY + + # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF + # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY # Upload MegaLinter artifacts - name: Archive production artifacts - if: ${{ success() }} || ${{ failure() }} uses: actions/upload-artifact@v3 + if: ${{ success() }} || ${{ failure() }} with: name: MegaLinter reports path: | megalinter-reports mega-linter.log - # Create pull request if applicable (for now works only on PR from same repository, not from forks) + # Create pull request if applicable + # (for now works only on PR from same repository, not from forks) - name: Create Pull Request with applied fixes - id: cpr - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') uses: peter-evans/create-pull-request@v5 + id: cpr + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'pull_request' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) && + !contains(github.event.head_commit.message, 'skip fix') with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} commit-message: "[MegaLinter] Apply linters automatic fixes" title: "[MegaLinter] Apply linters automatic fixes" labels: bot + - name: Create PR output - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'pull_request' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) && + !contains(github.event.head_commit.message, 'skip fix') run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}" - # Push new commit if applicable (for now works only on PR from same repository, not from forks) + # Push new commit if applicable + # (for now works only on PR from same repository, not from forks) - name: Prepare commit - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'commit' && + github.ref != 'refs/heads/main' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) && + !contains(github.event.head_commit.message, 'skip fix') run: sudo chown -Rc $UID .git/ + - name: Commit and push applied linter fixes - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') uses: stefanzweifel/git-auto-commit-action@v4 + if: >- + steps.ml.outputs.has_updated_sources == 1 && + ( + env.APPLY_FIXES_EVENT == 'all' || + env.APPLY_FIXES_EVENT == github.event_name + ) && + env.APPLY_FIXES_MODE == 'commit' && + github.ref != 'refs/heads/main' && + ( + github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository + ) && + !contains(github.event.head_commit.message, 'skip fix') with: - branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} + branch: >- + ${{ + github.event.pull_request.head.ref || + github.head_ref || + github.ref + }} commit_message: "[MegaLinter] Apply linters fixes" commit_user_name: megalinter-bot commit_user_email: nicolas.vuillamy@ox.security