-
Notifications
You must be signed in to change notification settings - Fork 1
158 lines (152 loc) · 6.33 KB
/
super-linter.yml
File metadata and controls
158 lines (152 loc) · 6.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
---
name: Reusable super-linter workflow
on:
workflow_call:
inputs:
CODEQUALITY_PATH:
required: false
type: string
default: "super-linter"
description: "Path name for the code-quality sources."
CODEQUALITY_REF:
required: false
type: string
default: "main"
description: "Reference of the code-quality repo to use."
ANSIBLE_DIRECTORY:
required: false
type: string
default: "/ansible"
description: >
"Flag to set the root directory for Ansible file location(s),
relative to DEFAULT_WORKSPACE. Set to . to use the top-level of
the DEFAULT_WORKSPACE."
FILTER_REGEX_EXCLUDE:
required: false
type: string
default: ""
description: >
"If you need to exclude some files from linting, you can use this.
Do not lint sql files: FILTER_REGEX_EXCLUDE: .*.sql
Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*
Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js"
VALIDATE_ALL_CODEBASE:
required: false
type: boolean
default: false
description: >
"Will parse the entire repository and find all files to validate
across all types. NOTE: When set to false, only new or edited files
will be parsed for validation."
VALIDATE_KUBERNETES_KUBEVAL:
required: false
type: boolean
default: false
description: >
"Enable kubeval validation for Kubernetes manifests."
VALIDATE_GITHUB_ACTIONS:
required: false
type: boolean
default: false
description: >
"Enable GitHub Actions validation."
VALIDATE_CHECKOV:
required: false
type: boolean
default: false
description: >
"Enable Checkov validation."
VALIDATE_GITLEAKS:
required: false
type: boolean
default: false
description: >
"Enable Gitleaks validation."
VALIDATE_MARKDOWN:
required: false
type: boolean
default: false
description: >
"Enable Markdown validation in include mode."
VALIDATE_YAML:
required: false
type: boolean
default: false
description: >
"Enable YAML validation in include mode."
VALIDATE_MARKDOWN_PRETTIER:
required: false
type: boolean
default: false
description: >
"Enable Markdown Prettier validation."
VALIDATE_YAML_PRETTIER:
required: false
type: boolean
default: false
description: >
"Enable YAML Prettier validation."
jobs:
build:
name: Lint Code Base
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Checkout code-quality Code
uses: actions/checkout@v6
with:
repository: riege/code-quality
path: ${{ inputs.CODEQUALITY_PATH }}
ref: ${{ inputs.CODEQUALITY_REF }}
- name: Configure git for private modules
run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
- name: Lint Code Base (include mode)
if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
uses: github/super-linter/slim@v7
env:
ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
CHECKOV_FILE_NAME: checkov/.checkov.yaml
DEFAULT_BRANCH: main
FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
GITHUB_TOKEN: ${{ github.token }}
JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}"
VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
YAML_CONFIG_FILE: yaml/.yaml-lint.yml
TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint
- name: Lint Code Base (exclude mode)
if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
uses: github/super-linter/slim@v7
env:
ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
CHECKOV_FILE_NAME: checkov/.checkov.yaml
DEFAULT_BRANCH: main
FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
GITHUB_TOKEN: ${{ github.token }}
JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}"
VALIDATE_JSCPD: false
VALIDATE_NATURAL_LANGUAGE: false
VALIDATE_KUBERNETES_KUBEVAL: false
YAML_CONFIG_FILE: yaml/.yaml-lint.yml
TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint