diff --git a/.github/workflows/super-linter-non-slim.yml b/.github/workflows/super-linter-non-slim.yml index b439bf8..4b165b8 100644 --- a/.github/workflows/super-linter-non-slim.yml +++ b/.github/workflows/super-linter-non-slim.yml @@ -30,6 +30,54 @@ on: "Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation." + VALIDATE_KUBERNETES_KUBEVAL: + required: false + type: boolean + default: false + description: > + "Enable kubeval validation for Kubernetes manifests." + VALIDATE_GITHUB_ACTIONS: + required: false + type: boolean + default: false + description: > + "Enable GitHub Actions validation." + VALIDATE_CHECKOV: + required: false + type: boolean + default: false + description: > + "Enable Checkov validation." + VALIDATE_GITLEAKS: + required: false + type: boolean + default: false + description: > + "Enable Gitleaks validation." + VALIDATE_MARKDOWN: + required: false + type: boolean + default: false + description: > + "Enable Markdown validation in include mode." + VALIDATE_YAML: + required: false + type: boolean + default: false + description: > + "Enable YAML validation in include mode." + VALIDATE_MARKDOWN_PRETTIER: + required: false + type: boolean + default: false + description: > + "Enable Markdown Prettier validation." + VALIDATE_YAML_PRETTIER: + required: false + type: boolean + default: false + description: > + "Enable YAML Prettier validation." jobs: build: @@ -48,7 +96,34 @@ jobs: path: ${{ inputs.CODEQUALITY_PATH }} ref: ${{ inputs.CODEQUALITY_REF }} - - name: Lint Code Base + - name: Lint Code Base (include mode) + if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} + uses: github/super-linter@v7 + env: + ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml + ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }} + CHECKOV_FILE_NAME: checkov/.checkov.yaml + DEFAULT_BRANCH: main + GITHUB_TOKEN: ${{ github.token }} + JAVA_FILE_NAME: java/checkstyle/checkstyle.xml + KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas + LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/" + MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml + VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}" + VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }} + VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }} + VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }} + VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }} + VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }} + VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }} + VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }} + VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }} + YAML_CONFIG_FILE: yaml/.yaml-lint.yml + TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl + SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint + + - name: Lint Code Base (exclude mode) + if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} uses: github/super-linter@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 5f4b4da..351d88c 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -39,6 +39,54 @@ on: "Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation." + VALIDATE_KUBERNETES_KUBEVAL: + required: false + type: boolean + default: false + description: > + "Enable kubeval validation for Kubernetes manifests." + VALIDATE_GITHUB_ACTIONS: + required: false + type: boolean + default: false + description: > + "Enable GitHub Actions validation." + VALIDATE_CHECKOV: + required: false + type: boolean + default: false + description: > + "Enable Checkov validation." + VALIDATE_GITLEAKS: + required: false + type: boolean + default: false + description: > + "Enable Gitleaks validation." + VALIDATE_MARKDOWN: + required: false + type: boolean + default: false + description: > + "Enable Markdown validation in include mode." + VALIDATE_YAML: + required: false + type: boolean + default: false + description: > + "Enable YAML validation in include mode." + VALIDATE_MARKDOWN_PRETTIER: + required: false + type: boolean + default: false + description: > + "Enable Markdown Prettier validation." + VALIDATE_YAML_PRETTIER: + required: false + type: boolean + default: false + description: > + "Enable YAML Prettier validation." jobs: build: @@ -60,7 +108,35 @@ jobs: - name: Configure git for private modules run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - - name: Lint Code Base + - name: Lint Code Base (include mode) + if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} + uses: github/super-linter/slim@v7 + env: + ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml + ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }} + CHECKOV_FILE_NAME: checkov/.checkov.yaml + DEFAULT_BRANCH: main + FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}" + GITHUB_TOKEN: ${{ github.token }} + JAVA_FILE_NAME: java/checkstyle/checkstyle.xml + KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas + LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/" + MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml + VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}" + VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }} + VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }} + VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }} + VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }} + VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }} + VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }} + VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }} + VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }} + YAML_CONFIG_FILE: yaml/.yaml-lint.yml + TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl + SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint + + - name: Lint Code Base (exclude mode) + if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} uses: github/super-linter/slim@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml diff --git a/README.md b/README.md index 940d5b9..2993e73 100644 --- a/README.md +++ b/README.md @@ -9,8 +9,80 @@ Use this workflow if your repository consists of multiple file formats (e.g. Jav Add a new workflow file like [this one](.github/workflows/lint.yml) or add the following lines to a existing workflow: ```yaml - call-lint-workflow: - uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +``` + +Optional input to enable kubeval for Kubernetes manifests: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_KUBERNETES_KUBEVAL: true +``` + +Optional input to enable GitHub Actions validation: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_GITHUB_ACTIONS: true +``` + +Optional input to enable Checkov validation: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_CHECKOV: true +``` + +Optional input to enable Gitleaks validation: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_GITLEAKS: true +``` + +Optional input to enable Markdown Prettier validation: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_MARKDOWN_PRETTIER: true +``` + +Optional input to enable YAML Prettier validation: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_YAML_PRETTIER: true +``` + +Optional input to enable Markdown validation in include mode: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_MARKDOWN: true +``` + +Optional input to enable YAML validation in include mode: + +```yaml +call-lint-workflow: +uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0" +with: + VALIDATE_YAML: true ``` ## Terraform