Skip to content

Add ShellCheck toggle and kubeval file selector to super‑linter #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
schuster-riege merged 1 commit into from
Apr 2, 2026
Merged

Add ShellCheck toggle and kubeval file selector to super‑linter #87

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions .github/workflows/super-linter-non-slim.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,12 @@ on:
default: false
description: >
"Enable kubeval validation for Kubernetes manifests."
KUBERNETES_KUBEVAL_FILE_NAME:
required: false
type: string
default: ""
description: >
"Regex to select Kubernetes manifest files for kubeval."
VALIDATE_GITHUB_ACTIONS:
required: false
type: boolean
Expand All @@ -54,6 +60,12 @@ on:
default: false
description: >
"Enable Gitleaks validation."
VALIDATE_BASH:
required: false
type: boolean
default: false
description: >
"Enable ShellCheck validation."
VALIDATE_MARKDOWN:
required: false
type: boolean
Expand Down Expand Up @@ -97,7 +109,7 @@ jobs:
ref: ${{ inputs.CODEQUALITY_REF }}

- name: Lint Code Base (include mode)
if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
uses: github/super-linter@v7
env:
ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
Expand All @@ -106,24 +118,27 @@ jobs:
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ github.token }}
JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}"
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}"
# Super-linter treats any set VALIDATE_* env as enabled; keep empty unless true.
VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }}
VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
YAML_CONFIG_FILE: yaml/.yaml-lint.yml
TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint

- name: Lint Code Base (exclude mode)
if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
uses: github/super-linter@v7
env:
ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
Expand All @@ -132,6 +147,7 @@ jobs:
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ github.token }}
JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
# KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}"
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
Expand Down
20 changes: 18 additions & 2 deletions .github/workflows/super-linter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ on:
default: false
description: >
"Enable kubeval validation for Kubernetes manifests."
KUBERNETES_KUBEVAL_FILE_NAME:
required: false
type: string
default: ""
description: >
"Regex to select Kubernetes manifest files for kubeval."
VALIDATE_GITHUB_ACTIONS:
required: false
type: boolean
Expand All @@ -63,6 +69,12 @@ on:
default: false
description: >
"Enable Gitleaks validation."
VALIDATE_BASH:
required: false
type: boolean
default: false
description: >
"Enable ShellCheck validation."
VALIDATE_MARKDOWN:
required: false
type: boolean
Expand Down Expand Up @@ -109,7 +121,7 @@ jobs:
run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"

- name: Lint Code Base (include mode)
if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
uses: github/super-linter/slim@v7
env:
ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
Expand All @@ -119,24 +131,27 @@ jobs:
FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
GITHUB_TOKEN: ${{ github.token }}
JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}"
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}"
# Super-linter treats any set VALIDATE_* env as enabled; keep empty unless true.
VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }}
VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
YAML_CONFIG_FILE: yaml/.yaml-lint.yml
TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint

- name: Lint Code Base (exclude mode)
if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
uses: github/super-linter/slim@v7
env:
ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
Expand All @@ -146,6 +161,7 @@ jobs:
FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
GITHUB_TOKEN: ${{ github.token }}
JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
# KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}"
KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
Expand Down
19 changes: 19 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,16 @@ with:
VALIDATE_KUBERNETES_KUBEVAL: true
```

Optional input to control which files kubeval validates:

```yaml
call-lint-workflow:
uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
with:
VALIDATE_KUBERNETES_KUBEVAL: true
KUBERNETES_KUBEVAL_FILE_NAME: \\.ya?ml$
```

Optional input to enable GitHub Actions validation:

```yaml
Expand Down Expand Up @@ -49,6 +59,15 @@ with:
VALIDATE_GITLEAKS: true
```

Optional input to enable ShellCheck validation:

```yaml
call-lint-workflow:
uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
with:
VALIDATE_BASH: true
```

Optional input to enable Markdown Prettier validation:

```yaml
Expand Down