UNPKG

mega-linter-runner

Version:
226 lines (201 loc) 8.69 kB
# MegaLinter GitHub Action configuration file # More info at https://megalinter.io --- name: MegaLinter # Trigger mega-linter at every push. Action will also be visible from # Pull Requests to main on: # Comment this line to trigger action only on pull-requests # (not recommended if you don't pay for GH Actions) push: pull_request: branches: - main - master # Comment env block if you do not want to apply fixes env: # Apply linter fixes configuration # # When active, APPLY_FIXES must also be defined as environment variable # (in github/workflows/mega-linter.yml or other CI tool) APPLY_FIXES: <%= APPLY_FIXES %> # Decide which event triggers application of fixes in a commit or a PR # (pull_request, push, all) APPLY_FIXES_EVENT: pull_request # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) # or posted in a PR (pull_request) APPLY_FIXES_MODE: commit concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true permissions: {} jobs: megalinter: name: MegaLinter runs-on: ubuntu-latest # Give the default GITHUB_TOKEN write permission to commit and push, comment # issues, and post new Pull Requests; remove the ones you do not need permissions: contents: write issues: write pull-requests: write steps: # Git Checkout - name: Checkout Code uses: actions/checkout@v6 with: # SECURITY NOTE: Using a Personal Access Token (PAT) is NOT # recommended. Open-source projects have been heavily targeted by # supply-chain attacks in recent months, and a leaked PAT can give # attackers broad write access to your repository — better safe # than sorry! If you only need workflows to re-trigger after # MegaLinter applies fixes, prefer one of these safer alternatives: # - Manually re-run the workflow from the GitHub Actions tab, or # - Push another commit on the branch to trigger workflows again. # Only define `secrets.PAT` if you fully understand the trade-off. token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} <%- PERSIST_CREDENTIALS %> # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to # improve performance fetch-depth: 0 # MegaLinter - name: MegaLinter # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/latest/flavors/ uses: <%= GITHUB_ACTION_NAME %>@<%= GITHUB_ACTION_VERSION %> id: ml # All available variables are described in documentation # https://megalinter.io/latest/config-file/ env: # Validates all source when push on main, else just the git diff with # main. Override with true if you always want to lint all sources # # To validate the entire codebase, set to: # VALIDATE_ALL_CODEBASE: true # # To validate only diff with main, set to: # VALIDATE_ALL_CODEBASE: >- # ${{ # github.event_name == 'push' && # github.ref == 'refs/heads/main' # }} VALIDATE_ALL_CODEBASE: <%- VALIDATE_ALL_CODE_BASE_GHA %> # Disable LLM Advisor for bot PRs (dependabot, renovate, etc.) LLM_ADVISOR_ENABLED: >- ${{ github.event_name != 'pull_request' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.user.login != 'renovate[bot]' && github.event.pull_request.user.login != 'github-actions[bot]' && !startsWith(github.event.pull_request.user.login, 'dependabot') && !startsWith(github.event.pull_request.user.login, 'renovate')) }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Uncomment to use ApiReporter (Grafana) # API_REPORTER: true # API_REPORTER_URL: ${{ secrets.API_REPORTER_URL }} # API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_BASIC_AUTH_USERNAME }} # API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_BASIC_AUTH_PASSWORD }} # API_REPORTER_METRICS_URL: ${{ secrets.API_REPORTER_METRICS_URL }} # API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_USERNAME }} # API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_PASSWORD }} # API_REPORTER_DEBUG: false # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY # Upload MegaLinter artifacts - name: Archive production artifacts uses: actions/upload-artifact@v7 if: success() || failure() with: name: MegaLinter reports include-hidden-files: "true" path: | megalinter-reports mega-linter.log # Create pull request if applicable # (for now works only on PR from same repository, not from forks) - name: Create Pull Request with applied fixes uses: peter-evans/create-pull-request@v7 id: cpr if: >- steps.ml.outputs.has_updated_sources == 1 && ( env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name ) && env.APPLY_FIXES_MODE == 'pull_request' && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) && !contains(github.event.head_commit.message, 'skip fix') with: # SECURITY NOTE: see the warning on the checkout step above — # using `secrets.PAT` is NOT recommended for security reasons. # Prefer manually re-running the workflow or pushing another # commit on the branch to trigger workflows again. token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} commit-message: "[MegaLinter] Apply linters automatic fixes" title: "[MegaLinter] Apply linters automatic fixes" labels: bot - name: Create PR output if: >- steps.ml.outputs.has_updated_sources == 1 && ( env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name ) && env.APPLY_FIXES_MODE == 'pull_request' && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) && !contains(github.event.head_commit.message, 'skip fix') env: PR_NUMBER: ${{ steps.cpr.outputs.pull-request-number }} PR_URL: ${{ steps.cpr.outputs.pull-request-url }} run: | echo "PR Number - ${PR_NUMBER}" echo "PR URL - ${PR_URL}" # Push new commit if applicable # (for now works only on PR from same repository, not from forks) - name: Prepare commit if: >- steps.ml.outputs.has_updated_sources == 1 && ( env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name ) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) && !contains(github.event.head_commit.message, 'skip fix') run: sudo chown -Rc $UID .git/ - name: Commit and push applied linter fixes uses: stefanzweifel/git-auto-commit-action@v7 if: >- steps.ml.outputs.has_updated_sources == 1 && ( env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name ) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) && !contains(github.event.head_commit.message, 'skip fix') with: branch: >- ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} commit_message: "[MegaLinter] Apply linters fixes" commit_user_name: megalinter-bot commit_user_email: 129584137+megalinter-bot@users.noreply.github.com