Merge pull request #5 from OpenZeppelin/renovate/actions-checkout-4.x #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# MegaLinter GitHub Action configuration file | |
# More info at https://megalinter.github.io | |
name: MegaLinter | |
# yamllint disable-line rule:truthy | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: [master, main, staging] | |
types: [opened, reopened, labeled, synchronize] | |
push: | |
branches: | |
- main | |
permissions: read-all | |
env: # Comment env block if you do not want to apply fixes | |
# Apply linter fixes configuration | |
APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) | |
APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) | |
APPLY_FIXES_MODE: pull_request # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR () | |
PRINT_ALL_FILES: true | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: MegaLinter | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
permissions: | |
statuses: write | |
pull-requests: write | |
contents: write | |
steps: | |
# Git Checkout | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} | |
fetch-depth: 0 | |
# MegaLinter | |
- name: MegaLinter | |
id: ml | |
# More info at https://megalinter.github.io/flavors/ | |
uses: oxsecurity/megalinter/flavors/javascript@v6 | |
env: | |
# https://megalinter.github.io/configuration/ | |
VALIDATE_ALL_CODEBASE: true | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# CUSTOM SETTINGS FOR MEGALINTER | |
REPORT_OUTPUT_FOLDER: megalinter-reports | |
FORMATTERS_DISABLE_ERRORS: true # Treat formatting as a warning | |
DISABLE: COPYPASTE # Disable categories of linters | |
DISABLE_LINTERS: JAVASCRIPT_STANDARD,REPOSITORY_TRIVY | |
SHOW_ELAPSED_TIME: true | |
FILEIO_REPORTER: false | |
# eslint | |
JAVASCRIPT_ES_CONFIG_FILE: ./eslintrc.js | |
# cspell settings | |
SPELL_CSPELL_CONFIG_FILE: .github/cspell.json | |
SPELL_CSPELL_DISABLE_ERRORS: true # Treat misspellings as a warning | |
# proselint settings | |
SPELL_PROSELINT_CONFIG_FILE: .github/proselintrc.json | |
SPELL_PROSELINT_DISABLE_ERRORS: true # Treat misspellings as a warning | |
# markdownlint | |
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .github/markdownlint.json | |
# markdown link check | |
MARKDOWN_MARKDOWN_LINK_CHECK_CONFIG_FILE: .github/markdown-link-check.json | |
MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true # Treat dead links as a warning | |
# checkov settings | |
REPOSITORY_CHECKOV_CONFIG_FILE: .github/checkov.yml | |
REPOSITORY_CHECKOV_DISABLE_ERRORS: true # Disable errors until we decide how to handle this one. | |
# secretlint settings | |
REPOSITORY_SECRETLINT_CONFIG_FILE: .github/secretlintrc.json | |
REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignores "**/megalinter-reports/**" | |
# Other linters | |
REPOSITORY_GIT_DIFF_DISABLE_ERRORS: true | |
COPYPASTE_JSCPD_DISABLE_ERRORS: true | |
ACTION_ACTIONLINT_FILTER_REGEX_EXCLUDE: (defender-sentinel-deployer.yml) | |
REPOSITORY_GITLEAKS_CONFIG_FILE: .github/gitleaks.toml | |
YAML_V8R_FILTER_REGEX_EXCLUDE: serverless|\.github/ | |
# code style | |
JAVASCRIPT_DEFAULT_STYLE: prettier | |
TYPESCRIPT_DEFAULT_STYLE: prettier | |
JAVASCRIPT_PRETTIER_CONFIG_FILE: .prettierrc.js | |
TYPESCRIPT_PRETTIER_CONFIG_FILE: .prettierrc.js | |
YAML_PRETTIER_CONFIG_FILE: .prettierrc.js | |
JSON_PRETTIER_CONFIG_FILE: .prettierrc.js | |
# Upload MegaLinter artifacts | |
- name: Archive production artifacts | |
if: ${{ success() }} || ${{ failure() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: MegaLinter reports | |
path: | | |
megalinter-reports | |
# Create pull request if applicable | |
# Note: This step will fail if megalinter tries to modify any file in the .github/workflow | |
# directory. Github has a protection that workflows can't modify workflows. Please fix those | |
# files manually. | |
- name: Restore Workflow and github_conf Directories | |
if: ${{ always() }} | |
run: | | |
git restore .github/workflows/*.yml | |
sudo rm -rf github_conf | |
- name: Create Pull Request with applied fixes | |
id: cpr | |
if: ${{ always() }} | |
# Use head_ref when PR is created and ref_name when manually run | |
env: | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
uses: peter-evans/create-pull-request@v4 | |
with: | |
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} | |
commit-message: "[MegaLinter] Apply linter automatic fixes" | |
title: "[MegaLinter] Fixes for ${{ env.BRANCH_NAME }}" | |
labels: bot | |
base: ${{ env.BRANCH_NAME }} | |
branch: auto-fix/${{ env.BRANCH_NAME }} | |
delete-branch: true # Deletes temp branch after close or merge. | |
- name: Update PR status | |
if: ${{ success() }} | |
# set the merge commit status check | |
# using GitHub REST API | |
# see https://docs.github.com/en/rest/reference/repos#create-a-commit-status | |
run: | | |
curl --request POST \ | |
--url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }} \ | |
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
--header 'content-type: application/json' \ | |
--data '{ | |
"context": "MegaLinter", | |
"state": "success", | |
"description": "MegaLinter checks passed", | |
"target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
}' |