Upgraded megalinter to 8.3.0 #802
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Lint the code base and launch unit test at each push or pull request | |
name: Lint and test | |
on: # yamllint disable-line rule:truthy | |
push: | |
# execute when pushing only branches, not tags | |
branches: | |
- "**" | |
# avoid infinite loop for auto created PRs | |
- "!update/pre-commit-*" | |
tags: | |
- "**" | |
workflow_dispatch: | |
# cancel previous build if several pushes | |
concurrency: | |
group: | | |
${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
# Apply linter fixes configuration | |
# When active, APPLY_FIXES must also be defined as | |
# environment variable (in github/workflows/mega-linter.yml | |
# or other CI tool) | |
APPLY_FIXES: all | |
# Decide which event triggers application of fixes in a | |
# commit or a PR (pull_request, push, all) | |
APPLY_FIXES_EVENT: all | |
# If APPLY_FIXES is used, defines if the fixes are | |
# directly committed (commit) or posted in a PR (pull_request) | |
APPLY_FIXES_MODE: pull_request | |
# variables to compute complex conditions | |
COND_UPDATED_SOURCES: false | |
COND_APPLY_FIXES_NEEDED: false | |
jobs: | |
# ------------------------------------------------------- | |
# Build bash docker images | |
# ------------------------------------------------------- | |
build-bash-docker-images: | |
runs-on: ubuntu-22.04 | |
permissions: | |
# needed by ouzi-dev/commit-status-updater@v2 | |
statuses: write | |
strategy: | |
fail-fast: true | |
matrix: | |
vendor: | |
- ubuntu | |
- alpine | |
bashTarVersion: | |
- "4.4" | |
- "5.0" | |
- "5.3" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# overall process | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: build-bash-tools | |
status: pending | |
- name: Set env vars | |
id: vars | |
# shellcheck disable=SC2129 | |
run: | | |
( | |
echo "job_tag=${{github.run_id}}-${{matrix.vendor}}-${{matrix.bashTarVersion}}" | |
echo "image_tag=bash-tools-${{matrix.vendor}}-${{matrix.bashTarVersion}}" | |
echo "image_name=scrasnups/build" | |
echo "branch_name=${GITHUB_REF##*/}" | |
if [[ "${{ matrix.vendor }}" = "ubuntu" ]]; then | |
echo "bashImage=ubuntu:20.04" | |
else | |
echo "bashImage=amd64/bash:${{ matrix.bashTarVersion }}-alpine3.19" | |
fi | |
) >> "${GITHUB_ENV}" | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: build-${{ env.image_tag }} | |
status: pending | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
# list of Docker images to use as base name for tags | |
images: | | |
${{env.image_name}} | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha | |
- uses: docker/build-push-action@v5 | |
continue-on-error: false | |
with: | |
load: true | |
context: .docker | |
file: .docker/Dockerfile.${{ matrix.vendor }} | |
pull: true | |
github-token: ${{ github.token }} | |
tags: | | |
${{ env.image_name }}:${{ env.image_tag }} | |
build-args: | | |
BASH_IMAGE: "${{ env.bashImage }}" | |
BASH_TAR_VERSION: "${{ matrix.bashTarVersion }}" | |
cache-from: type=gha,scope=${{ env.image_tag }} | |
cache-to: type=gha,mode=max,scope=${{ env.image_tag }} | |
- name: Check image | |
continue-on-error: false | |
run: | | |
docker run --rm "${{ env.image_name }}:${{ env.image_tag }}" bash --version | |
- uses: docker/build-push-action@v5 | |
continue-on-error: false | |
with: | |
load: true | |
context: .docker | |
file: .docker/Dockerfile.${{ matrix.vendor }} | |
push: true | |
github-token: ${{ github.token }} | |
tags: | | |
${{ env.image_name }}:${{ env.image_tag }} | |
${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-to: type=gha,mode=max,scope=${{ env.image_tag }} | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: build-${{ env.image_tag }} | |
status: ${{ job.status }} | |
# ------------------------------------------------------- | |
# Pre-commit | |
# ------------------------------------------------------- | |
pre-commit: | |
runs-on: ubuntu-22.04 | |
needs: [build-bash-docker-images] | |
permissions: | |
# needed by ouzi-dev/commit-status-updater@v2 | |
statuses: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- uses: crazy-max/ghaction-import-gpg@v6 | |
if: ${{ success() }} | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- uses: tibdex/github-app-token@v2 | |
if: ${{ success() }} | |
id: generate-token | |
with: | |
app_id: ${{ secrets.APP_ID }} | |
private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: pre-commit-megalinter | |
status: pending | |
- name: Set env vars | |
id: vars | |
# shellcheck disable=SC2129 | |
run: | | |
( | |
echo "branch_name=${GITHUB_REF##*/}" | |
) >> "${GITHUB_ENV}" | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- uses: fchastanet/[email protected] | |
- name: Install requirements | |
run: | | |
set -exo pipefail | |
bin/installRequirements | |
- name: Run pre-commit | |
uses: pre-commit/[email protected] | |
id: preCommit | |
with: | |
extra_args: >- | |
-c .pre-commit-config-github.yaml -a --hook-stage manual | |
- name: MegaLinter | |
id: ml | |
if: ${{ !cancelled() }} | |
# You can override MegaLinter flavor used to have faster performances | |
# More info at https://megalinter.io/latest/flavors/ | |
uses: oxsecurity/megalinter/flavors/terraform@v8 | |
# All available variables are described in documentation | |
# https://megalinter.io/latest/config-file/ | |
env: | |
# Validates all source when push on master, | |
# else just the git diff with master. | |
# Override with true if you always want to lint all sources | |
VALIDATE_ALL_CODEBASE: true | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
MEGALINTER_CONFIG: .mega-linter-githubAction.yml | |
CI_MODE: 1 | |
- name: Upload MegaLinter artifacts | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MegaLinter reports | |
path: | | |
megalinter-reports | |
mega-linter.log | |
- name: MegaLinter/Precommit has updated sources | |
if: > | |
steps.preCommit.outcome == 'failure' || ( | |
steps.ml.outputs.has_updated_sources == 1 && ( | |
env.APPLY_FIXES_EVENT == 'all' || | |
env.APPLY_FIXES_EVENT == github.event_name | |
) | |
) | |
run: | | |
echo "COND_UPDATED_SOURCES=true" >> "${GITHUB_ENV}" | |
- name: is apply fixes needed ? | |
if: > | |
env.APPLY_FIXES_MODE == 'pull_request' && ( | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name == | |
github.repository | |
) | |
run: | | |
echo "COND_APPLY_FIXES_NEEDED=true" >> "${GITHUB_ENV}" | |
- name: Create Pull Request | |
id: cpr | |
# prettier-ignore | |
if: > | |
env.COND_UPDATED_SOURCES == 'true' && | |
env.COND_APPLY_FIXES_NEEDED == 'true' && | |
!contains(github.event.head_commit.message, 'skip fix') | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
token: ${{ steps.generate-token.outputs.token }} | |
committer: fchastanet <[email protected]> | |
branch: update/pre-commit-fixes-${{ env.branch_name }} | |
delete-branch: true | |
title: lint fixes | |
commit-message: Auto-update lint fixes | |
body: | | |
some auto fixes have been generated during pre-commit run | |
labels: pre-commit-fixes | |
- name: Print Pull request created | |
if: | | |
steps.cpr.outputs.pull-request-number && | |
steps.cpr.outcome == 'success' | |
run: | | |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" | |
- uses: ouzi-dev/commit-status-updater@v2 | |
if: ${{ always() }} | |
with: | |
name: pre-commit-megalinter | |
status: ${{ job.status }} | |
# ------------------------------------------------------- | |
# Unit tests | |
# ------------------------------------------------------- | |
unit-tests: | |
runs-on: ubuntu-22.04 | |
needs: [build-bash-docker-images] | |
permissions: | |
# needed by ouzi-dev/commit-status-updater@v2 | |
statuses: write | |
# needed by mikepenz/action-junit-report@v4 | |
checks: write | |
strategy: | |
fail-fast: true | |
matrix: | |
vendor: | |
- ubuntu | |
- alpine | |
bashTarVersion: | |
- "4.4" | |
- "5.0" | |
- "5.3" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- uses: crazy-max/ghaction-import-gpg@v6 | |
if: ${{ success() }} | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- uses: tibdex/github-app-token@v2 | |
if: ${{ success() }} | |
id: generate-token | |
with: | |
app_id: ${{ secrets.APP_ID }} | |
private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}} | |
status: pending | |
- name: Set env vars | |
id: vars | |
# shellcheck disable=SC2129 | |
run: | | |
( | |
echo "job_tag=${{github.run_id}}-${{matrix.vendor}}-${{matrix.bashTarVersion}}" | |
echo "image_tag=bash-tools-${{matrix.vendor}}-${{matrix.bashTarVersion}}" | |
echo "image_name=scrasnups/build" | |
echo "branch_name=${GITHUB_REF##*/}" | |
if [[ "${{ matrix.vendor }}" = "ubuntu" ]]; then | |
echo "bashImage=ubuntu:20.04" | |
echo "batsOptions=-j 30" | |
else | |
echo "bashImage=amd64/bash:${{ matrix.bashTarVersion }}-alpine3.19" | |
echo "batsOptions=-j 30 --filter-tags '!ubuntu_only'" | |
fi | |
) >> "${GITHUB_ENV}" | |
- name: run unit tests | |
id: unitTests | |
run: | | |
set -exo pipefail | |
bin/installRequirements | |
chmod 777 logs | |
docker pull "scrasnups/build:${{env.image_tag}}" | |
status=0 | |
docker run --rm \ | |
-e KEEP_TEMP_FILES=0 \ | |
-e BATS_FIX_TEST=0 \ | |
-e USER_ID="1000" \ | |
-e GROUP_ID="1000" \ | |
--user "www-data:www-data" \ | |
-w /bash \ | |
-v "$(pwd):/bash" \ | |
"scrasnups/build:${{env.image_tag}}" \ | |
/bash/vendor/bats/bin/bats \ | |
${{env.batsOptions}} \ | |
--formatter junit -o logs -r src 2>&1 | | |
tee "logs/bats-${{ env.job_tag }}.log" || status=$? | |
awk '/xml version="1.0"/{flag=1} flag; /<\/testsuites>/{flag=0}' \ | |
"logs/bats-${{ env.job_tag }}.log" >"logs/junit-${{ env.job_tag }}.xml" | |
exit "${status}" | |
- name: Publish Test Report | |
uses: mikepenz/action-junit-report@v5 | |
if: ${{ always() }} | |
with: | |
token: ${{ github.token }} | |
check_name: JUnit ${{ env.image_tag }} | |
fail_on_failure: true | |
require_tests: true | |
require_passed_tests: true | |
report_paths: "logs/**.xml" | |
- name: Upload Test Results | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Test Results ${{ env.image_tag }} | |
path: | | |
logs/** | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}} | |
status: ${{ job.status }} | |
overallTestResults: | |
name: "Overall Tests Results" | |
if: ${{ always() }} | |
needs: [unit-tests] | |
runs-on: ubuntu-22.04 | |
permissions: | |
# needed by ouzi-dev/commit-status-updater@v2 | |
statuses: write | |
steps: | |
# run this action to get the workflow conclusion | |
# You can get the conclusion via env (env.WORKFLOW_CONCLUSION) | |
- uses: AbsoLouie/[email protected] | |
- uses: ouzi-dev/commit-status-updater@v2 | |
with: | |
name: build-bash-tools | |
# neutral, success, skipped, cancelled, timed_out, action_required, failure | |
status: ${{ env.WORKFLOW_CONCLUSION }} |