This repository is for the **GitHub Action** to run a **Super-Linter**, a
ready-to-run collection of linters and code analyzers, to help validate your
source code.
The goal of super-linter is to help you establish best practices and consistent
formatting across multiple programming languages, and ensure developers are
adhering to those conventions.
Super-linter analyzes source code files using several tools, and reports the
issues that those tools find as console output, and as
[GitHub Actions status checks](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
1. Create a new [GitHub Actions workflow](https://docs.github.com/en/actions/using-workflows/about-workflows#about-workflows) in your repository with the following content:
| **ANSIBLE_DIRECTORY** | `/ansible` | Flag to set the root directory for Ansible file location(s), relative to `DEFAULT_WORKSPACE`. Set to `.` to use the top-level of the `DEFAULT_WORKSPACE`. |
| **BASH_SEVERITY** | `style` | Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style. |
| **CREATE_LOG_FILE** | `false` | If set to `true`, it creates the log file. You can set the log filename using the `LOG_FILE` environment variable. This overrides any existing log files. |
| **DEFAULT_WORKSPACE** | `/tmp/lint` | The location containing files to lint if you are running locally. Defaults to `GITHUB_WORKSPACE` when running in GitHub Actions. There's no need to configure this variable when running in GitHub Actions. |
| **EDITORCONFIG_FILE_NAME** | `.ecrc` | Filename for [editorconfig-checker configuration](https://github.com/editorconfig-checker/editorconfig-checker) |
| **ERROR_ON_MISSING_EXEC_BIT** | `false` | If set to `false`, the `bash-exec` linter will report a warning if a shell script is not executable. If set to `true`, the `bash-exec` linter will report an error instead. |
| **EXPERIMENTAL_BATCH_WORKER** | `false` | Flag to enable experimental parallel and batched worker. As of current only `eslint` and `cfn-lint` are supported, if there is no support, original version is used as fallback |
| **GITHUB_ACTIONS_COMMAND_ARGS** | `null` | Additional arguments passed to `actionlint` command. Useful to [ignore some errors](https://github.com/rhysd/actionlint/blob/main/docs/usage.md#ignore-some-errors) |
| **GITHUB_CUSTOM_API_URL** | `https://api.github.com` | Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. `https://github.myenterprise.com/api/v3` |
| **GITHUB_DOMAIN** | `github.com` | Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. `github.myenterprise.com` |
| **IGNORE_GENERATED_FILES** | `false` | If set to `true`, super-linter will ignore all the files with `@generated` marker but without `@not-generated` marker. |
| **IGNORE_GITIGNORED_FILES** | `false` | If set to `true`, super-linter will ignore all the files that are ignored by Git. |
| **JSCPD_CONFIG_FILE** | `.jscpd.json` | Filename for JSCPD configuration |
| **KUBERNETES_KUBECONFORM_OPTIONS** | `null` | Additional arguments to pass to the command-line when running **Kubernetes Kubeconform** (Example: --ignore-missing-schemas) |
| **LINTER_RULES_PATH** | `.github/linters` | Directory for all linter configuration rules. |
| **LOG_FILE** | `super-linter.log` | The filename for outputting logs. All output is sent to the log file regardless of `LOG_LEVEL`. |
| **LOG_LEVEL** | `VERBOSE` | How much output the script will generate to the console. One of `ERROR`, `WARN`, `NOTICE`, `VERBOSE`, `DEBUG` or `TRACE`. |
| **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
| **SSH_KEY** | `none` | SSH key that has access to your private repositories |
| **SSH_SETUP_GITHUB** | `false` | If set to `true`, adds the `github.com` SSH key to `known_hosts`. This is ignored if `SSH_KEY` is provided - i.e. the `github.com` SSH key is always added if `SSH_KEY` is provided |
| **SSH_INSECURE_NO_VERIFY_GITHUB_KEY** | `false` | **INSECURE -** If set to `true`, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended! |
| **SUPPRESS_FILE_TYPE_WARN** | `false` | If set to `true`, will hide warning messages about files without their proper extensions. Default is `false` |
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
| **TYPESCRIPT_STANDARD_TSCONFIG_FILE** | `${DEFAULT_WORKSPACE}/tsconfig.json` | Path to the [TypeScript project configuration](https://www.typescriptlang.org/docs/handbook/tsconfig-json.html) in [ts-standard](https://github.com/standard/ts-standard). The path is relative to `DEFAULT_WORKSPACE` |
| **USE_FIND_ALGORITHM** | `false` | By default, we use `git diff` to find all files in the workspace and what has been updated, this would enable the Linux `find` method instead to find all files to lint |
| **VALIDATE_ALL_CODEBASE** | `true` | Will parse the entire repository and find all files to validate across all types. **NOTE:** When set to `false`, only **new** or **edited** files will be parsed for validation. |
| **VALIDATE_JSCPD_ALL_CODEBASE** | `false` | If set to `true`, will lint the whole codebase with JSCPD. If set to `false`, JSCPD will only lint files one by one. |
| **VALIDATE_ANSIBLE** | `true` | Flag to enable or disable the linting process of the Ansible language. |
| **VALIDATE_ARM** | `true` | Flag to enable or disable the linting process of the ARM language. |
| **VALIDATE_BASH** | `true` | Flag to enable or disable the linting process of the Bash language. |
| **VALIDATE_BASH_EXEC** | `true` | Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable. |
| **VALIDATE_CPP** | `true` | Flag to enable or disable the linting process of the C++ language. |
| **VALIDATE_CLANG_FORMAT** | `true` | Flag to enable or disable the linting process of the C++/C language with clang-format. |
| **VALIDATE_CLOJURE** | `true` | Flag to enable or disable the linting process of the Clojure language. |
| **VALIDATE_CLOUDFORMATION** | `true` | Flag to enable or disable the linting process of the AWS Cloud Formation language. |
| **VALIDATE_COFFEESCRIPT** | `true` | Flag to enable or disable the linting process of the Coffeescript language. |
| **VALIDATE_CSHARP** | `true` | Flag to enable or disable the linting process of the C# language. |
| **VALIDATE_CSS** | `true` | Flag to enable or disable the linting process of the CSS language. |
| **VALIDATE_DART** | `true` | Flag to enable or disable the linting process of the Dart language. |
| **VALIDATE_DOCKERFILE_HADOLINT** | `true` | Flag to enable or disable the linting process of the Docker language. |
| **VALIDATE_EDITORCONFIG** | `true` | Flag to enable or disable the linting process with the EditorConfig. |
| **VALIDATE_ENV** | `true` | Flag to enable or disable the linting process of the ENV language. |
| **VALIDATE_GHERKIN** | `true` | Flag to enable or disable the linting process of the Gherkin language. |
| **VALIDATE_GITHUB_ACTIONS** | `true` | Flag to enable or disable the linting process of the GitHub Actions. |
| **VALIDATE_GITLEAKS** | `true` | Flag to enable or disable the linting process of the secrets. |
| **VALIDATE_GO** | `true` | Flag to enable or disable the linting process of the Golang language. |
| **VALIDATE_GOOGLE_JAVA_FORMAT** | `true` | Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format) |
| **VALIDATE_GROOVY** | `true` | Flag to enable or disable the linting process of the language. |
| **VALIDATE_HTML** | `true` | Flag to enable or disable the linting process of the HTML language. |
| **VALIDATE_JAVA** | `true` | Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle) |
| **VALIDATE_JAVASCRIPT_ES** | `true` | Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint) |
| **VALIDATE_JAVASCRIPT_STANDARD** | `true` | Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard) |
| **VALIDATE_JSCPD** | `true` | Flag to enable or disable the JSCPD. |
| **VALIDATE_JSON** | `true` | Flag to enable or disable the linting process of the JSON language. |
| **VALIDATE_JSX** | `true` | Flag to enable or disable the linting process for jsx files (Utilizing: ESLint) |
| **VALIDATE_KOTLIN** | `true` | Flag to enable or disable the linting process of the Kotlin language. |
| **VALIDATE_KOTLIN_ANDROID** | `true` | Flag to enable or disable the linting process of the Kotlin language. (Utilizing: `ktlint --android`) |
| **VALIDATE_KUBERNETES_KUBECONFORM** | `true` | Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform |
| **VALIDATE_LATEX** | `true` | Flag to enable or disable the linting process of the LaTeX language. |
| **VALIDATE_LUA** | `true` | Flag to enable or disable the linting process of the language. |
| **VALIDATE_MARKDOWN** | `true` | Flag to enable or disable the linting process of the Markdown language. |
| **VALIDATE_NATURAL_LANGUAGE** | `true` | Flag to enable or disable the linting process of the natural language. |
| **VALIDATE_OPENAPI** | `true` | Flag to enable or disable the linting process of the OpenAPI language. |
| **VALIDATE_PERL** | `true` | Flag to enable or disable the linting process of the Perl language. |
| **VALIDATE_PHP** | `true` | Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility) |
| **VALIDATE_PHP_BUILTIN** | `true` | Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) |
| **VALIDATE_PHP_PHPCS** | `true` | Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer) |
| **VALIDATE_PHP_PHPSTAN** | `true` | Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan) |
| **VALIDATE_PHP_PSALM** | `true` | Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm) |
| **VALIDATE_POWERSHELL** | `true` | Flag to enable or disable the linting process of the Powershell language. |
| **VALIDATE_PROTOBUF** | `true` | Flag to enable or disable the linting process of the Protobuf language. |
| **VALIDATE_PYTHON** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility) |
| **VALIDATE_PYTHON_BLACK** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: black) |
| **VALIDATE_PYTHON_FLAKE8** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: flake8) |
| **VALIDATE_PYTHON_ISORT** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: isort) |
| **VALIDATE_PYTHON_MYPY** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: mypy) |
| **VALIDATE_PYTHON_PYLINT** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) |
| **VALIDATE_R** | `true` | Flag to enable or disable the linting process of the R language. |
| **VALIDATE_RAKU** | `true` | Flag to enable or disable the linting process of the Raku language. |
| **VALIDATE_RENOVATE** | `true` | Flag to enable or disable the linting process of the Renovate configuration files. |
| **VALIDATE_RUBY** | `true` | Flag to enable or disable the linting process of the Ruby language. |
| **VALIDATE_RUST_2015** | `true` | Flag to enable or disable the linting process of the Rust language. (edition: 2015) |
| **VALIDATE_RUST_2018** | `true` | Flag to enable or disable the linting process of Rust language. (edition: 2018) |
| **VALIDATE_RUST_2021** | `true` | Flag to enable or disable the linting process of Rust language. (edition: 2021) |
| **VALIDATE_RUST_CLIPPY** | `true` | Flag to enable or disable the clippy linting process of Rust language. |
| **VALIDATE_SCALAFMT** | `true` | Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test) |
| **VALIDATE_SHELL_SHFMT** | `true` | Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt) |
| **VALIDATE_SNAKEMAKE_LINT** | `true` | Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint) |
| **VALIDATE_SNAKEMAKE_SNAKEFMT** | `true` | Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt) |
| **VALIDATE_STATES** | `true` | Flag to enable or disable the linting process for AWS States Language. |
| **VALIDATE_SQL** | `true` | Flag to enable or disable the linting process of the SQL language. |
| **VALIDATE_SQLFLUFF** | `true` | Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff) |
| **VALIDATE_TEKTON** | `true` | Flag to enable or disable the linting process of the Tekton language. |
| **VALIDATE_TERRAFORM_FMT** | `true` | Flag to enable or disable the formatting process of the Terraform files. |
| **VALIDATE_TERRAFORM_TERRASCAN** | `true` | Flag to enable or disable the linting process of the Terraform language for security related issues. |
| **VALIDATE_TERRAFORM_TFLINT** | `true` | Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint) |
| **VALIDATE_TERRAGRUNT** | `true` | Flag to enable or disable the linting process for Terragrunt files. |
| **VALIDATE_TSX** | `true` | Flag to enable or disable the linting process for tsx files (Utilizing: ESLint) |
| **VALIDATE_TYPESCRIPT_ES** | `true` | Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint) |
| **VALIDATE_TYPESCRIPT_STANDARD** | `true` | Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard) |
| **VALIDATE_XML** | `true` | Flag to enable or disable the linting process of the XML language. |
| **VALIDATE_YAML** | `true` | Flag to enable or disable the linting process of the YAML language. |
The `VALIDATE_[LANGUAGE]` variables work as follows:
- super-linter runs all supported linters by default.
- If you set any of the `VALIDATE_[LANGUAGE]` variables to `true`, super-linter defaults to leaving any unset variable to false (only validate those languages).
- If you set any of the `VALIDATE_[LANGUAGE]` variables to `false`, super-linter defaults to leaving any unset variable to true (only exclude those languages).
- If you set any of the `VALIDATE_[LANGUAGE]` variables to both `true` and `false`, super-linter fails reporting an error.
For more information about reusing super-linter configuration across
environments, see
[Share Environment variables between environments](docs/run-linter-locally.md#share-environment-variables-between-environments).
## Configure linters
Super-linter provides default configurations for some linters in the [`TEMPLATES/`](TEMPLATES/)
directory. You can customize the configuration for the linters that support
this by placing your own configuration files in the `LINTER_RULES_PATH`
directory. `LINTER_RULES_PATH` is relative to the `DEFAULT_WORKSPACE` directory.
Super-linter supports customizing the name of these configuration files. For
more information, refer to [Configure super-linter](#configure-super-linter).
For example, you can configure super-linter to load configuration files from the