When running super-linter on in a self hosted runner based on Action
Runner Controller in K8s container mode the /github/home directory is
not neccesarily mounted. But since we expect this directory to exist
super-linter fails to set /github/workspace as a Git safe directory:
2024-10-04 17:58:37 [INFO] Successfully validated GITHUB_WORKSPACE: /github/workspace
2024-10-04 17:58:37 [DEBUG] Configuring Git safe directories
2024-10-04 17:58:37 [DEBUG] Set /github/workspace as a Git safe directory
error: could not lock config file /github/home/.gitconfig: No such file or directory
2024-10-04 17:58:37 [FATAL] Cannot configure /github/workspace as a Git safe directory.
Making sure this directory exists in container image ensures that under
no circumstances we can fail - if the action runner provides
/github/home it will be mounted over, and if not we provide a directory
where git can actually create the new .gitconfig.
This also defaults the HOME environment variable to /github/home as it
is the default in most places. So if somebody decides to override HOME
they are also expected to ensure that this directory exists (or is a
volume mount)
Add support to run Commitlint against commit messages. It supports the
current modes:
- Lint the commit message of the last commit
- Lint the commit messages of the pushed commits in case there is more
than one pushed commit
This commit also removes stuff that we used to run commitlint as a
standalone tool because we can now use the commitlint instance that
Super-linter ships:
- lint-commit steps in lint-commit the GitHub Actions workflow
- lint-commit Make target
- commitlint and its dependencies in package.json and package-lock.json
Renovate has an optional requirement for the RE2 package, and will warn if
it is not present.
Setting env variable RENOVATE_X_IGNORE_RE2=true will hide this warning.
(see https://github.com/renovatebot/renovate/pull/21391)
Certain linters and formatters support fixing linting and formatting
issues (fix mode). Before this change, Super-linter runs linters and
formatters in a mode that doesn't modify the source code in any way
(check only mode).
With this change, Super-linter supports running linters and formatters
in fix mode if explicitly requested by the configuration. If the
configuration includes a variable named FIX_<language_name>,
Super-linters modifies the command to run the linter or formatter for
<language_name> to enable fix mode.
The modifications to the linter or formatter command that Super-linter
applies depend on what is the default for a particular linter: it either
removes or adds options to the command to run the linter or formatter.
Remove clippy.sh script and run cargo-clippy directly. The script was
needed because when we introduced cargo-clippy, Super-linter didn't have
a way to customize the working directory when running linters and
formatters. Now, we can use GNU Parallel to handle that case.
This will unblock the work to do to implement #4001 (pass custom options
to cargo-clippy).
Move LANGUAGE_ARRAY definition and initialization to a dedicated file
(globals/languages.sh) so we can source it in different places without
having to source the whole linter.sh
- Remove the previous summary file is present to avoid showing stale
contents from old summaries.
- Extract the logic to write summary heading and lines to dedicated
functions in output.sh to make it easier adding new formats in the
future.
Set up dotenv-linter for the slim image, and not only for the standard
image because it doesn't have dependencies on the Rust SDK, and weights
less than 10MB.
- Support passing an arbitrary path to the shellcheck configuration file
with the BASH_CONFIG_FILE_NAME variable. This brings shellcheck in
line with other linters that support configuration files.
- Enable shellcheck external sources using a directive in the
configuration file, so users can eventually override it if not needed.
- Export command configuration variables that subprocesses might need.
Close#5414
feat: configure ruff
feat: update the orchestration scripts
feat: update the test suite
docs: update README
feat: add test cases for ruff
fix: CI error
chore: del .github/linters/.ruff.toml
fix: CI error
fix: README
update: LINTER_NAMES_ARRAY
fix: Dockerfile
fix: .github/linters/.jscpd.json
fix: test files
fix: del version_command
Install the .NET SDK and PowerShell from their container images so that
we avoid spending time running their installers, and we can control
their updates automatically.
Close#5243
Terrascan runs initialization anyway when scanning files, so there's no
point in running it at build time. Also, this works around a Terrascan
bug that caused it to fail its initialization if $HOME/.terrascan
directory is not present. This happens on GitHub Actions because it
configures a $HOME directory that is different from ours.
- Super-linter uses the LOG_LEVEL variable to let the user
configure the desired log level. Checkov and Renovate use a variable
with the same name for the same purpose, but accept a
different set of values, and exit with an error if it gets an unknown
value for that variable.
- Refactor the VERBOSE log level to the more commonly used INFO.
Configuration validation will warn users if they use VERBOSE and
instruct them to use INFO instead. This is not a breaking change
because super-linter falls back on INFO if VERBOSE is set.
- Remove the TRACE log level because we rarely used it. As with VERBOSE,
configuration validation will warn the user. Fall back to DEBUG if the
user configured LOG_LEVEL to VERBOSE.
Close#5217
Move the logic to build the linter versions file outside the main
runtime. There's no need to include it there because it's used only when
building the image.
Move the list of linters by name in linterVersions.sh because we don't
need it in any other place.
- Update @react-native-community dependencies to their @react-native
upgrades because the former namespace is deprecated (React release
0.72)
- Don't install @react-native/eslint-plugin directly because it's a
dependency of @react-native/eslint-config
Move the following tasks to dedicated stages so we can run these steps
in parallel with other stages:
- Build Python virtual environments
- Install npm packages
- Build clang-format
- Download and install TFlint plugins
Add missing target stage when building the container image
- Remove axios, immer, ini, lodash, node-fetch that were installed to
run Trivy reports. We can remove them because we use the Trivy action.
- Remove the Trivy workflow that was disabled anyway.
Add a default (empty) configuration file for Checkov and a smoke test to
ensure that we catch the case where a default configuration file is not
present, and it should be.
- Remove build-time dependencies
- Remove cached NPM packages
- Remove cached PyPi packages
- Remove dependency descriptors. These still count against the total space,
although it's a few KBs
- Install rust-clippy and rust-fmt using the OS package manager instead of
maintaining our own installation script
- Add tests for build time dependencies that are not supposed to be installed
Recent versions of dart analyzer don't support the --options
configuration option anymore, so we cannot pass an arbitrary
configuration file. This commit removes the default dart analyzer
configuration file as well, because it's not needed anymore.
- Add support to run Checkov against infrastructure as code descriptors
that are in a given (configurable) directory. Defaults to lint the
whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
issues right away with this change.
- Fail if the installation of a R package fails.
- Install the remotes package once during the image build, and not when we scan
files at runtime.
- Reuse the default R library directory instead of moving it to /home/r-library
* Update documentation
* Fix typos
* Update security policy
* Remove outdated instructions
* Fix list
* Add more info to config load step
* Don't test linter.yml
* Point to the cd workflow in README
* Move badge up
* Add info about Make help
---------
Co-authored-by: Zack Koppert <zkoppert@github.com>