From ab24b82199c86d82efad70f6d548ebec8b33a5b6 Mon Sep 17 00:00:00 2001 From: Lukas Gravley Date: Mon, 19 Jul 2021 09:28:49 -0500 Subject: [PATCH] Adding actionlint (#1775) * Adding action lint * adding tests * adding tests * Update Dockerfile Co-authored-by: Masaya Suzuki <15100604+massongit@users.noreply.github.com> * cleanup name * fix test * typo * fix file name * fix our own errors * more cleanup * angry * make it happy * stop double jobs Co-authored-by: Masaya Suzuki <15100604+massongit@users.noreply.github.com> --- .automation/test/github_actions/README.md | 20 ++++++++++++++ .../test/github_actions/actions_bad_01.yml | 27 +++++++++++++++++++ .../test/github_actions/actions_good_01.yml | 27 +++++++++++++++++++ .automation/update-actions-version.sh | 2 +- .github/workflows/deploy-DEV-slim.yml | 16 +++++------ .github/workflows/deploy-DEV-standard.yml | 18 ++++++------- .github/workflows/deploy-PROD-slim.yml | 4 +-- .github/workflows/deploy-PROD-standard.yml | 4 +-- .github/workflows/deploy-RELEASE-slim.yml | 19 ++++++------- .github/workflows/deploy-RELEASE-standard.yml | 18 ++++++------- .github/workflows/stale.yml | 4 +-- .github/workflows/trivy.yml | 2 +- Dockerfile | 8 ++++++ Dockerfile-slim | 9 ++++++- README.md | 7 +++-- TEMPLATES/actionlint.yml | 3 +++ lib/functions/buildFileList.sh | 9 +++++++ lib/functions/detectFiles.sh | 16 +++++++++++ lib/linter.sh | 22 ++++++++------- .../super-linter/controls/super_linter.rb | 2 ++ 20 files changed, 180 insertions(+), 57 deletions(-) create mode 100644 .automation/test/github_actions/README.md create mode 100644 .automation/test/github_actions/actions_bad_01.yml create mode 100644 .automation/test/github_actions/actions_good_01.yml create mode 100644 TEMPLATES/actionlint.yml diff --git a/.automation/test/github_actions/README.md b/.automation/test/github_actions/README.md new file mode 100644 index 00000000..b47bf50f --- /dev/null +++ b/.automation/test/github_actions/README.md @@ -0,0 +1,20 @@ +# GitHub Actions Test Cases + +This folder holds the test cases for **Github Actions**. + +## Additional Docs + +No Additional information is needed for this test case. + +## Good Test Cases + +The test cases denoted: `LANGUAGE_good_FILE.EXTENSION` are all valid, and should pass successfully when linted. + +- **Note:** They are linted utilizing the default linter rules. + +## Bad Test Cases + +The test cases denoted: `LANGUAGE_bad_FILE.EXTENSION` are **NOT** valid, and should trigger errors when linted. + +- **Note:** They are linted utilizing the default linter rules. +{"mode":"full","isActive":false} diff --git a/.automation/test/github_actions/actions_bad_01.yml b/.automation/test/github_actions/actions_bad_01.yml new file mode 100644 index 00000000..42e8770c --- /dev/null +++ b/.automation/test/github_actions/actions_bad_01.yml @@ -0,0 +1,27 @@ +name: Github Actions Bad +on: + push: + pull_request: + +jobs: + github_actions_bad: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - if: github.actor == 'dependabot[bot]' + run: | + # CMD + HELLO_WORLD=($(echo "Hello World" | cut -f1 -d' ' 2>&1)) + + # Load the error code + ERROR_CODE=$? + + # Check the shell + if [ $ERROR_CODE -ne 0]; then + echo "We did it!" + exit 0 + else + echo "We done goofed it..." + echo $HELLO_WORLD + exit 1 + fi diff --git a/.automation/test/github_actions/actions_good_01.yml b/.automation/test/github_actions/actions_good_01.yml new file mode 100644 index 00000000..74ef4695 --- /dev/null +++ b/.automation/test/github_actions/actions_good_01.yml @@ -0,0 +1,27 @@ +name: GitHub Actions Good +on: + push: + pull_request: + +jobs: + github_actions_good: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - if: ${{ github.actor == 'dependabot[bot]' }} + run: | + # CMD + HELLO_WORLD=$(echo "Hello World" | cut -f1 -d' ' 2>&1) + + # Load the error code + ERROR_CODE=$? + + # Check the shell + if [ ${ERROR_CODE} -ne 0 ]; then + echo "We did it!" + exit 0 + else + echo "We done goofed it..." + echo "${HELLO_WORLD}" + exit 1 + fi diff --git a/.automation/update-actions-version.sh b/.automation/update-actions-version.sh index 6618ca6f..4cb76603 100755 --- a/.automation/update-actions-version.sh +++ b/.automation/update-actions-version.sh @@ -29,7 +29,7 @@ GetReleaseVersion() { echo "Getting the latest Release version from GitHub ..." # Get the latest release on the Repository - GET_VERSION_CMD=$(echo "${RELEASE_NAME}" | grep -E -o "v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+" 2>&1) + GET_VERSION_CMD="$(echo "${RELEASE_NAME}" | grep -E -o "v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+" 2>&1)" # Load the error code ERROR_CODE=$? diff --git a/.github/workflows/deploy-DEV-slim.yml b/.github/workflows/deploy-DEV-slim.yml index 2114eac3..ace7715d 100644 --- a/.github/workflows/deploy-DEV-slim.yml +++ b/.github/workflows/deploy-DEV-slim.yml @@ -19,8 +19,6 @@ on: push: branches-ignore: [master] - pull_request: - branches-ignore: [ ] ############### # Set the Job # @@ -32,8 +30,8 @@ jobs: # Set the agent to run on runs-on: ubuntu-latest # Prevent duplicate run from happening when a forked push is committed - if: github.event_name == 'push' || - github.event.pull_request.head.repo.full_name != github.repository + if: ${{ github.event_name }} == 'push' || + ${{ github.event.pull_request.head.repo.full_name }} != ${{ github.repository }} ################## # Load all steps # ################## @@ -52,7 +50,7 @@ jobs: # Get the current date # ######################## - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} + run: echo "BUILD_DATE=\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\" >> ${GITHUB_ENV}" ######################## # Setup Docker build X # @@ -178,8 +176,8 @@ jobs: -e ANSIBLE_DIRECTORY=.automation/test/ansible \ -e ACTIONS_RUNNER_DEBUG=true \ -e ERROR_ON_MISSING_EXEC_BIT=true \ - -v ${GITHUB_WORKSPACE}:/tmp/lint \ - ghcr.io/github/super-linter:slim-${GITHUB_SHA} + -v "${GITHUB_WORKSPACE}:/tmp/lint" \ + "ghcr.io/github/super-linter:slim-${GITHUB_SHA}" ######################################### # Clean code base to run against it all # @@ -199,5 +197,5 @@ jobs: -e OUTPUT_DETAILS=detailed \ -e ACTIONS_RUNNER_DEBUG=true \ -e ERROR_ON_MISSING_EXEC_BIT=true \ - -v ${GITHUB_WORKSPACE}:/tmp/lint \ - ghcr.io/github/super-linter:slim-${GITHUB_SHA} + -v "${GITHUB_WORKSPACE}:/tmp/lint" \ + "ghcr.io/github/super-linter:slim-${GITHUB_SHA}" diff --git a/.github/workflows/deploy-DEV-standard.yml b/.github/workflows/deploy-DEV-standard.yml index 247a9a23..7a468aab 100644 --- a/.github/workflows/deploy-DEV-standard.yml +++ b/.github/workflows/deploy-DEV-standard.yml @@ -19,8 +19,6 @@ on: push: branches-ignore: [master] - pull_request: - branches-ignore: [ ] ############### # Set the Job # @@ -32,8 +30,8 @@ jobs: # Set the agent to run on runs-on: ubuntu-latest # Prevent duplicate run from happening when a forked push is committed - if: github.event_name == 'push' || - github.event.pull_request.head.repo.full_name != github.repository + if: ${{ github.event_name }} == 'push' || + ${{ github.event.pull_request.head.repo.full_name }} != ${{ github.repository }} ################## # Load all steps # ################## @@ -52,7 +50,7 @@ jobs: # Get the current date # ######################## - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} + run: echo "BUILD_DATE=\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\" >> ${GITHUB_ENV}" ######################## # Setup Docker build X # @@ -86,7 +84,7 @@ jobs: load: true push: false tags: | - ghcr.io/github/super-linter:${{ github.sha }} + "ghcr.io/github/super-linter:${{ github.sha }}" ghcr.io/github/super-linter:test cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -178,8 +176,8 @@ jobs: -e ANSIBLE_DIRECTORY=.automation/test/ansible \ -e ACTIONS_RUNNER_DEBUG=true \ -e ERROR_ON_MISSING_EXEC_BIT=true \ - -v ${GITHUB_WORKSPACE}:/tmp/lint \ - ghcr.io/github/super-linter:${GITHUB_SHA} + -v "${GITHUB_WORKSPACE}:/tmp/lint" \ + "ghcr.io/github/super-linter:${GITHUB_SHA}" ######################################### # Clean code base to run against it all # @@ -199,5 +197,5 @@ jobs: -e OUTPUT_DETAILS=detailed \ -e ACTIONS_RUNNER_DEBUG=true \ -e ERROR_ON_MISSING_EXEC_BIT=true \ - -v ${GITHUB_WORKSPACE}:/tmp/lint \ - ghcr.io/github/super-linter:${GITHUB_SHA} + -v "${GITHUB_WORKSPACE}:/tmp/lint" \ + "ghcr.io/github/super-linter:${GITHUB_SHA}" diff --git a/.github/workflows/deploy-PROD-slim.yml b/.github/workflows/deploy-PROD-slim.yml index 6b32f897..0b8e8cbf 100644 --- a/.github/workflows/deploy-PROD-slim.yml +++ b/.github/workflows/deploy-PROD-slim.yml @@ -29,7 +29,7 @@ jobs: # Set the agent to run on runs-on: ubuntu-latest # Only run this on the main repo - if: github.repository == 'github/super-linter' + if: ${{ github.repository }} == 'github/super-linter' ################## # Load all steps # ################## @@ -44,7 +44,7 @@ jobs: # Get the current date # ######################## - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} + run: echo "BUILD_DATE=\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\" >> ${GITHUB_ENV}" ######################## # Setup Docker build X # diff --git a/.github/workflows/deploy-PROD-standard.yml b/.github/workflows/deploy-PROD-standard.yml index 99981cbb..b768818e 100644 --- a/.github/workflows/deploy-PROD-standard.yml +++ b/.github/workflows/deploy-PROD-standard.yml @@ -29,7 +29,7 @@ jobs: # Set the agent to run on runs-on: ubuntu-latest # Only run this on the main repo - if: github.repository == 'github/super-linter' + if: ${{ github.repository }} == 'github/super-linter' ################## # Load all steps # ################## @@ -44,7 +44,7 @@ jobs: # Get the current date # ######################## - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} + run: echo "BUILD_DATE=\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\" >> ${GITHUB_ENV}" ######################## # Setup Docker build X # diff --git a/.github/workflows/deploy-RELEASE-slim.yml b/.github/workflows/deploy-RELEASE-slim.yml index b573cfa6..c676f462 100644 --- a/.github/workflows/deploy-RELEASE-slim.yml +++ b/.github/workflows/deploy-RELEASE-slim.yml @@ -31,10 +31,10 @@ jobs: ##################################################################### # Only run if Admin start job and it was the Release Issue template # ##################################################################### - if: github.actor == 'admiralawkbar' || github.actor == 'jwiebalk' || - github.actor == 'IAmHughes' || github.actor == 'nemchik' || - github.actor == 'Hanse00' || github.actor == 'github-actions' || - github.actor == 'GaboFDC' || github.actor == 'ferrarimarco' + if: ${{ github.actor }} == 'admiralawkbar' || ${{ github.actor }} == 'jwiebalk' || + ${{ github.actor }} == 'IAmHughes' || ${{ github.actor }} == 'nemchik' || + ${{ github.actor }} == 'Hanse00' || ${{ github.actor }} == 'github-actions' || + ${{ github.actor }} == 'GaboFDC' || ${{ github.actor }} == 'ferrarimarco' ################## # Load all steps # @@ -61,7 +61,7 @@ jobs: # Get the current date # ######################## - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} + run: echo "BUILD_DATE=\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\" >> ${GITHUB_ENV}" ######################## # Setup Docker build X # @@ -92,10 +92,11 @@ jobs: # Get the current release # ########################### - name: Get current Release number + # shellcheck disable=SC2062 run: | - echo "RELEASE_VERSION=$(echo "${{ github.event.release.name }}" \ + echo "RELEASE_VERSION=$(echo ${{ github.event.release.name }} \ | grep -E -o "v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+")" \ - >> ${GITHUB_ENV} + >> "${GITHUB_ENV}" ################ # Docker cache # @@ -124,10 +125,10 @@ jobs: tags: | github/super-linter:slim-latest github/super-linter:slim-v4 - github/super-linter:slim-${{ env.RELEASE_VERSION }} + "github/super-linter:slim-${{ env.RELEASE_VERSION }}" ghcr.io/github/super-linter:slim-latest ghcr.io/github/super-linter:slim-v4 - ghcr.io/github/super-linter:slim-${{ env.RELEASE_VERSION }} + "ghcr.io/github/super-linter:slim-${{ env.RELEASE_VERSION }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new diff --git a/.github/workflows/deploy-RELEASE-standard.yml b/.github/workflows/deploy-RELEASE-standard.yml index 11d30b97..8576e858 100644 --- a/.github/workflows/deploy-RELEASE-standard.yml +++ b/.github/workflows/deploy-RELEASE-standard.yml @@ -31,10 +31,10 @@ jobs: ##################################################################### # Only run if Admin start job and it was the Release Issue template # ##################################################################### - if: github.actor == 'admiralawkbar' || github.actor == 'jwiebalk' || - github.actor == 'IAmHughes' || github.actor == 'nemchik' || - github.actor == 'Hanse00' || github.actor == 'github-actions' || - github.actor == 'GaboFDC' || github.actor == 'ferrarimarco' + if: ${{ github.actor }} == 'admiralawkbar' || ${{ github.actor }} == 'jwiebalk' || + ${{ github.actor }} == 'IAmHughes' || ${{ github.actor }} == 'nemchik' || + ${{ github.actor }} == 'Hanse00' || ${{ github.actor }} == 'github-actions' || + ${{ github.actor }} == 'GaboFDC' || ${{ github.actor }} == 'ferrarimarco' ################## # Load all steps # @@ -61,7 +61,7 @@ jobs: # Get the current date # ######################## - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} + run: echo "BUILD_DATE=\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\" >> ${GITHUB_ENV}" ######################## # Setup Docker build X # @@ -128,10 +128,10 @@ jobs: tags: | github/super-linter:latest github/super-linter:v4 - github/super-linter:${{ env.RELEASE_VERSION }} + "github/super-linter:${{ env.RELEASE_VERSION }}" ghcr.io/github/super-linter:latest ghcr.io/github/super-linter:v4 - ghcr.io/github/super-linter:${{ env.RELEASE_VERSION }} + "ghcr.io/github/super-linter:${{ env.RELEASE_VERSION }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -152,7 +152,7 @@ jobs: - name: Create Stack Linter Status if: success() run: | - curl -X POST --url https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.COMMIT_SHA }} \ + curl -X POST --url "https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.COMMIT_SHA }}" \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ --data '{ "state": "success", "context": "Stack linter" }' @@ -163,7 +163,7 @@ jobs: - name: Close PR if: success() run: | - curl -X PUT --url https://api.github.com/repos/${{ github.repository }}/pulls/${{ env.PR_ID }}/merge \ + curl -X PUT --url "https://api.github.com/repos/${{ github.repository }}/pulls/${{ env.PR_ID }}/merge" \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ --data '{ "merge_method": "squash" }' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index afa62e46..437cfe52 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -26,7 +26,7 @@ jobs: markstale: runs-on: ubuntu-latest # only run on schedule - if: "github.event_name == 'schedule'" + if: ${{ github.event_name }} == 'schedule' steps: - name: Mark issue stale uses: actions/stale@v3.0.19 @@ -47,7 +47,7 @@ jobs: marknotstale: runs-on: ubuntu-latest # do not run on schedule - if: "github.event_name == 'issue_comment' && contains(github.event.issue.labels.*.name, 'O: stale 🤖') && github.event.issue.user.type != 'Bot'" + if: "${{ github.event_name }} == 'issue_comment' && contains(github.event.issue.labels.*.name, 'O: stale 🤖') && ${{ github.event.issue.user.type }} != 'Bot'" steps: - name: Mark issue not stale uses: actions/github-script@v4.0.2 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 95998957..442c0572 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -22,7 +22,7 @@ jobs: # ########################## - name: Build an image from Dockerfile run: | - docker build -t docker.io/github/super-linter:${{ github.sha }} . + docker build -t "docker.io/github/super-linter:${{ github.sha }}" . ################################# # Run Trivy Scan of source code # diff --git a/Dockerfile b/Dockerfile index 30046175..3acab699 100644 --- a/Dockerfile +++ b/Dockerfile @@ -134,6 +134,14 @@ RUN pip3 install --no-cache-dir pipenv \ # Installs Perl dependencies # ############################## RUN curl --retry 5 --retry-delay 5 -sL https://cpanmin.us/ | perl - -nq --no-wget Perl::Critic \ +####################### +# Installs ActionLint # +####################### + && curl --retry 5 --retry-delay 5 -sLO https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash \ + && chmod +x download-actionlint.bash \ + && ./download-actionlint.bash \ + && rm download-actionlint.bash \ + && mv actionlint /usr/bin/actionlint \ ######################################### # Install Powershell + PSScriptAnalyzer # ######################################### diff --git a/Dockerfile-slim b/Dockerfile-slim index 4de03e20..123c0efd 100644 --- a/Dockerfile-slim +++ b/Dockerfile-slim @@ -103,7 +103,14 @@ RUN pip3 install --no-cache-dir pipenv \ ############################## # Installs Perl dependencies # ############################## -RUN curl --retry 5 --retry-delay 5 -sL https://cpanmin.us/ | perl - -nq --no-wget Perl::Critic +RUN curl --retry 5 --retry-delay 5 -sL https://cpanmin.us/ | perl - -nq --no-wget Perl::Critic \ +####################### +# Installs ActionLint # +####################### + && curl --retry 5 --retry-delay 5 -sLO https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash \ + && chmod +x download-actionlint.bash \ + && ./download-actionlint.bash \ + && mv actionlint /usr/bin/actionlint ###################### # Install shellcheck # diff --git a/README.md b/README.md index 81b8bda7..5f131015 100644 --- a/README.md +++ b/README.md @@ -56,8 +56,8 @@ Developers on **GitHub** can call the **GitHub Action** to lint their code base | **Ansible** | [ansible-lint](https://github.com/ansible/ansible-lint) | | **Azure Resource Manager (ARM)** | [arm-ttk](https://github.com/azure/arm-ttk) | | **AWS CloudFormation templates** | [cfn-lint](https://github.com/aws-cloudformation/cfn-python-lint/) | -| **C++** | [cpp-lint](https://github.com/cpplint/cpplint) / [clang-format](https://clang.llvm.org/docs/ClangFormatStyleOptions.html) | -| **C#** | [dotnet-format](https://github.com/dotnet/format) / [clang-format](https://clang.llvm.org/docs/ClangFormatStyleOptions.html) | +| **C++** | [cpp-lint](https://github.com/cpplint/cpplint) / [clang-format](https://clang.llvm.org/docs/ClangFormatStyleOptions.html) | +| **C#** | [dotnet-format](https://github.com/dotnet/format) / [clang-format](https://clang.llvm.org/docs/ClangFormatStyleOptions.html) | | **CSS** | [stylelint](https://stylelint.io/) | | **Clojure** | [clj-kondo](https://github.com/borkdude/clj-kondo) | | **CoffeeScript** | [coffeelint](https://coffeelint.github.io/) | @@ -66,6 +66,7 @@ Developers on **GitHub** can call the **GitHub Action** to lint their code base | **Dockerfile** | [dockerfilelint](https://github.com/replicatedhq/dockerfilelint.git) / [hadolint](https://github.com/hadolint/hadolint) | | **EDITORCONFIG** | [editorconfig-checker](https://github.com/editorconfig-checker/editorconfig-checker) | | **ENV** | [dotenv-linter](https://github.com/dotenv-linter/dotenv-linter) | +| **GitHub Actions** | [actionlint](https://github.com/rhysd/actionlint) | | **Gherkin** | [gherkin-lint](https://github.com/vsiakka/gherkin-lint) | | **Golang** | [golangci-lint](https://github.com/golangci/golangci-lint) | | **Groovy** | [npm-groovy-lint](https://github.com/nvuillam/npm-groovy-lint) | @@ -281,6 +282,7 @@ But if you wish to select or exclude specific linters, we give you full control | **ERROR_ON_MISSING_EXEC_BIT** | `false` | If set to `false`, the `bash-exec` linter will report a warning if a shell script is not executable. If set to `true`, the `bash-exec` linter will report an error instead. | | **FILTER_REGEX_EXCLUDE** | `none` | Regular expression defining which files will be excluded from linting (ex: `.*src/test.*`) | | **FILTER_REGEX_INCLUDE** | `all` | Regular expression defining which files will be processed by linters (ex: `.*src/.*`) | +| **GITHUB_ACTIONS_CONFIG_FILE** | `.actionlint.yml` | Filename for [Actionlint configuration](https://github.com/rhysd/actionlint#configuration-file) (ex: `actionlint.yml`) | | **GITHUB_DOMAIN** | `github.com` | Specify a custom Github domain in case Github Enterprise is used: e.g. `github.myenterprise.com` | | **GITHUB_CUSTOM_API_URL** | `api.github.com` | Specify a custom Github API URL in case Github Enterprise is used: e.g. `https://github.myenterprise.com/api/v3/` | | **IGNORE_GENERATED_FILES** | `false` | If set to `true`, super-linter will ignore all the files with `@generated` marker but without `@not-generated` marker. | @@ -328,6 +330,7 @@ But if you wish to select or exclude specific linters, we give you full control | **VALIDATE_DOCKERFILE_HADOLINT** | `true` | Flag to enable or disable the linting process of the Docker language. | | **VALIDATE_EDITORCONFIG** | `true` | Flag to enable or disable the linting process with the editorconfig. | | **VALIDATE_ENV** | `true` | Flag to enable or disable the linting process of the ENV language. | +| **VALIDATE_GITHUB_ACTIONS** | `true` | Flag to enable or disable the linting process of the GitHub Actions. | | **VALIDATE_GHERKIN** | `true` | Flag to enable or disable the linting process of the Gherkin language. | | **VALIDATE_GO** | `true` | Flag to enable or disable the linting process of the Golang language. | | **VALIDATE_GROOVY** | `true` | Flag to enable or disable the linting process of the language. | diff --git a/TEMPLATES/actionlint.yml b/TEMPLATES/actionlint.yml new file mode 100644 index 00000000..00dc4901 --- /dev/null +++ b/TEMPLATES/actionlint.yml @@ -0,0 +1,3 @@ +--- +self-hosted-runner: + # Labels of self-hosted runner in array of string diff --git a/lib/functions/buildFileList.sh b/lib/functions/buildFileList.sh index c10061df..c31e8a0f 100755 --- a/lib/functions/buildFileList.sh +++ b/lib/functions/buildFileList.sh @@ -758,6 +758,15 @@ function BuildFileList() { ################################ FILE_ARRAY_YAML+=("${FILE}") + ################################### + # Check if file is GitHub Actions # + ################################### + if DetectActions "${FILE}"; then + ################################ + # Append the file to the array # + ################################ + FILE_ARRAY_GITHUB_ACTIONS+=("${FILE}") + fi ############################ # Check if file is Ansible # ############################ diff --git a/lib/functions/detectFiles.sh b/lib/functions/detectFiles.sh index 972846f3..0521ef4a 100755 --- a/lib/functions/detectFiles.sh +++ b/lib/functions/detectFiles.sh @@ -28,6 +28,22 @@ DetectAnsibleFile() { fi } ################################################################################ +#### Function DetectActions #################################################### +DetectActions() { + FILE="${1}" + + debug "Checking if ${FILE} is a GitHub Actions file..." + + # Check if in the users .github, or the super linter test suite + if [[ "$(dirname "${FILE}")" == *".github/workflows"* ]] || [[ "$(dirname "${FILE}")" == *".automation/test/github_actions"* ]]; then + debug "${FILE} is GitHub Actions file." + return 0 + else + debug "${FILE} is NOT GitHub Actions file." + return 1 + fi +} +################################################################################ #### Function DetectOpenAPIFile ################################################ DetectOpenAPIFile() { ################ diff --git a/lib/linter.sh b/lib/linter.sh index 82f479dc..4a2d1d1d 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -92,6 +92,8 @@ DOCKERFILE_FILE_NAME=".dockerfilelintrc" DOCKERFILE_HADOLINT_FILE_NAME="${DOCKERFILE_HADOLINT_FILE_NAME:-.hadolint.yaml}" EDITORCONFIG_FILE_NAME="${EDITORCONFIG_FILE_NAME:-.ecrc}" # shellcheck disable=SC2034 # Variable is referenced indirectly +GITHUB_ACTIONS_FILE_NAME="${GITHUB_ACTIONS_CONFIG_FILE:-actionlint.yml}" +# shellcheck disable=SC2034 # Variable is referenced indirectly GHERKIN_FILE_NAME=".gherkin-lintrc" # shellcheck disable=SC2034 # Variable is referenced indirectly GO_FILE_NAME=".golangci.yml" @@ -195,15 +197,15 @@ fi ################## LANGUAGE_ARRAY=('ANSIBLE' 'ARM' 'BASH' 'BASH_EXEC' 'CLANG_FORMAT' 'CLOUDFORMATION' 'CLOJURE' 'COFFEESCRIPT' 'CPP' 'CSHARP' 'CSS' 'DART' - 'DOCKERFILE' 'DOCKERFILE_HADOLINT' 'EDITORCONFIG' 'ENV' 'GHERKIN' 'GO' - 'GROOVY' 'HTML' 'JAVA' 'JAVASCRIPT_ES' "${JAVASCRIPT_STYLE_NAME}" 'JSCPD' - 'JSON' 'JSONC' 'JSX' 'KUBERNETES_KUBEVAL' 'KOTLIN' 'LATEX' 'LUA' 'MARKDOWN' - 'OPENAPI' 'PERL' 'PHP_BUILTIN' 'PHP_PHPCS' 'PHP_PHPSTAN' 'PHP_PSALM' - 'POWERSHELL' 'PROTOBUF' 'PYTHON_BLACK' 'PYTHON_PYLINT' 'PYTHON_FLAKE8' - 'PYTHON_ISORT' 'PYTHON_MYPY' 'R' 'RAKU' 'RUBY' 'RUST_2015' 'RUST_2018' - 'RUST_CLIPPY' 'SHELL_SHFMT' 'SNAKEMAKE_LINT' 'SNAKEMAKE_SNAKEFMT' 'STATES' - 'SQL' 'TEKTON' 'TERRAFORM' 'TERRAFORM_TERRASCAN' 'TERRAGRUNT' 'TSX' - 'TYPESCRIPT_ES' 'TYPESCRIPT_STANDARD' 'XML' 'YAML') + 'DOCKERFILE' 'DOCKERFILE_HADOLINT' 'EDITORCONFIG' 'ENV' 'GITHUB_ACTIONS' + 'GHERKIN' 'GO' 'GROOVY' 'HTML' 'JAVA' 'JAVASCRIPT_ES' + "${JAVASCRIPT_STYLE_NAME}" 'JSCPD' 'JSON' 'JSONC' 'JSX' 'KUBERNETES_KUBEVAL' + 'KOTLIN' 'LATEX' 'LUA' 'MARKDOWN' 'OPENAPI' 'PERL' 'PHP_BUILTIN' 'PHP_PHPCS' + 'PHP_PHPSTAN' 'PHP_PSALM' 'POWERSHELL' 'PROTOBUF' 'PYTHON_BLACK' + 'PYTHON_PYLINT' 'PYTHON_FLAKE8' 'PYTHON_ISORT' 'PYTHON_MYPY' 'R' 'RAKU' 'RUBY' + 'RUST_2015' 'RUST_2018' 'RUST_CLIPPY' 'SHELL_SHFMT' 'SNAKEMAKE_LINT' + 'SNAKEMAKE_SNAKEFMT' 'STATES' 'SQL' 'TEKTON' 'TERRAFORM' 'TERRAFORM_TERRASCAN' + 'TERRAGRUNT' 'TSX' 'TYPESCRIPT_ES' 'TYPESCRIPT_STANDARD' 'XML' 'YAML') ############################## # Linter command names array # @@ -225,6 +227,7 @@ LINTER_NAMES_ARRAY['DOCKERFILE']="dockerfilelint" LINTER_NAMES_ARRAY['DOCKERFILE_HADOLINT']="hadolint" LINTER_NAMES_ARRAY['EDITORCONFIG']="editorconfig-checker" LINTER_NAMES_ARRAY['ENV']="dotenv-linter" +LINTER_NAMES_ARRAY['GITHUB_ACTIONS']="actionlint" LINTER_NAMES_ARRAY['GHERKIN']="gherkin-lint" LINTER_NAMES_ARRAY['GO']="golangci-lint" LINTER_NAMES_ARRAY['GROOVY']="npm-groovy-lint" @@ -823,6 +826,7 @@ LINTER_COMMANDS_ARRAY['DOCKERFILE']="dockerfilelint -c $(dirname "${DOCKERFILE_L LINTER_COMMANDS_ARRAY['DOCKERFILE_HADOLINT']="hadolint -c ${DOCKERFILE_HADOLINT_LINTER_RULES}" LINTER_COMMANDS_ARRAY['EDITORCONFIG']="editorconfig-checker -config ${EDITORCONFIG_LINTER_RULES}" LINTER_COMMANDS_ARRAY['ENV']="dotenv-linter" +LINTER_COMMANDS_ARRAY['GITHUB_ACTIONS']="actionlint -config-file ${GITHUB_ACTIONS_LINTER_RULES}" LINTER_COMMANDS_ARRAY['GHERKIN']="gherkin-lint -c ${GHERKIN_LINTER_RULES}" LINTER_COMMANDS_ARRAY['GO']="golangci-lint run -c ${GO_LINTER_RULES}" LINTER_COMMANDS_ARRAY['GROOVY']="npm-groovy-lint -c ${GROOVY_LINTER_RULES} --failon warning" diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb index e4fdd0cd..5a24938a 100644 --- a/test/inspec/super-linter/controls/super_linter.rb +++ b/test/inspec/super-linter/controls/super_linter.rb @@ -89,6 +89,7 @@ control "super-linter-installed-commands" do default_expected_stdout_regex = /(.*?)/s linters = [ + { linter_name: "actionlint"}, { linter_name: "ansible-lint"}, { linter_name: "arm-ttk", version_command: "grep -iE 'version' '/usr/bin/arm-ttk' | xargs"}, { linter_name: "asl-validator"}, @@ -392,6 +393,7 @@ control "super-linter-validate-files" do "/action/lib/functions/updateSSL.sh", "/action/lib/functions/validation.sh", "/action/lib/functions/worker.sh", + "/action/lib/.automation/actionlint.yml", "/action/lib/.automation/.ansible-lint.yml", "/action/lib/.automation/.arm-ttk.psd1", "/action/lib/.automation/.cfnlintrc.yml",