- New SAVE_SUPER_LINTER_OUTPUT variable. When set to true,
saves super-linter output to ${DEFAULT_WORKSPACE}/${SUPER_LINTER_OUTPUT_DIRECTORY_NAME}
- New SUPER_LINTER_OUTPUT_DIRECTORY_NAME variable to set the output
directory name instide the default workspace.
Close#5774
Don't skip processing the current item (FILE) before we give
BuildFileArrays the chance to process it as an item to eventually add to
the list of directories to lint with ansible-lint.
Fix#5789
Other related changes
- Add a new make target to open a shell in a Super-linter container.
- Use a fixed path for FILE_ARRAYS_DIRECTORY_PATH so we can verify its
contents in tests
- Remove redundant ValidateBooleanVariable in buildFileList because we
already check those variables in valudation.
- Move Ansible directory detection to a function so we can reuse it.
- Add missing exports for global configuration variables.
- Remove unused LOG_XXXX variables from tests. These should have been
deleted when we moved log variables to log.sh
- Don't require Git SHA and branch validation when
IGNORE_GITIGNORED_FILES=true because we only need to validate that the
workspace is a Git repository in this case.
Fix#5383
- Don't require Git SHA and branch validation when
IGNORE_GITIGNORED_FILES=true because we only need to validate that the
workspace is a Git repository in this case.
Fix#5383
Introduce a new configuration variable, BASH_EXEC_IGNORE_LIBRARIES. If
set to true, the behaviour of bash-exec is modified: if a shell file has
a file extension and no shebang line, it is ignored, i.e., allowed to be
non-executable. This allows files that are only every sourced from other
shell files, acting as libraries and not executables, to have no
executable bit set without failing the bash-exec linter.
Enable debug logging when one (or more) of the following conditions is
true:
- ACTIONS_RUNNER_DEBUG is set to true
- ACTIONS_STEPS_DEBUG is set to true
- RUNNER_DEBUG is set to 1
In case of linting errors, print stdout and stderr (if present)
at the ERROR level if users set LOG_LEVEL to NOTICE to avoid
failures without any explanation.
Terrascan runs initialization anyway when scanning files, so there's no
point in running it at build time. Also, this works around a Terrascan
bug that caused it to fail its initialization if $HOME/.terrascan
directory is not present. This happens on GitHub Actions because it
configures a $HOME directory that is different from ours.
- Initialize GITHUB_DOMAIN as documented in the README
- Configure other URLs according to GITHUB_DOMAIN
- Automatically fetch SSH key fingerprints for GITHUB_DOMAINS
- Super-linter uses the LOG_LEVEL variable to let the user
configure the desired log level. Checkov and Renovate use a variable
with the same name for the same purpose, but accept a
different set of values, and exit with an error if it gets an unknown
value for that variable.
- Refactor the VERBOSE log level to the more commonly used INFO.
Configuration validation will warn users if they use VERBOSE and
instruct them to use INFO instead. This is not a breaking change
because super-linter falls back on INFO if VERBOSE is set.
- Remove the TRACE log level because we rarely used it. As with VERBOSE,
configuration validation will warn the user. Fall back to DEBUG if the
user configured LOG_LEVEL to VERBOSE.
Close#5217
CHANGELOG.md is automatically generated by the release workflow.
Ignore it when linting the codebase because it might not pass textlint
validation because of lowercase terms.
Deprecate the ERROR_ON_MISSING_EXEC_BIT variable to remove a confusing
corner case, and to align the BASH_EXEC check to how super-linter
handles other linters.
Move the following tasks to dedicated stages so we can run these steps
in parallel with other stages:
- Build Python virtual environments
- Install npm packages
- Build clang-format
- Download and install TFlint plugins
Add missing target stage when building the container image
Add a default (empty) configuration file for Checkov and a smoke test to
ensure that we catch the case where a default configuration file is not
present, and it should be.
- Run jscpd, gitleaks, textlint against the entire workspace instead of
running them over single files, one by one.
- Implement a warning function for deprecated variables.
- Deprecate the VALIDATE_JSCPD_ALL_CODEBASE variable.
- Remove duplicate configuration files when they are the same as the
ones we provide in TEMPLATES.
- Add a missing tests for ansible-lint.
- Move ANSIBLE_DIRECTORY configuration when running tests in
buildFileList, where similar configs are.
- Simplify ansible-lint test cases to include only what's necessary, and
not an entire set of roles, playbooks, and inventory.
- Write instructions about major upgrades in the upgrade guide.
- Add support to run Checkov against infrastructure as code descriptors
that are in a given (configurable) directory. Defaults to lint the
whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
issues right away with this change.
- Implement a job to preview the release notes
- Include build, ci, and dependency updates
- Add emoji to section headings to match the existing release notes
- Add documentation about how to run release-please from the CLI
- Configure release-please to automatically create pull requests and
releases.
- Run release-please and tag update in the CD workflow.
- Update Git tags pointing to latest, major.minor, and major versions as
part of the CD workflow.
- Remove workflows (draft-release, release) that are not necessary
anymore, and related configuration files.
- Handle automatic updates to README.md, action.yml, and action.yaml
- Mount .github to /tmp/lint/.github so super-linter finds config files,
and the GitHub Actions to lint.
- Check if the PR contains a single commit, and fail otherwise.
- Enable commitlint to check if commits adhere to the
conventialcommits.org spec.
- Update the the pull request template to point to the conventional
commit spec.
- Update the dependabot configuration to add the "build(...)" prefix to
commits.
* Use the same image tags in CI and CD
* Define image tag once per workflow
* Fix yq tag
* Don't quote yq to avoid literal interpretation
* yq version
* Fix yq tag
* Reduce duplication
* Fix workflow env var
* Don't remove an already removed container
* move from github org to super-linter org
* rename to super-linter org
* rename to super-linter org
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter and remove dockerhub reference
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rename org to super-linter
* rm dockerhub section link
Pushes inline scripts in the Dockerfile into standalone
scripts and authenticates requests to GitHub using a
Personal Access Token to reduce build flakiness due
to GitHub's abuse and ratelimiting due to unauthenticated
reuests.
Signed-off-by: Brett Logan <lindluni@github.com>
* adding rules file
* fix naming
* cleanup
* make smart
* fixing the make
* adding template
* white space
* not sure how i got windows
* found the space
* adding new one...
* adding automation
* linter
* pull apart for faster builds
* maybe
* update automation
* fix that
* prime is smart
* fixed it
* quotes
* fix build image
* inpec
* typo
* forgot backslash
* fixed hairbrain logic
* this should help cleanup
* i hate r
* order
* maybe fix r
* maybe fix r
* update readme
* remove spaces
* update
* Generate a code coverage report
* make linters happy
* adding action and badge
* no report for me
* Upload the test report
* adding folders
* spaces not tabs
* makefiles love tabs
* spacing is important
* rawr
* Fix makefile
* Add diagnostic info
* Set UID and GID
* Make info
* Add docker images in diagnostic info
* Move info before testing the local action
* Add missing -C to git diff-tree
* Reset ownership
* Add missing quotes
* Sudo
* Attempt to fix ARM test
* Attempt to fix go test
Co-authored-by: Admiral Awkbar <admiralawkbar@github.com>