Introduce a new configuration variable, BASH_EXEC_IGNORE_LIBRARIES. If
set to true, the behaviour of bash-exec is modified: if a shell file has
a file extension and no shebang line, it is ignored, i.e., allowed to be
non-executable. This allows files that are only every sourced from other
shell files, acting as libraries and not executables, to have no
executable bit set without failing the bash-exec linter.
Emit a hopefully more helpful error message when the Git ref doesn't
exist. The error message is the same we use when getting changed files
only: it suggests checking that repository clone is not shallow, and
that the full history is available. Additionally, when running on
GitHub Actions, it also suggests checking the fetch-depth option of the
actions/checkout step.
Fix#5315
- Move log variables in log.sh to shorten linter.sh
- Source log.sh as soon as possible, so we can use log functions and
variables as soon as possible.
- Validate 'boolean' log variables: LOG_DEBUG, LOG_VERBOSE, LOG_NOTICE,
LOG_WARN, LOG_ERROR.
- Move foreground color markers from an associative array (that we
cannot export), inside the log function. This fixes an issue that we
discovered while working on #5254 where color markers were not
available to subprocesses.
- Remove background color markers because we don't use them.
- Super-linter uses the LOG_LEVEL variable to let the user
configure the desired log level. Checkov and Renovate use a variable
with the same name for the same purpose, but accept a
different set of values, and exit with an error if it gets an unknown
value for that variable.
- Refactor the VERBOSE log level to the more commonly used INFO.
Configuration validation will warn users if they use VERBOSE and
instruct them to use INFO instead. This is not a breaking change
because super-linter falls back on INFO if VERBOSE is set.
- Remove the TRACE log level because we rarely used it. As with VERBOSE,
configuration validation will warn the user. Fall back to DEBUG if the
user configured LOG_LEVEL to VERBOSE.
Close#5217
Move the logic to build the linter versions file outside the main
runtime. There's no need to include it there because it's used only when
building the image.
Move the list of linters by name in linterVersions.sh because we don't
need it in any other place.
- Validate variables representing boolean values.
- Group global variables in the same sections.
- Declare variables as lowercase with the 'declare -l' shell builtin for
more clarity.
Deprecate the ERROR_ON_MISSING_EXEC_BIT variable to remove a confusing
corner case, and to align the BASH_EXEC check to how super-linter
handles other linters.
- Fail if the configuration contains USE_FIND_ALGORITHM=true and
VALIDATE_ALL_CODEBASE=false because this is an unsupported
configuration. Before this change, super-linter silently ignored
VALIDATE_ALL_CODEBASE, leading to potentially surprising behavior.
- Run jscpd, gitleaks, textlint against the entire workspace instead of
running them over single files, one by one.
- Implement a warning function for deprecated variables.
- Deprecate the VALIDATE_JSCPD_ALL_CODEBASE variable.
- Remove duplicate configuration files when they are the same as the
ones we provide in TEMPLATES.
- Add a missing tests for ansible-lint.
- Move ANSIBLE_DIRECTORY configuration when running tests in
buildFileList, where similar configs are.
- Simplify ansible-lint test cases to include only what's necessary, and
not an entire set of roles, playbooks, and inventory.
- Write instructions about major upgrades in the upgrade guide.
- Add support to run Checkov against infrastructure as code descriptors
that are in a given (configurable) directory. Defaults to lint the
whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
issues right away with this change.
* Lint Go projects by directory
* Search for Go modules
* Fix test path
* Add test cases and fix command
* Change workdir
* Add a warning about false positives
* fatal instead of warn
* Move tests to the test directory
* Close group on fatal
* Don't fail in test mode
* Exit on errors when running Git
* Skip pulling changes entirely
* Enable pipefail when generating diffs
* Cleanup
* Shallow repo check
* Echo GITHUB_SHA update
* Check if GITHUB_SHA exists before using it
* Move GITHUB_SHA validation to validation script
* Rely on cat-file return code
* Check if DEFAULT_BRANCH exists
* Change dir when checking DEFAULT_BRANCH
* Show git branches
* Don't switch branches
* Check GITHUB_SHA only when needed
* Ensure we have permissions before interacting with the repo
* Remove the DIFF_CMD variable
* Move TEST_CASE_RUN and RUN_LOCAL init up
* Validate if Git repo and if SHA exists
* Move validation function
* Change dir when getting branch names
* Move debug messages up to be less verbose
* Move branch validation in a function
* Fix linting errors
* no need to run git check-ignore on every file if you are not setting IGNORE_GITIGNORED_FILES
* use id instead of whoami for determining running and discard stderr
* accidently include change from other PR
* remove commented code
---------
Co-authored-by: Zack Koppert <zkoppert@github.com>
* Ignore files that are ignored by Git
* Add missing continue statement
* Fix linting errors
* Fix linting errors
* like it
* like it
* Add the IGNORE_GITIGNORED_FILES variable
* Fix setting the Ansible directory when running tests
* Fix var export
* Update linter.sh
Co-authored-by: Admiral Awkbar <admiralawkbar@github.com>
* Improved ANSIBLE_DIRECTORY validation to support the repository root
Fixes#1110, which prevents linting playbooks at the root of the repository from being supported.
* Trim whitespace
* Remove undesired extra validation condition
Addressing review feedback from @ ferrarimarco
* Avoid mutating ANSIBLE_DIRECTORY beyond the extent that was already in place
Co-authored-by: Lukas Gravley <admiralawkbar@github.com>
