Commit graph

78 commits

Author SHA1 Message Date
Andre Klärner
ec05515e93
fix: ensure setting /github/workdir as Git safe directory works always (#6242)
When running super-linter on in a self hosted runner based on Action
Runner Controller in K8s container mode the /github/home directory is
not neccesarily mounted. But since we expect this directory to exist
super-linter fails to set /github/workspace as a Git safe directory:

    2024-10-04 17:58:37 [INFO]   Successfully validated GITHUB_WORKSPACE: /github/workspace
    2024-10-04 17:58:37 [DEBUG]   Configuring Git safe directories
    2024-10-04 17:58:37 [DEBUG]   Set /github/workspace as a Git safe directory
    error: could not lock config file /github/home/.gitconfig: No such file or directory
    2024-10-04 17:58:37 [FATAL]   Cannot configure /github/workspace as a Git safe directory.

Making sure this directory exists in container image ensures that under
no circumstances we can fail - if the action runner provides
/github/home it will be mounted over, and if not we provide a directory
where git can actually create the new .gitconfig.

This also defaults the HOME environment variable to /github/home as it
is the default in most places. So if somebody decides to override HOME
they are also expected to ensure that this directory exists (or is a
volume mount)
2024-12-12 15:44:28 +00:00
Marco Ferrari
5d6e3fcecc
feat: lint commit messages with commitlint (#6118)
Add support to run Commitlint against commit messages. It supports the
current modes:

- Lint the commit message of the last commit
- Lint the commit messages of the pushed commits in case there is more
  than one pushed commit

This commit also removes stuff that we used to run commitlint as a
standalone tool because we can now use the commitlint instance that
Super-linter ships:

- lint-commit steps in lint-commit the GitHub Actions workflow
- lint-commit Make target
- commitlint and its dependencies in package.json and package-lock.json
2024-09-19 08:53:13 +00:00
Marco Ferrari
72a4884f7a
chore: manage php dependencies (#6139)
- Install PHP dependencies using composer
- Watch composer dependency updates with Dependabot
2024-09-13 08:08:39 +02:00
Marco Ferrari
e0d8b4fb2f
feat: implement a linter to check git conflicts (#6113)
Implement a linter to check if files contain Git conflict
markers or whitespace errors.
2024-09-05 08:02:36 +02:00
Nito Buendia
5b13acee46
feat: add pyink as a Python formatter (#6083) 2024-08-27 15:00:51 +00:00
Marco Ferrari
48d5391b7b
fix!: remove sql-lint (#5991)
sql-lint is unmaintained, and its dependencies are impacted by several
vulnerabilities.
2024-08-14 17:30:46 +02:00
Marco Ferrari
4854e774f3
chore: disable dotnet telemetry (#6016) 2024-08-13 16:12:32 +02:00
Niel Markwick
ea16cd9a1b
fix: add RENOVATE_X_IGNORE_RE2 env var to remove warning (#5986)
Renovate has an optional requirement for the RE2 package, and will warn if
it is not present.

Setting env variable RENOVATE_X_IGNORE_RE2=true will hide this warning.
(see https://github.com/renovatebot/renovate/pull/21391)
2024-08-12 11:14:51 +02:00
Marco Ferrari
40410c2d60
fix: use cargo clippy instead of cargo-clippy (#5988)
The cargo-clippy command has been depreacted since Cargo
v1.78.0. This is needed to unblock the implementation of fix mode.
2024-08-11 23:18:33 +02:00
Marco Ferrari
6fdc091361
feat: local fix mode (#5978)
Certain linters and formatters support fixing linting and formatting
issues (fix mode). Before this change, Super-linter runs linters and
formatters in a mode that doesn't modify the source code in any way
(check only mode).

With this change, Super-linter supports running linters and formatters
in fix mode if explicitly requested by the configuration. If the
configuration includes a variable named FIX_<language_name>,
Super-linters modifies the command to run the linter or formatter for
<language_name> to enable fix mode.

The modifications to the linter or formatter command that Super-linter
applies depend on what is the default for a particular linter: it either
removes or adds options to the command to run the linter or formatter.
2024-08-07 15:36:16 +02:00
Marco Ferrari
633b8af60d
fix: add missing rspec dependencies (#5982)
rubocop-rspec >= 3.0.0 doesn't install some gems by default, so we
install them manually.

Fix #5980
2024-08-06 22:29:45 +02:00
Marco Ferrari
14a6ee6da6
chore: move rules vars to a dedicated file (#5946) 2024-08-05 08:56:56 +02:00
Marco Ferrari
c46346c774
chore: remove clippy script, run clippy directly (#5953)
Remove clippy.sh script and run cargo-clippy directly. The script was
needed because when we introduced cargo-clippy, Super-linter didn't have
a way to customize the working directory when running linters and
formatters. Now, we can use GNU Parallel to handle that case.

This will unblock the work to do to implement #4001 (pass custom options
to cargo-clippy).
2024-08-02 13:24:43 +02:00
Marco Ferrari
d9592327c6
chore: extract language array definition (#5945)
Move LANGUAGE_ARRAY definition and initialization to a dedicated file
(globals/languages.sh) so we can source it in different places without
having to source the whole linter.sh
2024-07-31 17:00:41 +02:00
Marco Ferrari
ef57e132e1
fix: avoid duplicated content in summary (#5939)
- Remove the previous summary file is present to avoid showing stale
  contents from old summaries.
- Extract the logic to write summary heading and lines to dedicated
  functions in output.sh to make it easier adding new formats in the
  future.
2024-07-30 08:35:14 +02:00
Chongyi Zheng
d9d19095ec
chore: bump alpine image to 3.20 and php to 8.3.x (#5863) 2024-07-15 09:52:42 +00:00
Marco Ferrari
c770a8d253
feat: enable dotenv-linter for slim images (#5868)
Set up dotenv-linter for the slim image, and not only for the standard
image because it doesn't have dependencies on the Rust SDK, and weights
less than 10MB.
2024-07-10 15:50:15 +02:00
Marco Ferrari
d74351fda7
feat: add the kustomize binary for checkov (#5763)
Checkov needs the kustomize binary to enable related checks, otherwise
these checks are silently skipped.

Ref https://www.checkov.io/7.Scan%20Examples/Kustomize.html
2024-06-27 19:03:16 +02:00
Andrew Kreuzer
5b5d2f7ef0
feat: checkov scans for helm charts (#5631) 2024-06-07 15:06:55 +00:00
Marco Ferrari
c26430f868
feat: support arbitrary shellcheck config paths (#5571)
- Support passing an arbitrary path to the shellcheck configuration file
  with the BASH_CONFIG_FILE_NAME variable. This brings shellcheck in
  line with other linters that support configuration files.
- Enable shellcheck external sources using a directive in the
  configuration file, so users can eventually override it if not needed.
- Export command configuration variables that subprocesses might need.

Close #5414
2024-04-25 19:47:55 +00:00
Masaya Suzuki
69249882f3
feat: support GoReleaser (#5505) 2024-04-15 12:38:25 +00:00
Ümit Büyükulcay
0ae4572874
feat: add clang-format style configuration (#5424) 2024-04-11 14:59:47 +02:00
Junya Okabe
e71a37d49d
feat: add depndency (#5456)
feat: configure ruff

feat: update the orchestration scripts

feat: update the test suite

docs: update README

feat: add test cases for ruff

fix: CI error

chore: del .github/linters/.ruff.toml

fix: CI error

fix: README

update: LINTER_NAMES_ARRAY

fix: Dockerfile

fix: .github/linters/.jscpd.json

fix: test files

fix: del version_command
2024-04-10 12:02:28 +00:00
Chongyi Zheng
252a980961
build: add glibc via gcompat layer (#5334) 2024-02-29 17:12:01 +00:00
Marco Ferrari
49320c834b
build: install dotnet and powershell from images (#5245)
Install the .NET SDK and PowerShell from their container images so that
we avoid spending time running their installers, and we can control
their updates automatically.

Close #5243
2024-02-10 08:51:09 +00:00
Marco Ferrari
5b5e54ad5c
fix: initialize terrascan at runtime (#5246)
Terrascan runs initialization anyway when scanning files, so there's no
point in running it at build time. Also, this works around a Terrascan
bug that caused it to fail its initialization if $HOME/.terrascan
directory is not present. This happens on GitHub Actions because it
configures a $HOME directory that is different from ours.
2024-02-09 22:57:01 +00:00
Marco Ferrari
83eca1df43
fix: unset the log_level variable (#5249)
- Super-linter uses the LOG_LEVEL variable to let the user
  configure the desired log level. Checkov and Renovate use a variable
  with the same name for the same purpose, but accept a
  different set of values, and exit with an error if it gets an unknown
  value for that variable.
- Refactor the VERBOSE log level to the more commonly used INFO.
  Configuration validation will warn users if they use VERBOSE and
  instruct them to use INFO instead. This is not a breaking change
  because super-linter falls back on INFO if VERBOSE is set.
- Remove the TRACE log level because we rarely used it. As with VERBOSE,
  configuration validation will warn the user. Fall back to DEBUG if the
  user configured LOG_LEVEL to VERBOSE.

Close #5217
2024-02-09 18:43:58 +00:00
Marco Ferrari
d7790e4f1c
build: move linter verions logic outside runtime (#5197)
Move the logic to build the linter versions file outside the main
runtime. There's no need to include it there because it's used only when
building the image.

Move the list of linters by name in linterVersions.sh because we don't
need it in any other place.
2024-02-05 13:31:36 +01:00
Marco Ferrari
eded42747b
fix: don't add unnecessary empty lines (#5221) 2024-02-05 11:49:22 +01:00
Marco Ferrari
99e41ce451
feat: run linters in parallel (#5177) 2024-01-30 19:24:55 +00:00
Marco Ferrari
e162b950f4
build: update tekton-lint to use its new namespace (#5176)
tekton-lint is now published under the @ibm namespace
2024-01-24 07:14:55 +00:00
Marco Ferrari
f3d1590cd4
build: update react native dependencies (#5152)
- Update @react-native-community dependencies to their @react-native
  upgrades because the former namespace is deprecated (React release
  0.72)
- Don't install @react-native/eslint-plugin directly because it's a
  dependency of @react-native/eslint-config
2024-01-18 17:39:35 +00:00
Marco Ferrari
df911171c4
build: python venvs and npm in dedicated stages (#5078)
Move the following tasks to dedicated stages so we can run these steps
in parallel with other stages:

- Build Python virtual environments
- Install npm packages
- Build clang-format
- Download and install TFlint plugins

Add missing target stage when building the container image
2024-01-10 11:09:53 +01:00
Marco Ferrari
cf2038d903
fix: fix GITHUB_BEFORE_SHA initalization for push (#5098) 2024-01-05 23:07:39 +01:00
Marco Ferrari
3847309eca
build: remove unneeded Node dependencies (#5093)
- Remove axios, immer, ini, lodash, node-fetch that were installed to
  run Trivy reports. We can remove them because we use the Trivy action.
- Remove the Trivy workflow that was disabled anyway.
2024-01-03 16:54:06 +01:00
Marco Ferrari
65aae17a26
build!: uninstall eslint-config-airbnb-typescript (#5077)
eslint-config-airbnb-typescript is unmaintained. Having it installed is
blocking @typescript-eslint/eslint-plugin updates
2024-01-03 10:45:39 +01:00
Marco Ferrari
9257ba8af3
build: use embedded checkstyle configuration files (#5089)
checkstyle embeds sun_checks.xml and google_checks.xml so we can use
them instead of shipping our own.
2024-01-02 18:47:45 +01:00
Marco Ferrari
901a901655
fix: add missing checkov configuration file (#5090)
Add a default (empty) configuration file for Checkov and a smoke test to
ensure that we catch the case where a default configuration file is not
present, and it should be.
2024-01-02 18:03:30 +01:00
Marco Ferrari
19e39e211e
build: install clang-format from OS package repo (#5071)
Build and install clang-format instead of pulling it from a (potentially)
unmaintained repository
2024-01-01 11:39:59 +01:00
Marco Ferrari
1ca3ebccd6
build: reduce container image size (#5072)
- Remove build-time dependencies
- Remove cached NPM packages
- Remove cached PyPi packages
- Remove dependency descriptors. These still count against the total space,
  although it's a few KBs
- Install rust-clippy and rust-fmt using the OS package manager instead of
  maintaining our own installation script
- Add tests for build time dependencies that are not supposed to be installed
2023-12-29 19:30:58 +01:00
Marco Ferrari
4d9eaa5c54
build: update Dart, dart analyzer to 3.2.4 (#5065)
Recent versions of dart analyzer don't support the --options
configuration option anymore, so we cannot pass an arbitrary
configuration file. This commit removes the default dart analyzer
configuration file as well, because it's not needed anymore.
2023-12-26 22:14:57 +01:00
Marco Ferrari
9d7268fb99
feat: add support for checkov to lint iac files (#4925)
- Add support to run Checkov against infrastructure as code descriptors
  that are in a given (configurable) directory. Defaults to lint the
  whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
  issues right away with this change.
2023-12-22 13:22:15 +01:00
Marco Ferrari
60983d395f
fix: fail if r package installation fails (#4994)
- Fail if the installation of a R package fails.
- Install the remotes package once during the image build, and not when we scan
  files at runtime.
- Reuse the default R library directory instead of moving it to /home/r-library
2023-12-21 20:52:57 +01:00
Marco Ferrari
22b8624f61
Simplify container image build (#4962) 2023-12-15 11:59:36 +01:00
Marco Ferrari
d465382ed5
Update documentation (#4981)
* Update documentation

* Fix typos

* Update security policy

* Remove outdated instructions

* Fix list

* Add more info to config load step

* Don't test linter.yml

* Point to the cd workflow in README

* Move badge up

* Add info about Make help

---------

Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-12-11 21:35:20 +00:00
Marco Ferrari
b11b2ff58d
Update spectral dependency id (#4896)
* Update spectral dependency id

* Update test
2023-11-30 08:20:04 +00:00
Zack Koppert
071f051633
Update google java format and JDK (#4848)
* Update google java format and JDK

* update to use non-deprecated function

* update jdk to v18

* update to jdk v18

* try v17 jdk

* try v17 jdk
2023-11-10 22:46:25 -08:00
dependabot[bot]
d9800fbdac
Bump asl-validator from 3.6.1 to 3.8.1 in /dependencies (#4598)
* Bump asl-validator from 3.6.1 to 3.8.1 in /dependencies

Bumps [asl-validator](https://github.com/ChristopheBougere/asl-validator) from 3.6.1 to 3.8.1.
- [Release notes](https://github.com/ChristopheBougere/asl-validator/releases)
- [Commits](https://github.com/ChristopheBougere/asl-validator/compare/3.6.1...3.8.1)

---
updated-dependencies:
- dependency-name: asl-validator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* asl-validator now supports a `--version` command 🎉

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-10-25 22:29:52 +00:00
Frode Danielsen
650b6aec03
Add Babel preset for TypeScript package (#4762)
This preset is recommended for those who use TypeScript, adding support
for transforming TypeScript to JavaScript through Babel.
2023-10-17 16:16:52 +00:00
Vadim Hatsura
80476af4f7
feat: use built-in dotnet format linter for csharp language (#4627)
* chore: add test case for csharp language which should pass

it shows that the current version of linter for csharp language reports false positive issues

* feat: use built-in linter for csharp language

https://github.com/dotnet/format/issues/1268

* chore: remove dotnet-format installation from install-dotnet.sh

dotnet format is a part of .NET 6 SDK and shouldn't be installed separately anymore

* docs: update linter name for dotnet

instead of dotnet-format built-in format command from dotnet is used (points to the same repository as before)

* chore: update linter name for dotnet in tests

---------

Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-10-16 18:31:03 +00:00