Combination of multiple linters to install as a GitHub Action
Find a file
dependabot[bot] 096216df4a
Bump zricethezav/gitleaks from 8.18.0 to v8.18.1 (#4875)
Bumps zricethezav/gitleaks from 8.18.0 to v8.18.1.

---
updated-dependencies:
- dependency-name: zricethezav/gitleaks
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-11-22 17:38:34 +00:00
.automation feat: use built-in dotnet format linter for csharp language (#4627) 2023-10-16 18:31:03 +00:00
.devcontainer Follow up with several more documentation and automation renames for the org move from github to super-linter (#4543) 2023-08-17 15:12:11 +00:00
.github Bump actions/github-script from 6 to 7 (#4879) 2023-11-22 17:16:57 +00:00
.vscode Harden testing (#982) 2020-11-20 09:12:31 -06:00
dependencies Bump rubocop-rails from 2.22.1 to 2.22.2 in /dependencies (#4877) 2023-11-22 17:17:45 +00:00
docs Use the same image tags in CI and CD (#4778) 2023-10-19 21:03:14 +00:00
lib Allow to overwrite PHP_PHPCS_FILE_NAME value (#4849) 2023-11-15 06:10:36 +00:00
scripts Address pwsh install failure (#4888) 2023-11-21 13:59:24 -08:00
slim Follow up with several more documentation and automation renames for the org move from github to super-linter (#4543) 2023-08-17 15:12:11 +00:00
TEMPLATES Bump scalameta/scalafmt from 3.7.15 to v3.7.16 (#4861) 2023-11-15 19:14:06 +00:00
test Update google java format and JDK (#4848) 2023-11-10 22:46:25 -08:00
.dockerignore Ignore .git and symlink .dockerignore 2020-09-26 00:47:15 +02:00
.editorconfig Build process improvements (#3367) 2022-09-28 08:45:01 -05:00
.gitattributes Fix editorconfig-checker errors 2020-11-05 23:21:41 +01:00
.gitignore fix: Move commands to correct place (#4579) 2023-08-25 18:25:04 +00:00
action.yml Follow up with several more documentation and automation renames for the org move from github to super-linter (#4543) 2023-08-17 15:12:11 +00:00
CODE_OF_CONDUCT.md Fixes bare URL in Code of Conduct (#4274) 2023-05-24 16:54:59 +00:00
Dockerfile Bump zricethezav/gitleaks from 8.18.0 to v8.18.1 (#4875) 2023-11-22 17:38:34 +00:00
LICENSE Change to MIT license 2020-04-28 11:29:02 -07:00
Makefile Run the info target when running the test suite (#4799) 2023-10-31 17:45:19 +00:00
README.md Allow to overwrite PHP_PHPCS_FILE_NAME value (#4849) 2023-11-15 06:10:36 +00:00
SECURITY.md Bump textlint-rule-terminology from 3.0.1 to 3.0.3 in /dependencies (#3247) 2022-09-28 18:27:12 +02:00

Super-Linter

This repository is for the GitHub Action to run a Super-Linter. It is a simple combination of various linters, written in bash, to help validate your source code.

The end goal of this tool:

  • Prevent broken code from being uploaded to the default branch (Usually master or main)
  • Help establish coding best practices across multiple languages
  • Build guidelines for code layout and format
  • Automate the process to help streamline code reviews

Table of Contents

How it Works

The super-linter finds issues and reports them to the console output. Fixes are suggested in the console output but not automatically fixed, and a status check will show up as failed on the pull request.

The design of the Super-Linter is currently to allow linting to occur in GitHub Actions as a part of continuous integration occurring on pull requests as the commits get pushed. It works best when commits are being pushed early and often to a branch with an open or draft pull request. There is some desire to move this closer to local development for faster feedback on linting errors but this is not yet supported.

Supported Linters

Developers on GitHub can call the GitHub Action to lint their codebase with the following list of linters:

Language Linter
Ansible ansible-lint
AWS CloudFormation templates cfn-lint
Azure Resource Manager (ARM) arm-ttk
C++ cpp-lint / clang-format
C# dotnet format / clang-format
CSS stylelint
Clojure clj-kondo
CoffeeScript coffeelint
Copy/paste detection jscpd
Dart dartanalyzer
Dockerfile hadolint
EditorConfig editorconfig-checker
ENV dotenv-linter
Gherkin gherkin-lint
GitHub Actions actionlint
Golang golangci-lint
Groovy npm-groovy-lint
HTML HTMLHint
Java checkstyle / google-java-format
JavaScript ESLint / standard js
JSON eslint-plugin-json
JSONC eslint-plugin-jsonc
Kubernetes kubeconform
Kotlin ktlint
LaTeX ChkTex
Lua luacheck
Markdown markdownlint
Natural language textlint
OpenAPI spectral
Perl perlcritic
PHP PHP built-in linter / PHP CodeSniffer / PHPStan / Psalm
PowerShell PSScriptAnalyzer
Protocol Buffers protolint
Python3 pylint / flake8 / black / isort
R lintr
Raku Raku
Renovate renovate-config-validator
Ruby RuboCop
Rust Rustfmt / Clippy
Scala scalafmt
Secrets GitLeaks
Shell ShellCheck / executable bit check / shfmt
Snakemake snakefmt / snakemake --lint
SQL sql-lint / sqlfluff
Tekton tekton-lint
Terraform fmt / tflint / terrascan
Terragrunt terragrunt
TypeScript ESLint / standard js
XML LibXML
YAML YamlLint

How to use

More in-depth tutorial available

To use this GitHub Action you will need to complete the following:

  1. Create a new file in your repository called .github/workflows/linter.yml
  2. Copy the example workflow from below into that new file, no extra configuration required
  3. Commit that file to a new branch
  4. Open up a pull request and observe the action working
  5. Enjoy your more stable, and cleaner codebase
  6. Check out the Wiki for customization options

NOTE: If you pass the Environment variable GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} in your workflow, then the GitHub Super-Linter will mark the status of each individual linter run in the Checks section of a pull request. Without this you will only see the overall status of the full run. There is no need to set the GitHub Secret as it is automatically set by GitHub, it only needs to be passed to the action.

Example connecting GitHub Action Workflow

In your repository you should have a .github/workflows folder with GitHub Action similar to below:

This file should have the following code:

---
#################################
#################################
## Super Linter GitHub Actions ##
#################################
#################################
name: Lint Code Base

#############################
# Start the job on all push #
#############################
on:
  push:
    branches-ignore: [master, main]
    # Remove the line above to run when pushing to master or main
  pull_request:
    branches: [master, main]

###############
# Set the Job #
###############
jobs:
  build:
    # Name the Job
    name: Lint Code Base
    # Set the agent to run on
    runs-on: ubuntu-latest

    ############################################
    # Grant status permission for MULTI_STATUS #
    ############################################
    permissions:
      contents: read
      packages: read
      statuses: write

    ##################
    # Load all steps #
    ##################
    steps:
      ##########################
      # Checkout the code base #
      ##########################
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          # Full git history is needed to get a proper
          # list of changed files within `super-linter`
          fetch-depth: 0

      ################################
      # Run Linter against code base #
      ################################
      - name: Lint Code Base
        uses: super-linter/super-linter@v5
        env:
          VALIDATE_ALL_CODEBASE: false
          DEFAULT_BRANCH: main
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Add Super-Linter badge in your repository README

You can show Super-Linter status with a badge in your repository README

GitHub Super-Linter

Format:

[![GitHub Super-Linter](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE_NAME>/badge.svg)](https://github.com/marketplace/actions/super-linter)

Example:

[![GitHub Super-Linter](https://github.com/super-linter/super-linter/actions/workflows/ci.yml/badge.svg)](https://github.com/marketplace/actions/super-linter)

Images

The GitHub Super-Linter now builds and supports multiple images. We have found as we added more linters, the image size expanded drastically. After further investigation, we were able to see that a few linters were very disk heavy. We removed those linters and created the slim image. This allows users to choose which Super-Linter they want to run and potentially speed up their build time. The available images:

  • super-linter/super-linter:v5
  • super-linter/super-linter:slim-v5

Standard Image

The standard super-linter/super-linter:v5 comes with all supported linters. Example usage:

################################
# Run Linter against code base #
################################
- name: Lint Code Base
  uses: super-linter/super-linter@v5
  env:
    VALIDATE_ALL_CODEBASE: false
    DEFAULT_BRANCH: main
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Slim Image

The slim super-linter/super-linter:slim-v5 comes with all supported linters but removes the following:

  • rust linters
  • dotenv linters
  • armttk linters
  • pwsh linters
  • c# linters

By removing these linters, we were able to bring the image size down by 2gb and drastically speed up the build and download time. The behavior will be the same for non-supported languages, and will skip languages at run time. Example usage:

################################
# Run Linter against code base #
################################
- name: Lint Code Base
  uses: super-linter/super-linter/slim@v5
  env:
    VALIDATE_ALL_CODEBASE: false
    DEFAULT_BRANCH: main
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Environment variables

The super-linter allows you to pass the following ENV variables to be able to trigger different functionality.

Note: All the VALIDATE_[LANGUAGE] variables behave in a very specific way:

  • If none of them are passed, then they all default to true.
  • If any one of the variables are set to true, we default to leaving any unset variable to false (only validate those languages).
  • If any one of the variables are set to false, we default to leaving any unset variable to true (only exclude those languages).
  • If there are VALIDATE_[LANGUAGE] variables set to both true and false. It will fail.

This means that if you run the linter "out of the box", all languages will be checked. But if you wish to select or exclude specific linters, we give you full control to choose which linters are run, and won't run anything unexpected.

ENV VAR Default Value Notes
ACTIONS_RUNNER_DEBUG false Flag to enable additional information about the linter, versions, and additional output.
ANSIBLE_CONFIG_FILE .ansible-lint.yml Filename for Ansible-lint configuration (ex: .ansible-lint, .ansible-lint.yml)
ANSIBLE_DIRECTORY /ansible Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE.
BASH_SEVERITY style Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style.
CREATE_LOG_FILE false If set to true, it creates the log file. You can set the log filename using the LOG_FILE environment variable.
CSS_FILE_NAME .stylelintrc.json Filename for Stylelint configuration (ex: .stylelintrc.yml, .stylelintrc.yaml)
DEFAULT_BRANCH master The name of the repository default branch.
DEFAULT_WORKSPACE /tmp/lint The location containing files to lint if you are running locally.
DISABLE_ERRORS false Flag to have the linter complete with exit code 0 even if errors were detected.
DOCKERFILE_HADOLINT_FILE_NAME .hadolint.yaml Filename for hadolint configuration (ex: .hadolintlintrc.yaml)
EDITORCONFIG_FILE_NAME .ecrc Filename for editorconfig-checker configuration
ERROR_ON_MISSING_EXEC_BIT false If set to false, the bash-exec linter will report a warning if a shell script is not executable. If set to true, the bash-exec linter will report an error instead.
EXPERIMENTAL_BATCH_WORKER false Flag to enable experimental parallel and batched worker. As of current only eslint and cfn-lint are supported, if there is no support, original version is used as fallback
FILTER_REGEX_EXCLUDE none Regular expression defining which files will be excluded from linting (ex: .*src/test.*)
FILTER_REGEX_INCLUDE all Regular expression defining which files will be processed by linters (ex: .*src/.*)
GITHUB_ACTIONS_CONFIG_FILE actionlint.yml Filename for Actionlint configuration (ex: actionlint.yml)
GITHUB_ACTIONS_COMMAND_ARGS null Additional arguments passed to actionlint command. Useful to ignore some errors
GITHUB_CUSTOM_API_URL https://api.github.com Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. https://github.myenterprise.com/api/v3
GITHUB_DOMAIN github.com Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. github.myenterprise.com
GITLEAKS_CONFIG_FILE .gitleaks.toml Filename for GitLeaks configuration (ex: .gitleaks.toml)
IGNORE_GENERATED_FILES false If set to true, super-linter will ignore all the files with @generated marker but without @not-generated marker.
IGNORE_GITIGNORED_FILES false If set to true, super-linter will ignore all the files that are ignored by Git.
JAVA_FILE_NAME sun_checks.xml Filename for Checkstyle configuration (ex: checkstyle.xml)
JAVASCRIPT_DEFAULT_STYLE standard Flag to set the default style of JavaScript. Available options: standard/prettier
JAVASCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
JSCPD_CONFIG_FILE .jscpd.json Filename for JSCPD configuration
KUBERNETES_KUBECONFORM_OPTIONS null Additional arguments to pass to the command-line when running Kubernetes Kubeconform (Example: --ignore-missing-schemas)
LINTER_RULES_PATH .github/linters Directory for all linter configuration rules.
LOG_FILE super-linter.log The filename for outputting logs. All output is sent to the log file regardless of LOG_LEVEL.
LOG_LEVEL VERBOSE How much output the script will generate to the console. One of ERROR, WARN, NOTICE, VERBOSE, DEBUG or TRACE.
MARKDOWN_CONFIG_FILE .markdown-lint.yml Filename for Markdownlint configuration (ex: .markdown-lint.yml, .markdownlint.json, .markdownlint.yaml)
MARKDOWN_CUSTOM_RULE_GLOBS .markdown-lint/rules,rules/** Comma-separated list of file globs matching custom Markdownlint rule files.
MULTI_STATUS true A status API is made for each language that is linted to make visual parsing easier.
NATURAL_LANGUAGE_CONFIG_FILE .textlintrc Filename for textlint configuration (ex: .textlintrc)
PERL_PERLCRITIC_OPTIONS null Additional arguments to pass to the command-line when running perlcritic (Example: --theme community)
PHP_CONFIG_FILE php.ini Filename for PHP Configuration (ex: php.ini)
PHP_PHPCS_FILE_NAME phpcs.xml Filename for PHP CodeSniffer (ex: .phpcs.xml, .phpcs.xml.dist)
PROTOBUF_CONFIG_FILE .protolintrc.yml Filename for protolint configuration (ex: .protolintrc.yml)
PYTHON_BLACK_CONFIG_FILE .python-black Filename for black configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_FLAKE8_CONFIG_FILE .flake8 Filename for flake8 configuration (ex: .flake8, tox.ini)
PYTHON_ISORT_CONFIG_FILE .isort.cfg Filename for isort configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_MYPY_CONFIG_FILE .mypy.ini Filename for mypy configuration (ex: .mypy.ini, setup.config)
PYTHON_PYLINT_CONFIG_FILE .python-lint Filename for pylint configuration (ex: .python-lint, .pylintrc)
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES `` Comma-separated filenames for renovate shareable config preset (ex: default.json)
RUBY_CONFIG_FILE .ruby-lint.yml Filename for rubocop configuration (ex: .ruby-lint.yml, .rubocop.yml)
SCALAFMT_CONFIG_FILE .scalafmt.conf Filename for scalafmt configuration (ex: .scalafmt.conf)
SNAKEMAKE_SNAKEFMT_CONFIG_FILE .snakefmt.toml Filename for Snakemake configuration (ex: pyproject.toml, .snakefmt.toml)
SSL_CERT_SECRET none SSL cert to add to the Super-Linter trust store. This is needed for users on self-hosted runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }})
SSH_KEY none SSH key that has access to your private repositories
SSH_SETUP_GITHUB false If set to true, adds the github.com SSH key to known_hosts. This is ignored if SSH_KEY is provided - i.e. the github.com SSH key is always added if SSH_KEY is provided
SSH_INSECURE_NO_VERIFY_GITHUB_KEY false INSECURE - If set to true, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended!
SQL_CONFIG_FILE .sql-config.json Filename for SQL-Lint configuration (ex: sql-config.json , .config.json)
SQLFLUFF_CONFIG_FILE /.sqlfluff Filename for SQLFLUFF configuration (ex: /.sqlfluff, pyproject.toml)
SUPPRESS_FILE_TYPE_WARN false If set to true, will hide warning messages about files without their proper extensions. Default is false
SUPPRESS_POSSUM false If set to true, will hide the ASCII possum at top of log output. Default is false
TERRAFORM_TERRASCAN_CONFIG_FILE terrascan.toml Filename for terrascan configuration (ex: terrascan.toml)
TERRAFORM_TFLINT_CONFIG_FILE .tflint.hcl Filename for tfLint configuration (ex: .tflint.hcl)
TYPESCRIPT_DEFAULT_STYLE ts-standard Flag to set the default style of TypeScript. Available options: ts-standard/prettier
TYPESCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
TYPESCRIPT_STANDARD_TSCONFIG_FILE tsconfig.json Filename for TypeScript configuration in ts-standard (ex: tsconfig.json, tsconfig.eslint.json)
USE_FIND_ALGORITHM false By default, we use git diff to find all files in the workspace and what has been updated, this would enable the Linux find method instead to find all files to lint
VALIDATE_ALL_CODEBASE true Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation.
VALIDATE_JSCPD_ALL_CODEBASE false If set to true, will lint the whole codebase with JSCPD. If set to false, JSCPD will only lint files one by one.
VALIDATE_ANSIBLE true Flag to enable or disable the linting process of the Ansible language.
VALIDATE_ARM true Flag to enable or disable the linting process of the ARM language.
VALIDATE_BASH true Flag to enable or disable the linting process of the Bash language.
VALIDATE_BASH_EXEC true Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable.
VALIDATE_CPP true Flag to enable or disable the linting process of the C++ language.
VALIDATE_CLANG_FORMAT true Flag to enable or disable the linting process of the C++/C language with clang-format.
VALIDATE_CLOJURE true Flag to enable or disable the linting process of the Clojure language.
VALIDATE_CLOUDFORMATION true Flag to enable or disable the linting process of the AWS Cloud Formation language.
VALIDATE_COFFEESCRIPT true Flag to enable or disable the linting process of the Coffeescript language.
VALIDATE_CSHARP true Flag to enable or disable the linting process of the C# language.
VALIDATE_CSS true Flag to enable or disable the linting process of the CSS language.
VALIDATE_DART true Flag to enable or disable the linting process of the Dart language.
VALIDATE_DOCKERFILE_HADOLINT true Flag to enable or disable the linting process of the Docker language.
VALIDATE_EDITORCONFIG true Flag to enable or disable the linting process with the EditorConfig.
VALIDATE_ENV true Flag to enable or disable the linting process of the ENV language.
VALIDATE_GHERKIN true Flag to enable or disable the linting process of the Gherkin language.
VALIDATE_GITHUB_ACTIONS true Flag to enable or disable the linting process of the GitHub Actions.
VALIDATE_GITLEAKS true Flag to enable or disable the linting process of the secrets.
VALIDATE_GO true Flag to enable or disable the linting process of the Golang language.
VALIDATE_GOOGLE_JAVA_FORMAT true Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format)
VALIDATE_GROOVY true Flag to enable or disable the linting process of the language.
VALIDATE_HTML true Flag to enable or disable the linting process of the HTML language.
VALIDATE_JAVA true Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle)
VALIDATE_JAVASCRIPT_ES true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint)
VALIDATE_JAVASCRIPT_STANDARD true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard)
VALIDATE_JSCPD true Flag to enable or disable the JSCPD.
VALIDATE_JSON true Flag to enable or disable the linting process of the JSON language.
VALIDATE_JSX true Flag to enable or disable the linting process for jsx files (Utilizing: ESLint)
VALIDATE_KOTLIN true Flag to enable or disable the linting process of the Kotlin language.
VALIDATE_KOTLIN_ANDROID true Flag to enable or disable the linting process of the Kotlin language. (Utilizing: ktlint --android)
VALIDATE_KUBERNETES_KUBECONFORM true Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform
VALIDATE_LATEX true Flag to enable or disable the linting process of the LaTeX language.
VALIDATE_LUA true Flag to enable or disable the linting process of the language.
VALIDATE_MARKDOWN true Flag to enable or disable the linting process of the Markdown language.
VALIDATE_NATURAL_LANGUAGE true Flag to enable or disable the linting process of the natural language.
VALIDATE_OPENAPI true Flag to enable or disable the linting process of the OpenAPI language.
VALIDATE_PERL true Flag to enable or disable the linting process of the Perl language.
VALIDATE_PHP true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility)
VALIDATE_PHP_BUILTIN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter)
VALIDATE_PHP_PHPCS true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer)
VALIDATE_PHP_PHPSTAN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan)
VALIDATE_PHP_PSALM true Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm)
VALIDATE_POWERSHELL true Flag to enable or disable the linting process of the Powershell language.
VALIDATE_PROTOBUF true Flag to enable or disable the linting process of the Protobuf language.
VALIDATE_PYTHON true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility)
VALIDATE_PYTHON_BLACK true Flag to enable or disable the linting process of the Python language. (Utilizing: black)
VALIDATE_PYTHON_FLAKE8 true Flag to enable or disable the linting process of the Python language. (Utilizing: flake8)
VALIDATE_PYTHON_ISORT true Flag to enable or disable the linting process of the Python language. (Utilizing: isort)
VALIDATE_PYTHON_MYPY true Flag to enable or disable the linting process of the Python language. (Utilizing: mypy)
VALIDATE_PYTHON_PYLINT true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint)
VALIDATE_R true Flag to enable or disable the linting process of the R language.
VALIDATE_RAKU true Flag to enable or disable the linting process of the Raku language.
VALIDATE_RENOVATE true Flag to enable or disable the linting process of the Renovate configuration files.
VALIDATE_RUBY true Flag to enable or disable the linting process of the Ruby language.
VALIDATE_RUST_2015 true Flag to enable or disable the linting process of the Rust language. (edition: 2015)
VALIDATE_RUST_2018 true Flag to enable or disable the linting process of Rust language. (edition: 2018)
VALIDATE_RUST_2021 true Flag to enable or disable the linting process of Rust language. (edition: 2021)
VALIDATE_RUST_CLIPPY true Flag to enable or disable the clippy linting process of Rust language.
VALIDATE_SCALAFMT true Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test)
VALIDATE_SHELL_SHFMT true Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt)
VALIDATE_SNAKEMAKE_LINT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint)
VALIDATE_SNAKEMAKE_SNAKEFMT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt)
VALIDATE_STATES true Flag to enable or disable the linting process for AWS States Language.
VALIDATE_SQL true Flag to enable or disable the linting process of the SQL language.
VALIDATE_SQLFLUFF true Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff)
VALIDATE_TEKTON true Flag to enable or disable the linting process of the Tekton language.
VALIDATE_TERRAFORM_FMT true Flag to enable or disable the formatting process of the Terraform files.
VALIDATE_TERRAFORM_TERRASCAN true Flag to enable or disable the linting process of the Terraform language for security related issues.
VALIDATE_TERRAFORM_TFLINT true Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint)
VALIDATE_TERRAGRUNT true Flag to enable or disable the linting process for Terragrunt files.
VALIDATE_TSX true Flag to enable or disable the linting process for tsx files (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_ES true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_STANDARD true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard)
VALIDATE_XML true Flag to enable or disable the linting process of the XML language.
VALIDATE_YAML true Flag to enable or disable the linting process of the YAML language.
YAML_CONFIG_FILE .yaml-lint.yml Filename for Yamllint configuration (ex: .yaml-lint.yml, .yamllint.yml)
YAML_ERROR_ON_WARNING false Flag to enable or disable the error on warning for Yamllint.

Template rules files

You can use the GitHub Super-Linter with or without your own personal rules sets. This allows for greater flexibility for each individual codebase. The Template rules all try to follow the standards we believe should be enabled at the basic level.

  • Copy any or all template rules files from TEMPLATES/ into the .github/linters/ directory of your repository, and modify them to suit your needs.

Using your own rules files

If your repository contains your own rules files that live outside of a .github/linters/ directory, you will have to tell Super-Linter where your rules files are located in your repository, and what their filenames are. To learn more, see Using your own rules files.

Disabling rules

If you need to disable certain rules and functionality, you can view Disable Rules

Using your own SSH key

If you need to add your own SSH key to the linter because of private dependencies, you can use the SSH_KEY environment variable. The value of that environment variable should be an SSH private key that has access to your private repositories.

You should add this key as an Encrypted Secret and access it with the secrets parameter.

Example workflow:

---
#################################
#################################
## Super Linter GitHub Actions ##
#################################
#################################
name: Lint Code Base

#############################
# Start the job on all push #
#############################
on:
  push:
    branches-ignore: [master, main]
    # Remove the line above to run when pushing to master or main
  pull_request:
    branches: [master, main]

###############
# Set the Job #
###############
jobs:
  build:
    # Name the Job
    name: Lint Code Base
    # Set the agent to run on
    runs-on: ubuntu-latest

    ##################
    # Load all steps #
    ##################
    steps:
      ##########################
      # Checkout the code base #
      ##########################
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          # Full git history is needed to get a proper list of changed files within `super-linter`
          fetch-depth: 0

      ################################
      # Run Linter against code base #
      ################################
      - name: Lint Code Base
        uses: super-linter/super-linter@v5
        env:
          VALIDATE_ALL_CODEBASE: false
          DEFAULT_BRANCH: main
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

Filter linted files

If you need to lint only a folder or exclude some files from linting, you can use optional environment parameters FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE

Examples:

  • Lint only src folder: FILTER_REGEX_INCLUDE: .*src/.*
  • Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*
  • Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js

Additionally when IGNORE_GENERATED_FILES=true, super-linter ignores any file with @generated marker in it unless the file also has @not-generated marker. @generated marker is used by Facebook and some other projects to mark generated files. For example, this file is considered generated:

#!/bin/sh
echo "@generated"

And this file is considered not generated:

#!/bin/sh
echo "@generated" # @not-generated

Run Super-Linter outside GitHub Actions

Local (troubleshooting/debugging/enhancements)

If you find that you need to run super-linter locally, you can follow the documentation at Running super-linter locally

Check out the note in How it Works to understand more about the Super-Linter linting locally versus via continuous integration.

Azure

Check out this article

GitLab

Check out this snippet and this Guided Exploration: GitLab CI CD Extension for Super-Linter

Codespaces and Visual Studio Code

You can checkout this repository using GitHub Codespaces and Container Remote Development, and debug the linter using the Test Linter task. Example

SSL Certs

If you need to inject a SSL cert into the trust store, you will need to first copy the cert to GitHub Secrets Once you have copied the plain text certificate into GitHub Secrets, you can use the variable SSL_CERT_SECRET to point the Super-Linter to the files contents. Once found, it will load the certificate contents to a file, and to the trust store.

  • Example workflow:
- name: Lint Code Base
  uses: super-linter/super-linter@v5
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}

Limitations

Below are a list of the known limitations for the GitHub Super-Linter:

  • Due to being completely packaged at runtime, you will not be able to update dependencies or change versions of the enclosed linters and binaries
  • Additional details from package.json are not read by the GitHub Super-Linter
  • Downloading additional codebases as dependencies from private repositories will fail due to lack of permissions

How to contribute

If you would like to help contribute to this GitHub Action, please see CONTRIBUTING


License