Combination of multiple linters to install as a GitHub Action
Find a file
Marco Ferrari 48d5391b7b
fix!: remove sql-lint (#5991)
sql-lint is unmaintained, and its dependencies are impacted by several
vulnerabilities.
2024-08-14 17:30:46 +02:00
.devcontainer chore: mount the whole lib dir in the devcontainer (#5984) 2024-08-08 09:16:03 +02:00
.github chore(main): release 6.9.0 (#5943) 2024-08-14 14:00:33 +00:00
.vscode ci: update devcontainer definition (#5132) 2024-01-30 12:09:46 +01:00
dependencies fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
dev-dependencies ci(dev-docker): bump node in /dev-dependencies (#6011) 2024-08-13 14:51:27 +00:00
docs fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
lib fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
scripts fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
slim chore(main): release 6.9.0 (#5943) 2024-08-14 14:00:33 +00:00
TEMPLATES fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
test fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
.dockerignore Ignore .git and symlink .dockerignore 2020-09-26 00:47:15 +02:00
.editorconfig Build process improvements (#3367) 2022-09-28 08:45:01 -05:00
.gitattributes Fix editorconfig-checker errors 2020-11-05 23:21:41 +01:00
.gitignore feat: local fix mode (#5978) 2024-08-07 15:36:16 +02:00
action.yml chore(main): release 6.9.0 (#5943) 2024-08-14 14:00:33 +00:00
CHANGELOG.md chore(main): release 6.9.0 (#5943) 2024-08-14 14:00:33 +00:00
CODE_OF_CONDUCT.md Bump textlint-rule-terminology from 4.0.0 to 4.0.1 in /dependencies (#4839) 2023-11-27 09:15:09 +00:00
Dockerfile deps(docker): bump scalameta/scalafmt from v3.8.2 to v3.8.3 (#5932) 2024-08-14 10:41:54 +00:00
LICENSE Change to MIT license 2020-04-28 11:29:02 -07:00
Makefile feat: allow customizing gitleaks log level (#5993) 2024-08-14 14:54:16 +02:00
README.md fix!: remove sql-lint (#5991) 2024-08-14 17:30:46 +02:00
SECURITY.md Update documentation (#4981) 2023-12-11 21:35:20 +00:00
version.txt chore(main): release 6.9.0 (#5943) 2024-08-14 14:00:33 +00:00

Super-Linter

Super-linter is a ready-to-run collection of linters and code analyzers, to help validate and fix your source code.

The goal of super-linter is to help you establish best practices and consistent formatting across multiple programming languages, and ensure developers are adhering to those conventions.

Super-linter analyzes source code files using several tools, and reports the issues that those tools find as console output, and as GitHub Actions status checks. You can also run super-linter outside GitHub Actions.

Super-linter can also help you fix linting and formatting issues.

Super-linter is licensed under an MIT License.

Super-Linter

Here are some notable Super-linter features:

  • MIT License: Super-linter is licensed under a MIT License.
  • Independent project: Super-linter is maintained by a team of independent developers and is not commercially backed by any entity that might influence the course of the project.
  • Widely used: Super-linter is the most widely used and forked project of this kind.
  • Runs linters in parallel: Since v6, Super-linter parallelizes running all the included linters, leading to scanning massive code repositories in seconds.
  • Highly curated set of linters: Avoid including linters that implement overlapping checks, reducing bloat, scanning times, and container image size.
  • Run on GitHub Actions or other environments: Super-linter runs on GitHub Actions and other runtime environments, with the only dependency of an OCI-compatible container runtime engine, such as Docker.
  • Lean codebase: Super-linter doesn't reinvent the wheel, and builds on top of established tools and standards, such as GNU Parallel.
  • Extensive test suite: Super-linter includes an extensive test suite that covers every single linter and analyzer that Super-linter ships.
  • Original design: to the best of our knowledge, Super-linter is the first open-source, fully-containerized linting suite. Other projects borrow ideas and design choices from Super-linter (and we're cool with that :).

Supported linters and code analyzers

Super-linter supports the following tools:

Language Linter
Ansible ansible-lint
AWS CloudFormation templates cfn-lint
Azure Resource Manager (ARM) arm-ttk
C++ cpp-lint / clang-format
C# dotnet format / clang-format
CSS stylelint
Clojure clj-kondo
CoffeeScript coffeelint
Copy/paste detection jscpd
Dart dartanalyzer
Dockerfile hadolint
EditorConfig editorconfig-checker
ENV dotenv-linter
Gherkin gherkin-lint
GitHub Actions actionlint
Golang golangci-lint
GoReleaser GoReleaser
Groovy npm-groovy-lint
HTML HTMLHint
Java checkstyle / google-java-format
JavaScript ESLint / standard js
JSON eslint-plugin-json
JSONC eslint-plugin-jsonc
Infrastructure as code Checkov
Kubernetes kubeconform
Kotlin ktlint
LaTeX ChkTex
Lua luacheck
Markdown markdownlint
Natural language textlint
OpenAPI spectral
Perl perlcritic
PHP PHP built-in linter / PHP CodeSniffer / PHPStan / Psalm
PowerShell PSScriptAnalyzer
Protocol Buffers protolint
Python3 pylint / flake8 / black / isort / ruff
R lintr
Raku Raku
Renovate renovate-config-validator
Ruby RuboCop
Rust Rustfmt / Clippy
Scala scalafmt
Secrets GitLeaks
Shell ShellCheck / executable bit check / shfmt
Snakemake snakefmt / snakemake --lint
SQL sqlfluff
Tekton tekton-lint
Terraform fmt / tflint / terrascan
Terragrunt terragrunt
TypeScript ESLint / standard js
XML LibXML
YAML YamlLint

Get started

More in-depth tutorial available

To run super-linter as a GitHub Action, you do the following:

  1. Create a new GitHub Actions workflow in your repository with the following content:

    ---
    name: Lint
    
    on:  # yamllint disable-line rule:truthy
      push: null
      pull_request: null
    
    permissions: { }
    
    jobs:
      build:
        name: Lint
        runs-on: ubuntu-latest
    
        permissions:
          contents: read
          packages: read
          # To report GitHub Actions status checks
          statuses: write
    
        steps:
          - name: Checkout code
            uses: actions/checkout@v4
            with:
              # super-linter needs the full git history to get the
              # list of files that changed across commits
              fetch-depth: 0
    
          - name: Super-linter
            uses: super-linter/super-linter@v6.9.0  # x-release-please-version
            env:
              # To report GitHub Actions status checks
              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    ...
    
  2. Commit that file to a new branch.

  3. Push the new commit to the remote repository.

  4. Create a new pull request to observe the results.

Upgrade to newer super-linter versions

For more information about upgrading super-linter to a new major version, see the upgrade guide.

Add Super-Linter badge in your repository readme

You can show Super-Linter status with a badge in your repository readme:

Example:

[![Super-Linter](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE_NAME>/badge.svg)](https://github.com/marketplace/actions/super-linter)

For more information, see Adding a workflow status badge.

Super-linter variants

Super-Linter provides several variants:

  • standard: super-linter/super-linter@[VERSION]: includes all supported linters.

  • slim: super-linter/super-linter/slim@[VERSION]: includes all supported linters except:

    • rust linters
    • armttk linters
    • pwsh linters
    • c# linters

Configure Super-linter

You can configure Super-linter using the following environment variables:

Environment variable Default Value Description
ANSIBLE_CONFIG_FILE .ansible-lint.yml Filename for Ansible-lint configuration (ex: .ansible-lint, .ansible-lint.yml)
ANSIBLE_DIRECTORY /ansible Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE.
BASH_EXEC_IGNORE_LIBRARIES false If set to true, shell files with a file extension and no shebang line are ignored when checking if the executable bit is set.
BASH_FILE_NAME .shellcheckrc Filename for Shellcheck
BASH_SEVERITY Shellcheck default severity Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style.
CHECKOV_FILE_NAME .checkov.yaml Configuration filename for Checkov.
CLANG_FORMAT_FILE_NAME .clang-format Configuration filename for clang-format.
CREATE_LOG_FILE false If set to true, it creates the log file. You can set the log filename using the LOG_FILE environment variable. This overrides any existing log files.
CSS_FILE_NAME .stylelintrc.json Filename for Stylelint configuration (ex: .stylelintrc.yml, .stylelintrc.yaml)
DEFAULT_BRANCH Default repository branch when running on GitHub Actions, master otherwise The name of the repository default branch. There's no need to configure this variable when running on GitHub Actions
DEFAULT_WORKSPACE /tmp/lint The location containing files to lint if you are running locally. Defaults to GITHUB_WORKSPACE when running in GitHub Actions. There's no need to configure this variable when running on GitHub Actions.
DISABLE_ERRORS false Flag to have the linter complete with exit code 0 even if errors were detected.
DOCKERFILE_HADOLINT_FILE_NAME .hadolint.yaml Filename for hadolint configuration (ex: .hadolintlintrc.yaml)
EDITORCONFIG_FILE_NAME .ecrc Filename for editorconfig-checker configuration
ENABLE_GITHUB_ACTIONS_GROUP_TITLE false if RUN_LOCAL=true, true otherwise Flag to enable GitHub Actions log grouping.
ENABLE_GITHUB_ACTIONS_STEP_SUMMARY false if RUN_LOCAL=true, true otherwise Flag to enable GitHub Actions job summary for the Super-linter action. For more information, see Summary outputs.
FILTER_REGEX_EXCLUDE not set Regular expression defining which files will be excluded from linting (ex: .*src/test.*). Not setting this variable means to process all files.
FILTER_REGEX_INCLUDE not set Regular expression defining which files will be processed by linters (ex: .*src/.*). Not setting this variable means to process all files. FILTER_REGEX_INCLUDE is evaluated before FILTER_REGEX_EXCLUDE.
FIX_ANSIBLE false Option to enable fix mode for ANSIBLE.
FIX_CLANG_FORMAT false Option to enable fix mode for CLANG_FORMAT.
FIX_CSHARP false Option to enable fix mode for CSHARP.
FIX_CSS false Option to enable fix mode for CSS.
FIX_ENV false Option to enable fix mode for ENV.
FIX_GO false Option to enable fix mode for GO.
FIX_GO_MODULES false Option to enable fix mode for GO_MODULES.
FIX_GOOGLE_JAVA_FORMAT false Option to enable fix mode for GOOGLE_JAVA_FORMAT.
FIX_GROOVY false Option to enable fix mode for GROOVY.
FIX_JAVASCRIPT_ES false Option to enable fix mode for JAVASCRIPT_ES.
FIX_JAVASCRIPT_PRETTIER false Option to enable fix mode for JAVASCRIPT_PRETTIER.
FIX_JAVASCRIPT_STANDARD false Option to enable fix mode for JAVASCRIPT_STANDARD.
FIX_JSON false Option to enable fix mode for JSON.
FIX_JSONC false Option to enable fix mode for JSONC.
FIX_JSX false Option to enable fix mode for JSX.
FIX_MARKDOWN false Option to enable fix mode for MARKDOWN.
FIX_POWERSHELL false Option to enable fix mode for POWERSHELL.
FIX_PROTOBUF false Option to enable fix mode for PROTOBUF.
FIX_PYTHON_BLACK false Option to enable fix mode for PYTHON_BLACK.
FIX_PYTHON_ISORT false Option to enable fix mode for PYTHON_ISORT.
FIX_PYTHON_RUFF false Option to enable fix mode for PYTHON_RUFF.
FIX_RUBY false Option to enable fix mode for RUBY.
FIX_RUST_2015 false Option to enable fix mode for RUST_2015.
FIX_RUST_2018 false Option to enable fix mode for RUST_2018.
FIX_RUST_2021 false Option to enable fix mode for RUST_2021.
FIX_RUST_CLIPPY false Option to enable fix mode for RUST_CLIPPY. When FIX_RUST_CLIPPY is true, Clippy is allowed to fix issues in the workspace even if there are unstaged and staged changes in the workspace.
FIX_SCALAFMT false Option to enable fix mode for SCALAFMT.
FIX_SHELL_SHFMT false Option to enable fix mode for SHELL_SHFMT.
FIX_SNAKEMAKE_SNAKEFMT false Option to enable fix mode for SNAKEMAKE_SNAKEFMT.
FIX_SQLFLUFF false Option to enable fix mode for SQLFLUFF.
FIX_TERRAFORM_FMT false Option to enable fix mode for TERRAFORM_FMT.
FIX_TSX false Option to enable fix mode for TSX.
FIX_TYPESCRIPT_ES false Option to enable fix mode for TYPESCRIPT_ES.
FIX_TYPESCRIPT_PRETTIER false Option to enable fix mode for TYPESCRIPT_PRETTIER.
FIX_TYPESCRIPT_STANDARD false Option to enable fix mode for TYPESCRIPT_STANDARD.
GITHUB_ACTIONS_CONFIG_FILE actionlint.yml Filename for Actionlint configuration (ex: actionlint.yml)
GITHUB_ACTIONS_COMMAND_ARGS null Additional arguments passed to actionlint command. Useful to ignore some errors
GITHUB_CUSTOM_API_URL https://api.${GITHUB_DOMAIN} Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. https://github.myenterprise.com/api/v3
GITHUB_CUSTOM_SERVER_URL https://${GITHUB_DOMAIN}" Specify a custom GitHub server URL. Useful for GitHub Enterprise instances.
GITHUB_DOMAIN github.com Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. github.myenterprise.com. GITHUB_DOMAIN is a convenience configuration variable to automatically build GITHUB_CUSTOM_API_URL and GITHUB_CUSTOM_SERVER_URL.
GITLEAKS_CONFIG_FILE .gitleaks.toml Filename for GitLeaks configuration (ex: .gitleaks.toml)
GITLEAKS_LOG_LEVEL Gitleaks default log level Gitleaks log level. Defaults to the Gitleaks default log level.
IGNORE_GENERATED_FILES false If set to true, super-linter will ignore all the files with @generated marker but without @not-generated marker.
IGNORE_GITIGNORED_FILES false If set to true, super-linter will ignore all the files that are ignored by Git.
JAVA_FILE_NAME sun_checks.xml Filename for Checkstyle configuration. Checkstyle embeds several configuration files, such as sun_checks.xml, google_checks.xml that you can use without providing your own configuration file.
JAVASCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
JSCPD_CONFIG_FILE .jscpd.json Filename for JSCPD configuration
KUBERNETES_KUBECONFORM_OPTIONS null Additional arguments to pass to the command-line when running Kubernetes Kubeconform (Example: --ignore-missing-schemas)
LINTER_RULES_PATH .github/linters Directory for all linter configuration rules.
LOG_FILE super-linter.log The filename for outputting logs. Super-linter saves the log file to ${DEFAULT_WORKSPACE}/${LOG_FILE}.
LOG_LEVEL INFO How much output the script will generate to the console. One of ERROR, WARN, NOTICE, INFO, or DEBUG.
MARKDOWN_CONFIG_FILE .markdown-lint.yml Filename for Markdownlint configuration (ex: .markdown-lint.yml, .markdownlint.json, .markdownlint.yaml)
MARKDOWN_CUSTOM_RULE_GLOBS not set Comma-separated list of file globs matching custom Markdownlint rule files.
MULTI_STATUS true A status API is made for each language that is linted to make visual parsing easier.
NATURAL_LANGUAGE_CONFIG_FILE .textlintrc Filename for textlint configuration (ex: .textlintrc)
PERL_PERLCRITIC_OPTIONS null Additional arguments to pass to the command-line when running perlcritic (Example: --theme community)
POWERSHELL_CONFIG_FILE .powershell-psscriptanalyzer.psd1 Filename for PSScriptAnalyzer configuration
PHP_CONFIG_FILE php.ini Filename for PHP Configuration (ex: php.ini)
PHP_PHPCS_FILE_NAME phpcs.xml Filename for PHP CodeSniffer (ex: .phpcs.xml, .phpcs.xml.dist)
PHP_PHPSTAN_CONFIG_FILE phpstan.neon Filename for PHPStan Configuration (ex: phpstan.neon)
PROTOBUF_CONFIG_FILE .protolintrc.yml Filename for protolint configuration (ex: .protolintrc.yml)
PYTHON_BLACK_CONFIG_FILE .python-black Filename for black configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_FLAKE8_CONFIG_FILE .flake8 Filename for flake8 configuration (ex: .flake8, tox.ini)
PYTHON_ISORT_CONFIG_FILE .isort.cfg Filename for isort configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_MYPY_CONFIG_FILE .mypy.ini Filename for mypy configuration (ex: .mypy.ini, setup.config)
PYTHON_PYLINT_CONFIG_FILE .python-lint Filename for pylint configuration (ex: .python-lint, .pylintrc)
PYTHON_RUFF_CONFIG_FILE .ruff.toml Filename for ruff configuration
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES not set Comma-separated filenames for renovate shareable config preset (ex: default.json)
RUBY_CONFIG_FILE .ruby-lint.yml Filename for rubocop configuration (ex: .ruby-lint.yml, .rubocop.yml)
SAVE_SUPER_LINTER_OUTPUT false If set to true, Super-linter will save its output in the workspace. For more information, see Super-linter outputs.
SAVE_SUPER_LINTER_SUMMARY false If set to true, Super-linter will save a summary. For more information, see Summary outputs.
SCALAFMT_CONFIG_FILE .scalafmt.conf Filename for scalafmt configuration (ex: .scalafmt.conf)
SNAKEMAKE_SNAKEFMT_CONFIG_FILE .snakefmt.toml Filename for Snakemake configuration (ex: pyproject.toml, .snakefmt.toml)
SSL_CERT_SECRET none SSL cert to add to the Super-Linter trust store. This is needed for users on self-hosted runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }})
SSH_KEY none SSH key that has access to your private repositories
SSH_SETUP_GITHUB false If set to true, adds the github.com SSH key to known_hosts. This is ignored if SSH_KEY is provided - i.e. the github.com SSH key is always added if SSH_KEY is provided
SSH_INSECURE_NO_VERIFY_GITHUB_KEY false INSECURE - If set to true, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended!
SQLFLUFF_CONFIG_FILE /.sqlfluff Filename for SQLFLUFF configuration (ex: /.sqlfluff, pyproject.toml)
SUPER_LINTER_OUTPUT_DIRECTORY_NAME super-linter-output Name of the directory where super-linter saves its output.
SUPER_LINTER_SUMMARY_FILE_NAME super-linter-summary.md Name of the file where to save the summary output. For more information, see Summary outputs.
SUPPRESS_FILE_TYPE_WARN false If set to true, will hide warning messages about files without their proper extensions. Default is false
SUPPRESS_POSSUM false If set to true, will hide the ASCII possum at top of log output. Default is false
TERRAFORM_TERRASCAN_CONFIG_FILE terrascan.toml Filename for terrascan configuration (ex: terrascan.toml)
TERRAFORM_TFLINT_CONFIG_FILE .tflint.hcl Filename for tfLint configuration (ex: .tflint.hcl)
TYPESCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
TYPESCRIPT_STANDARD_TSCONFIG_FILE ${DEFAULT_WORKSPACE}/tsconfig.json Path to the TypeScript project configuration in ts-standard. The path is relative to DEFAULT_WORKSPACE
USE_FIND_ALGORITHM false By default, we use git diff to find all files in the workspace and what has been updated, this would enable the Linux find method instead to find all files to lint
VALIDATE_ALL_CODEBASE true Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation.
VALIDATE_ANSIBLE true Flag to enable or disable the linting process of the Ansible language.
VALIDATE_ARM true Flag to enable or disable the linting process of the ARM language.
VALIDATE_BASH true Flag to enable or disable the linting process of the Bash language.
VALIDATE_BASH_EXEC true Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable.
VALIDATE_CPP true Flag to enable or disable the linting process of the C++ language.
VALIDATE_CHECKOV true Flag to enable or disable the linting process with Checkov
VALIDATE_CLANG_FORMAT true Flag to enable or disable the linting process of the C++/C language with clang-format.
VALIDATE_CLOJURE true Flag to enable or disable the linting process of the Clojure language.
VALIDATE_CLOUDFORMATION true Flag to enable or disable the linting process of the AWS Cloud Formation language.
VALIDATE_COFFEESCRIPT true Flag to enable or disable the linting process of the CoffeeScript language.
VALIDATE_CSHARP true Flag to enable or disable the linting process of the C# language.
VALIDATE_CSS true Flag to enable or disable the linting process of the CSS language.
VALIDATE_DART true Flag to enable or disable the linting process of the Dart language.
VALIDATE_DOCKERFILE_HADOLINT true Flag to enable or disable the linting process of the Docker language.
VALIDATE_EDITORCONFIG true Flag to enable or disable the linting process with the EditorConfig.
VALIDATE_ENV true Flag to enable or disable the linting process of the ENV language.
VALIDATE_GHERKIN true Flag to enable or disable the linting process of the Gherkin language.
VALIDATE_GITHUB_ACTIONS true Flag to enable or disable the linting process of the GitHub Actions.
VALIDATE_GITLEAKS true Flag to enable or disable the linting process of the secrets.
VALIDATE_GO true Flag to enable or disable the linting process of the individual Golang files. Set this to false if you want to lint Go modules. See the VALIDATE_GO_MODULES variable.
VALIDATE_GO_MODULES true Flag to enable or disable the linting process of Go modules. Super-linter considers a directory to be a Go module if it contains a file named go.mod.
VALIDATE_GO_RELEASER true Flag to enable or disable the linting process of the GoReleaser config file.
VALIDATE_GOOGLE_JAVA_FORMAT true Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format)
VALIDATE_GROOVY true Flag to enable or disable the linting process of the language.
VALIDATE_HTML true Flag to enable or disable the linting process of the HTML language.
VALIDATE_JAVA true Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle)
VALIDATE_JAVASCRIPT_ES true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint)
VALIDATE_JAVASCRIPT_PRETTIER true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: prettier)
VALIDATE_JAVASCRIPT_STANDARD true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard)
VALIDATE_JSCPD true Flag to enable or disable JSCPD.
VALIDATE_JSON true Flag to enable or disable the linting process of the JSON language.
VALIDATE_JSONC true Flag to enable or disable the linting process of the JSONC and JSON5 languages.
VALIDATE_JSX true Flag to enable or disable the linting process for jsx files (Utilizing: ESLint)
VALIDATE_KOTLIN true Flag to enable or disable the linting process of the Kotlin language.
VALIDATE_KUBERNETES_KUBECONFORM true Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform
VALIDATE_LATEX true Flag to enable or disable the linting process of the LaTeX language.
VALIDATE_LUA true Flag to enable or disable the linting process of the language.
VALIDATE_MARKDOWN true Flag to enable or disable the linting process of the Markdown language.
VALIDATE_NATURAL_LANGUAGE true Flag to enable or disable the linting process of the natural language.
VALIDATE_OPENAPI true Flag to enable or disable the linting process of the OpenAPI language.
VALIDATE_PERL true Flag to enable or disable the linting process of the Perl language.
VALIDATE_PHP true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility)
VALIDATE_PHP_BUILTIN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter)
VALIDATE_PHP_PHPCS true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer)
VALIDATE_PHP_PHPSTAN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan)
VALIDATE_PHP_PSALM true Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm)
VALIDATE_POWERSHELL true Flag to enable or disable the linting process of the Powershell language.
VALIDATE_PROTOBUF true Flag to enable or disable the linting process of the Protobuf language.
VALIDATE_PYTHON true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility)
VALIDATE_PYTHON_BLACK true Flag to enable or disable the linting process of the Python language. (Utilizing: black)
VALIDATE_PYTHON_FLAKE8 true Flag to enable or disable the linting process of the Python language. (Utilizing: flake8)
VALIDATE_PYTHON_ISORT true Flag to enable or disable the linting process of the Python language. (Utilizing: isort)
VALIDATE_PYTHON_MYPY true Flag to enable or disable the linting process of the Python language. (Utilizing: mypy)
VALIDATE_PYTHON_PYLINT true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint)
VALIDATE_PYTHON_RUFF true Flag to enable or disable the linting process of the Python language. (Utilizing: ruff)
VALIDATE_R true Flag to enable or disable the linting process of the R language.
VALIDATE_RAKU true Flag to enable or disable the linting process of the Raku language.
VALIDATE_RENOVATE true Flag to enable or disable the linting process of the Renovate configuration files.
VALIDATE_RUBY true Flag to enable or disable the linting process of the Ruby language.
VALIDATE_RUST_2015 true Flag to enable or disable the linting process of the Rust language. (edition: 2015)
VALIDATE_RUST_2018 true Flag to enable or disable the linting process of Rust language. (edition: 2018)
VALIDATE_RUST_2021 true Flag to enable or disable the linting process of Rust language. (edition: 2021)
VALIDATE_RUST_CLIPPY true Flag to enable or disable the clippy linting process of Rust language.
VALIDATE_SCALAFMT true Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test)
VALIDATE_SHELL_SHFMT true Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt)
VALIDATE_SNAKEMAKE_LINT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint)
VALIDATE_SNAKEMAKE_SNAKEFMT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt)
VALIDATE_STATES true Flag to enable or disable the linting process for AWS States Language.
VALIDATE_SQLFLUFF true Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff)
VALIDATE_TEKTON true Flag to enable or disable the linting process of the Tekton language.
VALIDATE_TERRAFORM_FMT true Flag to enable or disable the formatting process of the Terraform files.
VALIDATE_TERRAFORM_TERRASCAN true Flag to enable or disable the linting process of the Terraform language for security related issues.
VALIDATE_TERRAFORM_TFLINT true Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint)
VALIDATE_TERRAGRUNT true Flag to enable or disable the linting process for Terragrunt files.
VALIDATE_TSX true Flag to enable or disable the linting process for tsx files (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_ES true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_PRETTIER true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: prettier)
VALIDATE_TYPESCRIPT_STANDARD true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard)
VALIDATE_XML true Flag to enable or disable the linting process of the XML language.
VALIDATE_YAML true Flag to enable or disable the linting process of the YAML language.
YAML_CONFIG_FILE .yaml-lint.yml Filename for Yamllint configuration (ex: .yaml-lint.yml, .yamllint.yml)
YAML_ERROR_ON_WARNING false Flag to enable or disable the error on warning for Yamllint.

The VALIDATE_[LANGUAGE] variables work as follows:

  • super-linter runs all supported linters by default.
  • If you set any of the VALIDATE_[LANGUAGE] variables to true, super-linter defaults to leaving any unset variable to false (only validate those languages).
  • If you set any of the VALIDATE_[LANGUAGE] variables to false, super-linter defaults to leaving any unset variable to true (only exclude those languages).
  • If you set any of the VALIDATE_[LANGUAGE] variables to both true and false, super-linter fails reporting an error.

For more information about reusing Super-linter configuration across environments, see Share Environment variables between environments.

Fix linting and formatting issues

All the linters and formatters that Super-linter runs report errors if they detect linting or formatting issues without modifying your source code (check only mode). Check only mode is the default for all linters and formatters that Super-linter runs.

Certain linters and formatters support automatically fixing issues in your code (fix mode). You can enable fix mode for a particular linter or formatter by setting the relevant FIX_<language name> variable to true. To know which linters and formatters support fix mode, refer to the Configure Super-linter section.

Setting a FIX_<language name> variable to true implies setting the corresponding VALIDATE_<language name> to true. Setting a FIX_<language name> variable to true and the corresponding VALIDATE_<language name> to false is a configuration error. Super-linter reports that as a fatal error.

Super-linter supports the following locations to deliver fixes:

  • In the current Super-linter workspace, so you can process the changes to your files by yourself. For example:

    • If you're running Super-linter in your CI environment, such as GitHub Actions, you can commit and push changes as part of your workflow.
    • If you're running Super-linter locally, you can commit the changes as you would with any other change in your working directory.

Fix mode for ansible-lint

ansible-lint requires that the yaml rule is enabled to for the ansible-lint fix mode to work. The default ansible-lint configuration that Super-linter ships disables the yaml rule because it might not be compatible with yamllint. If you need to enable the ansible-lint fix mode, provide an ansible-lint configuration that doesn't ignore the yaml rule.

Fix mode file and directory ownership

When fix mode is enabled, some linters and formatters don't maintain the original file or directory ownership, and use the user that Super-linter uses to run the linter or formatter.

Configure linters

Super-linter provides default configurations for some linters in the TEMPLATES/ directory. You can customize the configuration for the linters that support this by placing your own configuration files in the LINTER_RULES_PATH directory. LINTER_RULES_PATH is relative to the DEFAULT_WORKSPACE directory.

Super-linter supports customizing the name of these configuration files. For more information, refer to Configure super-linter.

For example, you can configure super-linter to load configuration files from the config/lint directory in your repository:

  env:
    LINTER_RULES_PATH: `config/lint`

Some of the linters that super-linter provides can be configured to disable certain rules or checks, and to ignore certain files or part of them.

For more information about how to configure each linter, review their own documentation.

Include or exclude files from checks

If you need to include or exclude directories from being checked, you can use two environment variables: FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE.

For example:

  • Lint only the src folder: FILTER_REGEX_INCLUDE: .*src/.*
  • Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*
  • Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js

Additionally, if you set IGNORE_GENERATED_FILES to true, super-linter ignores any file with @generated string in it, unless the file also has @not-generated marker. For example, super-linter considers a file with the following contents as generated:

#!/bin/sh
echo "@generated"

while considers this file as not generated:

#!/bin/sh
echo "@generated" # @not-generated

Finally, you can set IGNORE_GITIGNORED_FILES to true to ignore a file if Git ignores it too.

Run Super-Linter outside GitHub Actions

You don't need GitHub Actions to run super-linter. It supports several runtime environments.

Run using a container runtime engine

You can run super-linter outside GitHub Actions. For example, you can run super-linter from a shell:

docker run \
  -e LOG_LEVEL=DEBUG \
  -e RUN_LOCAL=true \
  -v /path/to/local/codebase:/tmp/lint \
  ghcr.io/super-linter/super-linter:latest

For more information, see Run super-linter outside GitHub Actions.

Use your own SSH key and certificate

If you need to use your own SSH key to authenticate against private repositories, you can use the SSH_KEY environment variable. The value of that environment variable is expected to be the private key of an SSH keypair that has access to your private repositories.

For example, you can configure this private key as an Encrypted Secret and access it with the secrets parameter from your GitHub Actions workflow:

  env:
    SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

If you need to inject a SSL certificate into the trust store, you can use the SSL_CERT_SECRET variable. The value of that variable is expected to be the path to the files that contains a CA that can be used to validate the certificate:

  env:
    SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}

Outputs

Super-linter supports generating several outputs, and also supports exposing the output of individual linters.

Summary outputs

Super-linter writes a summary of all the checks:

  • If SAVE_SUPER_LINTER_SUMMARY is set to true, Super-linter writes a summary to ${DEFAULT_WORKSPACE}/${SUPER_LINTER_OUTPUT_DIRECTORY_NAME}/${SUPER_LINTER_SUMMARY_FILE_NAME}.
  • If ENABLE_GITHUB_ACTIONS_STEP_SUMMARY is set to true, Super-linter writes a GitHub Actions job summary. Setting ENABLE_GITHUB_ACTIONS_STEP_SUMMARY to true, implies setting SAVE_SUPER_LINTER_SUMMARY to true.

The summary is in Markdown format. Super-linter supports the following formats:

  • Table (default)

The summary output of previous Super-linter runs is not preserved.

Super-linter outputs

If you set SAVE_SUPER_LINTER_OUTPUT to true, Super-linter saves its output to ${DEFAULT_WORKSPACE}/${SUPER_LINTER_OUTPUT_DIRECTORY_NAME}/super-linter, so you can further process it, if needed.

Most outputs are in JSON format.

The output of previous Super-linter runs is not preserved.

Linter reports and outputs

Some linters support configuring the format of their outputs for further processing. To get access to that output, enable it using the respective linter configuration file. If a linter requires a path for the output directory, you can use the value of the ${DEFAULT_WORKSPACE} variable.

If a linter doesn't support setting an arbitrary output path as described in the previous paragraph, but only supports emitting results to standard output or standard error streams, you can enable Super-linter outputs and parse them.

How to contribute

If you would like to help contribute to super-linter, see CONTRIBUTING.