Super-Linter

Super-linter is a ready-to-run collection of linters and code analyzers, to help validate your source code.

The goal of super-linter is to help you establish best practices and consistent formatting across multiple programming languages, and ensure developers are adhering to those conventions.

Super-linter analyzes source code files using several tools, and reports the issues that those tools find as console output, and as GitHub Actions status checks. You can also run super-linter outside GitHub Actions.

Super-linter is licensed under a MIT License.

Supported linters and code analyzers

Super-linter supports the following tools:

Language	Linter
Ansible	ansible-lint
AWS CloudFormation templates	cfn-lint
Azure Resource Manager (ARM)	arm-ttk
C++	cpp-lint / clang-format
C#	dotnet format / clang-format
CSS	stylelint
Clojure	clj-kondo
CoffeeScript	coffeelint
Copy/paste detection	jscpd
Dart	dartanalyzer
Dockerfile	hadolint
EditorConfig	editorconfig-checker
ENV	dotenv-linter
Gherkin	gherkin-lint
GitHub Actions	actionlint
Golang	golangci-lint
Groovy	npm-groovy-lint
HTML	HTMLHint
Java	checkstyle / google-java-format
JavaScript	ESLint / standard js
JSON	eslint-plugin-json
JSONC	eslint-plugin-jsonc
Infrastructure as code	Checkov
Kubernetes	kubeconform
Kotlin	ktlint
LaTeX	ChkTex
Lua	luacheck
Markdown	markdownlint
Natural language	textlint
OpenAPI	spectral
Perl	perlcritic
PHP	PHP built-in linter / PHP CodeSniffer / PHPStan / Psalm
PowerShell	PSScriptAnalyzer
Protocol Buffers	protolint
Python3	pylint / flake8 / black / isort
R	lintr
Raku	Raku
Renovate	renovate-config-validator
Ruby	RuboCop
Rust	Rustfmt / Clippy
Scala	scalafmt
Secrets	GitLeaks
Shell	ShellCheck / executable bit check / shfmt
Snakemake	snakefmt / snakemake --lint
SQL	sql-lint / sqlfluff
Tekton	tekton-lint
Terraform	fmt / tflint / terrascan
Terragrunt	terragrunt
TypeScript	ESLint / standard js
XML	LibXML
YAML	YamlLint

Get started

More in-depth tutorial available

To run super-linter as a GitHub Action, you do the following:

1. Create a new GitHub Actions workflow in your repository with the following content:

   ---
   name: Lint
   
   on:  # yamllint disable-line rule:truthy
     push: null
     pull_request: null
   
   jobs:
     build:
       name: Lint
       runs-on: ubuntu-latest
   
       permissions:
         contents: read
         packages: read
         # To report GitHub Actions status checks
         statuses: write
   
       steps:
         - name: Checkout code
           uses: actions/checkout@v4
   
         - name: Super-linter
           uses: super-linter/super-linter@v5.7.2  # x-release-please-version
           env:
             DEFAULT_BRANCH: main
             # To report GitHub Actions status checks
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   ...
   

2. Commit that file to a new branch.

3. Push the new commit to the remote repository.

4. Create a new pull request to observe the results.

Add Super-Linter badge in your repository README

You can show Super-Linter status with a badge in your repository README:

Example:

[![Super-Linter](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE_NAME>/badge.svg)](https://github.com/marketplace/actions/super-linter)

For more information, see Adding a workflow status badge.

Super-linter variants

Super-Linter provides several variants:

• standard: super-linter/super-linter:[VERSION]: includes all supported linters.

• slim: super-linter/super-linter:slim-[VERSION]: includes all supported linters except:

  • rust linters
  • dotenv linters
  • armttk linters
  • pwsh linters
  • c# linters

Configure super-linter

You can configure super-linter using the following environment variables:

Environment variable	Default Value	Description
ACTIONS_RUNNER_DEBUG	false	Flag to enable additional information about the linter, versions, and additional output.
ANSIBLE_CONFIG_FILE	.ansible-lint.yml	Filename for Ansible-lint configuration (ex: .ansible-lint, .ansible-lint.yml)
ANSIBLE_DIRECTORY	/ansible	Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE.
BASH_SEVERITY	style	Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style.
CHECKOV_FILE_NAME	.checkov.yaml	Configuration filename for Checkov.
CREATE_LOG_FILE	false	If set to true, it creates the log file. You can set the log filename using the LOG_FILE environment variable. This overrides any existing log files.
CSS_FILE_NAME	.stylelintrc.json	Filename for Stylelint configuration (ex: .stylelintrc.yml, .stylelintrc.yaml)
DEFAULT_BRANCH	master	The name of the repository default branch.
DEFAULT_WORKSPACE	/tmp/lint	The location containing files to lint if you are running locally. Defaults to GITHUB_WORKSPACE when running in GitHub Actions. There's no need to configure this variable when running in GitHub Actions.
DISABLE_ERRORS	false	Flag to have the linter complete with exit code 0 even if errors were detected.
DOCKERFILE_HADOLINT_FILE_NAME	.hadolint.yaml	Filename for hadolint configuration (ex: .hadolintlintrc.yaml)
EDITORCONFIG_FILE_NAME	.ecrc	Filename for editorconfig-checker configuration
ENABLE_GITHUB_ACTIONS_GROUP_TITLE	false if RUN_LOCAL=true, true otherwise	Flag to enable GitHub Actions log grouping.
ERROR_ON_MISSING_EXEC_BIT	false	If set to false, the bash-exec linter will report a warning if a shell script is not executable. If set to true, the bash-exec linter will report an error instead.
EXPERIMENTAL_BATCH_WORKER	false	Flag to enable experimental parallel and batched worker. As of current only eslint and cfn-lint are supported, if there is no support, original version is used as fallback
FILTER_REGEX_EXCLUDE	none	Regular expression defining which files will be excluded from linting (ex: .*src/test.*)
FILTER_REGEX_INCLUDE	all	Regular expression defining which files will be processed by linters (ex: .*src/.*)
GITHUB_ACTIONS_CONFIG_FILE	actionlint.yml	Filename for Actionlint configuration (ex: actionlint.yml)
GITHUB_ACTIONS_COMMAND_ARGS	null	Additional arguments passed to actionlint command. Useful to ignore some errors
GITHUB_CUSTOM_API_URL	https://api.github.com	Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. https://github.myenterprise.com/api/v3
GITHUB_DOMAIN	github.com	Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. github.myenterprise.com
GITLEAKS_CONFIG_FILE	.gitleaks.toml	Filename for GitLeaks configuration (ex: .gitleaks.toml)
IGNORE_GENERATED_FILES	false	If set to true, super-linter will ignore all the files with @generated marker but without @not-generated marker.
IGNORE_GITIGNORED_FILES	false	If set to true, super-linter will ignore all the files that are ignored by Git.
JAVA_FILE_NAME	sun_checks.xml	Filename for Checkstyle configuration (ex: checkstyle.xml)
JAVASCRIPT_DEFAULT_STYLE	standard	Flag to set the default style of JavaScript. Available options: standard/prettier
JAVASCRIPT_ES_CONFIG_FILE	.eslintrc.yml	Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
JSCPD_CONFIG_FILE	.jscpd.json	Filename for JSCPD configuration
KUBERNETES_KUBECONFORM_OPTIONS	null	Additional arguments to pass to the command-line when running Kubernetes Kubeconform (Example: --ignore-missing-schemas)
LINTER_RULES_PATH	.github/linters	Directory for all linter configuration rules.
LOG_FILE	super-linter.log	The filename for outputting logs. All output is sent to the log file regardless of LOG_LEVEL.
LOG_LEVEL	VERBOSE	How much output the script will generate to the console. One of ERROR, WARN, NOTICE, VERBOSE, DEBUG or TRACE.
MARKDOWN_CONFIG_FILE	.markdown-lint.yml	Filename for Markdownlint configuration (ex: .markdown-lint.yml, .markdownlint.json, .markdownlint.yaml)
MARKDOWN_CUSTOM_RULE_GLOBS	.markdown-lint/rules,rules/**	Comma-separated list of file globs matching custom Markdownlint rule files.
MULTI_STATUS	true	A status API is made for each language that is linted to make visual parsing easier.
NATURAL_LANGUAGE_CONFIG_FILE	.textlintrc	Filename for textlint configuration (ex: .textlintrc)
PERL_PERLCRITIC_OPTIONS	null	Additional arguments to pass to the command-line when running perlcritic (Example: --theme community)
PHP_CONFIG_FILE	php.ini	Filename for PHP Configuration (ex: php.ini)
PHP_PHPCS_FILE_NAME	phpcs.xml	Filename for PHP CodeSniffer (ex: .phpcs.xml, .phpcs.xml.dist)
PROTOBUF_CONFIG_FILE	.protolintrc.yml	Filename for protolint configuration (ex: .protolintrc.yml)
PYTHON_BLACK_CONFIG_FILE	.python-black	Filename for black configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_FLAKE8_CONFIG_FILE	.flake8	Filename for flake8 configuration (ex: .flake8, tox.ini)
PYTHON_ISORT_CONFIG_FILE	.isort.cfg	Filename for isort configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_MYPY_CONFIG_FILE	.mypy.ini	Filename for mypy configuration (ex: .mypy.ini, setup.config)
PYTHON_PYLINT_CONFIG_FILE	.python-lint	Filename for pylint configuration (ex: .python-lint, .pylintrc)
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES	not set	Comma-separated filenames for renovate shareable config preset (ex: default.json)
RUBY_CONFIG_FILE	.ruby-lint.yml	Filename for rubocop configuration (ex: .ruby-lint.yml, .rubocop.yml)
SCALAFMT_CONFIG_FILE	.scalafmt.conf	Filename for scalafmt configuration (ex: .scalafmt.conf)
SNAKEMAKE_SNAKEFMT_CONFIG_FILE	.snakefmt.toml	Filename for Snakemake configuration (ex: pyproject.toml, .snakefmt.toml)
SSL_CERT_SECRET	none	SSL cert to add to the Super-Linter trust store. This is needed for users on self-hosted runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }})
SSH_KEY	none	SSH key that has access to your private repositories
SSH_SETUP_GITHUB	false	If set to true, adds the github.com SSH key to known_hosts. This is ignored if SSH_KEY is provided - i.e. the github.com SSH key is always added if SSH_KEY is provided
SSH_INSECURE_NO_VERIFY_GITHUB_KEY	false	INSECURE - If set to true, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended!
SQL_CONFIG_FILE	.sql-config.json	Filename for SQL-Lint configuration (ex: sql-config.json , .config.json)
SQLFLUFF_CONFIG_FILE	/.sqlfluff	Filename for SQLFLUFF configuration (ex: /.sqlfluff, pyproject.toml)
SUPPRESS_FILE_TYPE_WARN	false	If set to true, will hide warning messages about files without their proper extensions. Default is false
SUPPRESS_POSSUM	false	If set to true, will hide the ASCII possum at top of log output. Default is false
TERRAFORM_TERRASCAN_CONFIG_FILE	terrascan.toml	Filename for terrascan configuration (ex: terrascan.toml)
TERRAFORM_TFLINT_CONFIG_FILE	.tflint.hcl	Filename for tfLint configuration (ex: .tflint.hcl)
TYPESCRIPT_DEFAULT_STYLE	ts-standard	Flag to set the default style of TypeScript. Available options: ts-standard/prettier
TYPESCRIPT_ES_CONFIG_FILE	.eslintrc.yml	Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
TYPESCRIPT_STANDARD_TSCONFIG_FILE	${DEFAULT_WORKSPACE}/tsconfig.json	Path to the TypeScript project configuration in ts-standard. The path is relative to DEFAULT_WORKSPACE
USE_FIND_ALGORITHM	false	By default, we use git diff to find all files in the workspace and what has been updated, this would enable the Linux find method instead to find all files to lint
VALIDATE_ALL_CODEBASE	true	Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation.
VALIDATE_JSCPD_ALL_CODEBASE	false	If set to true, will lint the whole codebase with JSCPD. If set to false, JSCPD will only lint files one by one.
VALIDATE_ANSIBLE	true	Flag to enable or disable the linting process of the Ansible language.
VALIDATE_ARM	true	Flag to enable or disable the linting process of the ARM language.
VALIDATE_BASH	true	Flag to enable or disable the linting process of the Bash language.
VALIDATE_BASH_EXEC	true	Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable.
VALIDATE_CPP	true	Flag to enable or disable the linting process of the C++ language.
VALIDATE_CHECKOV	true	Flag to enable or disable the linting process with Checkov
VALIDATE_CLANG_FORMAT	true	Flag to enable or disable the linting process of the C++/C language with clang-format.
VALIDATE_CLOJURE	true	Flag to enable or disable the linting process of the Clojure language.
VALIDATE_CLOUDFORMATION	true	Flag to enable or disable the linting process of the AWS Cloud Formation language.
VALIDATE_COFFEESCRIPT	true	Flag to enable or disable the linting process of the Coffeescript language.
VALIDATE_CSHARP	true	Flag to enable or disable the linting process of the C# language.
VALIDATE_CSS	true	Flag to enable or disable the linting process of the CSS language.
VALIDATE_DART	true	Flag to enable or disable the linting process of the Dart language.
VALIDATE_DOCKERFILE_HADOLINT	true	Flag to enable or disable the linting process of the Docker language.
VALIDATE_EDITORCONFIG	true	Flag to enable or disable the linting process with the EditorConfig.
VALIDATE_ENV	true	Flag to enable or disable the linting process of the ENV language.
VALIDATE_GHERKIN	true	Flag to enable or disable the linting process of the Gherkin language.
VALIDATE_GITHUB_ACTIONS	true	Flag to enable or disable the linting process of the GitHub Actions.
VALIDATE_GITLEAKS	true	Flag to enable or disable the linting process of the secrets.
VALIDATE_GO	true	Flag to enable or disable the linting process of the individual Golang files. Set this to false if you want to lint Go modules. See the VALIDATE_GO_MODULES variable.
VALIDATE_GO_MODULES	true	Flag to enable or disable the linting process of Go modules. Super-linter considers a directory to be a Go module if it contains a file named go.mod.
VALIDATE_GOOGLE_JAVA_FORMAT	true	Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format)
VALIDATE_GROOVY	true	Flag to enable or disable the linting process of the language.
VALIDATE_HTML	true	Flag to enable or disable the linting process of the HTML language.
VALIDATE_JAVA	true	Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle)
VALIDATE_JAVASCRIPT_ES	true	Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint)
VALIDATE_JAVASCRIPT_STANDARD	true	Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard)
VALIDATE_JSCPD	true	Flag to enable or disable the JSCPD.
VALIDATE_JSON	true	Flag to enable or disable the linting process of the JSON language.
VALIDATE_JSX	true	Flag to enable or disable the linting process for jsx files (Utilizing: ESLint)
VALIDATE_KOTLIN	true	Flag to enable or disable the linting process of the Kotlin language.
VALIDATE_KOTLIN_ANDROID	true	Flag to enable or disable the linting process of the Kotlin language. (Utilizing: ktlint --android)
VALIDATE_KUBERNETES_KUBECONFORM	true	Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform
VALIDATE_LATEX	true	Flag to enable or disable the linting process of the LaTeX language.
VALIDATE_LUA	true	Flag to enable or disable the linting process of the language.
VALIDATE_MARKDOWN	true	Flag to enable or disable the linting process of the Markdown language.
VALIDATE_NATURAL_LANGUAGE	true	Flag to enable or disable the linting process of the natural language.
VALIDATE_OPENAPI	true	Flag to enable or disable the linting process of the OpenAPI language.
VALIDATE_PERL	true	Flag to enable or disable the linting process of the Perl language.
VALIDATE_PHP	true	Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility)
VALIDATE_PHP_BUILTIN	true	Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter)
VALIDATE_PHP_PHPCS	true	Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer)
VALIDATE_PHP_PHPSTAN	true	Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan)
VALIDATE_PHP_PSALM	true	Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm)
VALIDATE_POWERSHELL	true	Flag to enable or disable the linting process of the Powershell language.
VALIDATE_PROTOBUF	true	Flag to enable or disable the linting process of the Protobuf language.
VALIDATE_PYTHON	true	Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility)
VALIDATE_PYTHON_BLACK	true	Flag to enable or disable the linting process of the Python language. (Utilizing: black)
VALIDATE_PYTHON_FLAKE8	true	Flag to enable or disable the linting process of the Python language. (Utilizing: flake8)
VALIDATE_PYTHON_ISORT	true	Flag to enable or disable the linting process of the Python language. (Utilizing: isort)
VALIDATE_PYTHON_MYPY	true	Flag to enable or disable the linting process of the Python language. (Utilizing: mypy)
VALIDATE_PYTHON_PYLINT	true	Flag to enable or disable the linting process of the Python language. (Utilizing: pylint)
VALIDATE_R	true	Flag to enable or disable the linting process of the R language.
VALIDATE_RAKU	true	Flag to enable or disable the linting process of the Raku language.
VALIDATE_RENOVATE	true	Flag to enable or disable the linting process of the Renovate configuration files.
VALIDATE_RUBY	true	Flag to enable or disable the linting process of the Ruby language.
VALIDATE_RUST_2015	true	Flag to enable or disable the linting process of the Rust language. (edition: 2015)
VALIDATE_RUST_2018	true	Flag to enable or disable the linting process of Rust language. (edition: 2018)
VALIDATE_RUST_2021	true	Flag to enable or disable the linting process of Rust language. (edition: 2021)
VALIDATE_RUST_CLIPPY	true	Flag to enable or disable the clippy linting process of Rust language.
VALIDATE_SCALAFMT	true	Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test)
VALIDATE_SHELL_SHFMT	true	Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt)
VALIDATE_SNAKEMAKE_LINT	true	Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint)
VALIDATE_SNAKEMAKE_SNAKEFMT	true	Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt)
VALIDATE_STATES	true	Flag to enable or disable the linting process for AWS States Language.
VALIDATE_SQL	true	Flag to enable or disable the linting process of the SQL language.
VALIDATE_SQLFLUFF	true	Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff)
VALIDATE_TEKTON	true	Flag to enable or disable the linting process of the Tekton language.
VALIDATE_TERRAFORM_FMT	true	Flag to enable or disable the formatting process of the Terraform files.
VALIDATE_TERRAFORM_TERRASCAN	true	Flag to enable or disable the linting process of the Terraform language for security related issues.
VALIDATE_TERRAFORM_TFLINT	true	Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint)
VALIDATE_TERRAGRUNT	true	Flag to enable or disable the linting process for Terragrunt files.
VALIDATE_TSX	true	Flag to enable or disable the linting process for tsx files (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_ES	true	Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_STANDARD	true	Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard)
VALIDATE_XML	true	Flag to enable or disable the linting process of the XML language.
VALIDATE_YAML	true	Flag to enable or disable the linting process of the YAML language.
YAML_CONFIG_FILE	.yaml-lint.yml	Filename for Yamllint configuration (ex: .yaml-lint.yml, .yamllint.yml)
YAML_ERROR_ON_WARNING	false	Flag to enable or disable the error on warning for Yamllint.

The VALIDATE_[LANGUAGE] variables work as follows:

• super-linter runs all supported linters by default.
• If you set any of the VALIDATE_[LANGUAGE] variables to true, super-linter defaults to leaving any unset variable to false (only validate those languages).
• If you set any of the VALIDATE_[LANGUAGE] variables to false, super-linter defaults to leaving any unset variable to true (only exclude those languages).
• If you set any of the VALIDATE_[LANGUAGE] variables to both true and false, super-linter fails reporting an error.

For more information about reusing super-linter configuration across environments, see Share Environment variables between environments.

Configure linters

Super-linter provides default configurations for some linters in the TEMPLATES/ directory. You can customize the configuration for the linters that support this by placing your own configuration files in the LINTER_RULES_PATH directory. LINTER_RULES_PATH is relative to the DEFAULT_WORKSPACE directory.

Super-linter supports customizing the name of these configuration files. For more information, refer to Configure super-linter.

For example, you can configure super-linter to load configuration files from the config/lint directory in your repository:

  env:
    LINTER_RULES_PATH: `config/lint`

Some of the linters that super-linter provides can be configured to disable certain rules or checks, and to ignore certain files or part of them.

For more information about how to configure each linter, review their own documentation.

Include or exclude files from checks

If you need to include or exclude directories from being checked, you can use two environment variables: FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE.

For example:

• Lint only the src folder: FILTER_REGEX_INCLUDE: .*src/.*
• Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*
• Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js

Additionally, if you set IGNORE_GENERATED_FILES to true, super-linter ignores any file with @generated string in it, unless the file also has @not-generated marker. For example, super-linter considers a file with the following contents as generated:

#!/bin/sh
echo "@generated"

while considers this file as not generated:

#!/bin/sh
echo "@generated" # @not-generated

Finally, you can set IGNORE_GITIGNORED_FILES to true to ignore a file if Git ignores it too.

Run Super-Linter outside GitHub Actions

You don't need GitHub Actions to run super-linter. It supports several runtime environments.

Run using a container runtime engine

You can run super-linter outside GitHub Actions. For example, you can run super-linter from a shell:

docker run \
  -e ACTIONS_RUNNER_DEBUG=true \
  -e RUN_LOCAL=true \
  -v /path/to/local/codebase:/tmp/lint \
  ghcr.io/super-linter/super-linter:latest

For more information, see Run super-linter outside GitHub Actions.

Use your own SSH key and certificate

If you need to use your own SSH key to authenticate against private repositories, you can use the SSH_KEY environment variable. The value of that environment variable is expected to be be the private key of an SSH keypair that has access to your private repositories.

For example, you can configure this private key as an Encrypted Secret and access it with the secrets parameter from your GitHub Actions workflow:

  env:
    SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

If you need to inject a SSL certificate into the trust store, you can use the SSL_CERT_SECRET variable. The value of that variable is expected to be the path to the files that contains a CA that can be used to valide the certificate:

  env:
    SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}

How to contribute

If you would like to help contribute to super-linter, see CONTRIBUTING.