feat(pr-lint): switch to cupcake megalinter (#105 )

fix(pr-lint): add missing shell definitions (#103 )
feat(github-action): update ivuorinen/actions (25.3.25 → 25.4.5) (#102 )
2026-02-04 09:42:58 +00:00 · 2025-04-08 03:26:26 +03:00 · 2025-04-07 11:04:42 +03:00 · 2025-04-07 05:20:10 +00:00 · 2025-04-07 01:38:22 +03:00 · 2025-04-05 14:43:49 +03:00
26 changed files with 159 additions and 63 deletions
--- a/.github/workflows/action-security.yml
+++ b/.github/workflows/action-security.yml
@@ -117,21 +117,21 @@ jobs:
      - name: Upload Trivy results
        if: steps.verify-sarif.outputs.has_trivy == 'true'
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: 'trivy-results.sarif'
          category: 'trivy'
      - name: Upload Gitleaks results
        if: steps.verify-sarif.outputs.has_gitleaks == 'true'
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: 'gitleaks-report.sarif'
          category: 'gitleaks'
      - name: Archive security reports
        if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: security-reports-${{ github.run_id }}
          path: |
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,15 +32,15 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          languages: ${{ matrix.language }}
          queries: security-and-quality
      - name: Autobuild
-        uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -13,4 +13,4 @@ jobs:
      - name: 'Checkout Repository'
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+        uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -69,7 +69,7 @@ jobs:
      - name: MegaLinter
        id: ml
-        uses: oxsecurity/megalinter/flavors/cupcake@ec124f7998718d79379a3c5b39f5359952baf21d # v8.4.2
+        uses: oxsecurity/megalinter/flavors/cupcake@146333030da68e2e58c6ff826633824fabe01eaf # v8.5.0
        env:
          PARALLEL: true # Run linters in parallel
          FILTER_REGEX_EXCLUDE: '(\.automation/test|docs/json-schemas|\.github/workflows)'
@@ -103,7 +103,7 @@ jobs:
      - name: Upload Reports
        if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: MegaLinter reports
          path: |
@@ -113,7 +113,7 @@ jobs:
      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter
--- a/.github/workflows/security-suite.yml
+++ b/.github/workflows/security-suite.yml
@@ -87,12 +87,12 @@ jobs:
            --enableExperimental
            --failOnCVSS 7
      - name: Upload OWASP Results
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: reports/dependency-check-report.sarif
          category: owasp-dependency-check
      - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: owasp-results
          path: reports/dependency-check-report.sarif
@@ -107,7 +107,7 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
        with:
          node-version: 'lts/*'
          cache: 'npm'
@@ -119,12 +119,12 @@ jobs:
        with:
          args: --all-projects --sarif-file-output=snyk-results.sarif
      - name: Upload Snyk Results
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: snyk-results.sarif
          category: snyk
      - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: snyk-results
          path: snyk-results.sarif
@@ -146,12 +146,12 @@ jobs:
          results_format: sarif
          publish_results: true
      - name: Upload Scorecard Results
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: scorecard-results.sarif
          category: scorecard
      - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: scorecard-results
          path: scorecard-results.sarif
@@ -168,7 +168,7 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Download scan results
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
        with:
          path: ./results
@@ -338,7 +338,7 @@ jobs:
      - name: Archive Results
        if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: security-results
          path: |
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -29,12 +29,12 @@ repos:
        args: [-c, .markdownlint.json, --fix]
  - repo: https://github.com/adrienverge/yamllint
-    rev: v1.35.1
+    rev: v1.37.0
    hooks:
      - id: yamllint
  - repo: https://github.com/scop/pre-commit-shfmt
-    rev: v3.10.0-2
+    rev: v3.11.0-1
    hooks:
      - id: shfmt
@@ -51,12 +51,12 @@ repos:
        args: ['-shellcheck=']
  - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 39.156.0
+    rev: 39.227.2
    hooks:
      - id: renovate-config-validator
  - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.360'
+    rev: '3.2.400'
    hooks:
      - id: checkov
        args:
--- a/ansible-lint-fix/action.yml
+++ b/ansible-lint-fix/action.yml
@@ -47,6 +47,6 @@ runs:
        fi
    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ansible-lint.sarif
--- a/biome-check/action.yml
+++ b/biome-check/action.yml
@@ -31,6 +31,6 @@ runs:
        biome check . --json > biome-report.json
    - name: Upload Biome Results
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: biome-report.json
--- a/common-cache/action.yml
+++ b/common-cache/action.yml
@@ -95,7 +95,7 @@ runs:
        echo "cache-paths=${cache_paths}" >> $GITHUB_OUTPUT
    - id: cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: ${{ steps.prepare.outputs.cache-paths }}
        key: ${{ steps.prepare.outputs.cache-key }}
--- a/compress-images/action.yml
+++ b/compress-images/action.yml
@@ -29,7 +29,7 @@ runs:
    - name: Create New Pull Request If Needed
      if: steps.calibre.outputs.markdown != ''
-      uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      with:
        title: Compressed Images Nightly
        branch-suffix: timestamp
--- a/csharp-build/action.yml
+++ b/csharp-build/action.yml
@@ -22,7 +22,7 @@ runs:
        default-version: '7.0'
    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
+      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: '${{ steps.detect-dotnet-version.outputs.dotnet-version }}'
@@ -40,7 +40,7 @@ runs:
        dotnet test --configuration Release --no-build --collect:"XPlat Code Coverage" --logger "trx;LogFileName=test-results.trx"
    - name: Upload Test Results
-      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: test-results
        path: |
--- a/csharp-lint-check/action.yml
+++ b/csharp-lint-check/action.yml
@@ -22,7 +22,7 @@ runs:
        default-version: '7.0'
    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
+      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: '${{ steps.detect-dotnet-version.outputs.dotnet-version }}'
@@ -40,6 +40,6 @@ runs:
        fi
    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: dotnet-format.sarif
--- a/csharp-publish/action.yml
+++ b/csharp-publish/action.yml
@@ -26,7 +26,7 @@ runs:
        default-version: '7.0'
    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
+      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: '${{ steps.detect-dotnet-version.outputs.dotnet-version }}'
--- a/docker-build/action.yml
+++ b/docker-build/action.yml
@@ -92,13 +92,13 @@ runs:
        fi
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
      with:
        platforms: ${{ inputs.architectures }}
    - name: Set up Docker Buildx
      id: buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      with:
        version: latest
        platforms: ${{ inputs.architectures }}
--- a/docker-publish-gh/action.yml
+++ b/docker-publish-gh/action.yml
@@ -97,12 +97,12 @@ runs:
        done
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
      with:
        platforms: ${{ inputs.platforms }}
    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      with:
        platforms: ${{ inputs.platforms }}
@@ -133,7 +133,7 @@ runs:
        echo "tags=${processed_tags}" >> $GITHUB_OUTPUT
    - name: Log in to GitHub Container Registry
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
      with:
        registry: ${{ inputs.registry }}
        username: ${{ github.actor }}
@@ -141,7 +141,7 @@ runs:
    - name: Set up Cosign
      if: inputs.provenance == 'true'
-      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
+      uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
    - name: Publish Image
      id: publish
--- a/docker-publish-hub/action.yml
+++ b/docker-publish-hub/action.yml
@@ -105,12 +105,12 @@ runs:
        fi
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
      with:
        platforms: ${{ inputs.platforms }}
    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      with:
        platforms: ${{ inputs.platforms }}
@@ -144,14 +144,14 @@ runs:
        echo "repo-url=https://hub.docker.com/r/${full_name}" >> $GITHUB_OUTPUT
    - name: Log in to Docker Hub
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
      with:
        username: ${{ inputs.username }}
        password: ${{ inputs.password }}
    - name: Set up Cosign
      if: inputs.provenance == 'true'
-      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
+      uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
    - name: Update Docker Hub Description
      if: inputs.repository-description != '' || inputs.readme-file != ''
--- a/eslint-check/action.yml
+++ b/eslint-check/action.yml
@@ -239,7 +239,7 @@ runs:
    - name: Upload ESLint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/eslint.sarif
        category: eslint
--- a/go-build/action.yml
+++ b/go-build/action.yml
@@ -24,7 +24,7 @@ runs:
      uses: ivuorinen/actions/go-version-detect@main
    - name: Setup Go
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
      with:
        go-version: '${{ steps.detect-go-version.outputs.go-version }}'
--- a/go-lint/action.yml
+++ b/go-lint/action.yml
@@ -106,7 +106,7 @@ runs:
        done
    - name: Setup Go
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
      with:
        go-version: ${{ inputs.go-version }}
        cache: true
@@ -114,7 +114,7 @@ runs:
    - name: Set up Cache
      id: cache
      if: inputs.cache == 'true'
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: |
          ~/.cache/golangci-lint
@@ -266,7 +266,7 @@ runs:
    - name: Upload Lint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
        category: golangci-lint
--- a/node-setup/action.yml
+++ b/node-setup/action.yml
@@ -161,7 +161,7 @@ runs:
    - name: Setup Node.js
      id: setup
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
      with:
        node-version: ${{ steps.version.outputs.version }}
        registry-url: ${{ inputs.registry-url }}
@@ -216,7 +216,7 @@ runs:
    - name: Setup Caching
      if: inputs.cache == 'true'
      id: deps-cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: |
          **/node_modules
--- a/php-composer/action.yml
+++ b/php-composer/action.yml
@@ -172,7 +172,7 @@ runs:
    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: |
          vendor
--- a/pr-lint/action.yml
+++ b/pr-lint/action.yml
@@ -12,7 +12,9 @@ branding:
 runs:
  using: composite
  steps:
-    # Git Checkout
+    #   ╭──────────────────────────────────────────────────────────╮
    #   │                       Git Checkout                       │
    #   ╰──────────────────────────────────────────────────────────╯
    - name: Checkout Code
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
@@ -22,15 +24,108 @@ runs:
        # improve performance
        fetch-depth: 0
    #   ╭──────────────────────────────────────────────────────────╮
    #   │                 Setup Git configuration                  │
    #   ╰──────────────────────────────────────────────────────────╯
    - name: Setup Git Config
      id: git-config
-      uses: ivuorinen/actions/set-git-config@main
+      uses: ivuorinen/actions/set-git-config@730304e2936e7afeab4ac5652d448d0ded2fbe4b # 25.4.5
-    # MegaLinter
+    #   ╭──────────────────────────────────────────────────────────╮
    #   │               Install packages for linting               │
    #   ╰──────────────────────────────────────────────────────────╯
    # Node.js tests if package.json exists
    - name: Detect package.json
      id: detect-node
      shell: bash
      run: |
        if [ -f package.json ]; then
          echo "found=true" >> $GITHUB_OUTPUT
        fi
    - name: Setup Node.js and run tests
      if: steps.detect-node.outputs.found == 'true'
      uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
      with:
        cache: 'npm'
    - name: Install Node.js dependencies
      if: steps.detect-node.outputs.found == 'true'
      shell: bash
      run: npm ci
    # PHP tests if composer.json exists
    - name: Detect composer.json
      id: detect-php
      shell: bash
      run: |
        if [ -f composer.json ]; then
          echo "found=true" >> $GITHUB_OUTPUT
        fi
    - name: Setup PHP
      if: steps.detect-php.outputs.found == 'true'
      uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # master
      with:
        tools: composer
        coverage: none
      env:
        GITHUB_TOKEN: ${{ github.token }}
    - name: Setup problem matchers for PHP
      if: steps.detect-php.outputs.found == 'true'
      shell: bash
      run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
    - name: Install PHP dependencies
      if: steps.detect-php.outputs.found == 'true'
      shell: bash
      run: composer install --no-progress --prefer-dist --no-interaction
    # Python tests if requirements.txt exists
    - name: Detect requirements.txt
      id: detect-python
      shell: bash
      run: |
        if [ -f requirements.txt ]; then
          echo "found=true" >> $GITHUB_OUTPUT
        fi
    - name: Setup Python
      if: steps.detect-python.outputs.found == 'true'
      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
      with:
        cache: 'pip'
    - name: Install Python dependencies
      if: steps.detect-python.outputs.found == 'true'
      shell: bash
      run: pip install -r requirements.txt
    # Go tests if go.mod exists
    - name: Detect go.mod
      id: detect-go
      shell: bash
      run: |
        if [ -f go.mod ]; then
          echo "found=true" >> $GITHUB_OUTPUT
        fi
    - name: Setup Go
      if: steps.detect-go.outputs.found == 'true'
      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
      with:
        go-version-file: 'go.mod'
        cache: true
    #   ╭──────────────────────────────────────────────────────────╮
    #   │                        MegaLinter                        │
    #   ╰──────────────────────────────────────────────────────────╯
    - name: MegaLinter
      # You can override MegaLinter flavor used to have faster performances
      # More info at https://megalinter.io/latest/flavors/
-      uses: oxsecurity/megalinter@ec124f7998718d79379a3c5b39f5359952baf21d # v8.4.2
+      uses: oxsecurity/megalinter/flavors/cupcake@146333030da68e2e58c6ff826633824fabe01eaf # v8.5.0
      id: ml
      # All available variables are described in documentation
@@ -79,7 +174,7 @@ runs:
    # Upload MegaLinter artifacts
    - name: Archive production artifacts
      if: success() || failure()
-      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: MegaLinter reports
        include-hidden-files: 'true'
@@ -120,7 +215,7 @@ runs:
    # Create pull request if applicable
    # (for now works only on PR from same repository, not from forks)
    - name: Create Pull Request with applied fixes
-      uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      id: cpr
      if: env.APPLY_FIXES_IF_PR == 'true'
      with:
--- a/prettier-check/action.yml
+++ b/prettier-check/action.yml
@@ -102,7 +102,7 @@ runs:
    - name: Set up Cache
      id: cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      if: inputs.cache == 'true'
      with:
        path: |
@@ -305,7 +305,7 @@ runs:
    - name: Upload Prettier Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/prettier.sarif
        category: prettier
--- a/python-lint-fix/action.yml
+++ b/python-lint-fix/action.yml
@@ -49,7 +49,7 @@ runs:
  using: composite
  steps:
    - name: Setup Python
-      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
      with:
        python-version: ${{ inputs.python-version }}
        cache: 'pip'
@@ -213,7 +213,7 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.result == 'found'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
        category: 'python-lint'
--- a/run.sh
+++ b/run.sh
@@ -78,7 +78,8 @@ find . -mindepth 1 -maxdepth 1 -type d | while read -r dir; do
      echo "- ⏩ Skipping $dir - action.yml missing"
    fi
  ) || {
-    echo "- ⚠️ Warning: Error processing directory $dir" | tee -a "$log_file"
+    echo "- ⚠️ Warning: Error processing directory $dir" |
      tee -a "$log_file"
  }
  echo ""
 done
@@ -106,7 +107,7 @@ fi
 echo ""
 echo "🔎 Running MegaLinter..."
-if ! npx --yes mega-linter-runner; then
+if ! npx --yes mega-linter-runner --flavor cupcake --fix --remove-container --container-name cupcake; then
  echo "- ⚠️ Warning: MegaLinter found issues" | tee -a "$log_file"
 fi
 echo ""
--- a/terraform-lint-fix/action.yml
+++ b/terraform-lint-fix/action.yml
@@ -225,7 +225,7 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/tflint.sarif
        category: terraform-lint
Author	SHA1	Message	Date
Ismo Vuorinen	312c00f77f	feat(pr-lint): switch to cupcake megalinter (#105 )	2025-04-08 03:26:26 +03:00
Ismo Vuorinen	f845a14b12	fix(pr-lint): add missing shell definitions (#103 )	2025-04-07 11:04:42 +03:00
renovate[bot]	9870d3ee6c	feat(github-action): update ivuorinen/actions (25.3.25 → 25.4.5) (#102 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-04-07 05:20:10 +00:00
renovate[bot]	8619a7832f	feat(github-action): update actions/dependency-review-action (v4.5.0 → v4.6.0) (#100 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-04-07 01:38:22 +03:00
Ismo Vuorinen	730304e293	feat(pr-lint): Update pr-lint/action.yml: Add multi-env detection, update Git config (#98 )	2025-04-05 14:43:49 +03:00
renovate[bot]	d648dba573	feat(github-action): update docker/setup-buildx-action (v3.9.0 → v3.10.0) (#94 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 18:33:19 +02:00
renovate[bot]	fc7d3175cb	feat(github-action): update oxsecurity/megalinter (v8.4.2 → v8.5.0) (#96 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 18:32:52 +02:00
renovate[bot]	e7115f4b51	feat(github-action): update docker/setup-qemu-action (v3.4.0 → v3.6.0) (#95 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 18:32:29 +02:00
renovate[bot]	3a218c668e	feat(github-action): update docker/login-action (v3.3.0 → v3.4.0) (#93 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 13:23:24 +00:00
renovate[bot]	e48fabc9f7	feat(github-action): update actions/setup-python (v5.4.0 → v5.5.0) (#92 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 11:46:04 +00:00
renovate[bot]	09fe03ad60	feat(github-action): update actions/setup-node (v4.2.0 → v4.3.0) (#91 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 11:44:54 +00:00
renovate[bot]	faad4c9f84	feat(github-action): update actions/setup-go (v5.3.0 → v5.4.0) (#89 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 08:41:47 +00:00
renovate[bot]	2f1db37232	feat(github-action): update actions/download-artifact (v4.1.9 → v4.2.1) (#88 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 04:40:57 +00:00
renovate[bot]	368a00e9be	fix(github-action): update sigstore/cosign-installer (v3.8.0 → v3.8.1) (#87 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-25 00:36:05 +00:00
renovate[bot]	51dbb7fbe1	fix(github-action): update peter-evans/create-pull-request (v7.0.6 → v7.0.8) (#86 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 20:38:09 +00:00
renovate[bot]	411fd89715	fix(github-action): update github/codeql-action to v3.28.13 (#85 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 18:57:55 +00:00
renovate[bot]	642883d9f9	fix(github-action): update actions/upload-artifact to v4.6.2 (#84 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 15:46:33 +00:00
renovate[bot]	5378420242	fix(github-action): update actions/setup-dotnet (v4.3.0 → v4.3.1) (#82 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 10:07:50 +00:00
renovate[bot]	85f88126e0	fix(github-action): update actions/cache (v4.2.0 → v4.2.3) (#81 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 04:57:56 +00:00