--- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: MegaLinter on: push: branches: - main - master paths-ignore: - '**.md' - 'docs/**' - '.github/*.md' - 'LICENSE' pull_request: branches: - main - master paths-ignore: - '**.md' - 'docs/**' - '.github/*.md' - 'LICENSE' merge_group: env: # Apply linter fixes configuration APPLY_FIXES: all APPLY_FIXES_EVENT: pull_request APPLY_FIXES_MODE: commit # Disable linters that do not work or conflict DISABLE_LINTERS: REPOSITORY_DEVSKIM # Additional settings VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} GITHUB_TOKEN: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }} # Report configuration REPORT_OUTPUT_FOLDER: megalinter-reports ENABLE_SUMMARY_REPORTER: true ENABLE_SARIF_REPORTER: true concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: contents: read jobs: megalinter: name: MegaLinter runs-on: ubuntu-latest timeout-minutes: 30 permissions: contents: write issues: write pull-requests: write security-events: write steps: - name: Checkout Code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }} fetch-depth: 0 - name: MegaLinter id: ml uses: oxsecurity/megalinter/flavors/cupcake@0dcbedd66ea456ba2d54fd350affaa15df8a0da3 # v9.0.1 - name: Check MegaLinter Results id: check-results if: always() shell: bash run: | echo "status=success" >> "$GITHUB_OUTPUT" if [ -f "${{ env.REPORT_OUTPUT_FOLDER }}/megalinter.log" ]; then if grep -q "ERROR\|CRITICAL" "${{ env.REPORT_OUTPUT_FOLDER }}/megalinter.log"; then echo "Linting errors found" echo "status=failure" >> "$GITHUB_OUTPUT" fi else echo "::warning::MegaLinter log file not found" fi - name: Upload Reports if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: MegaLinter reports path: | megalinter-reports mega-linter.log retention-days: 30 - name: Upload SARIF Report if: always() && hashFiles('megalinter-reports/sarif/*.sarif') uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: sarif_file: megalinter-reports/sarif category: megalinter - name: Prepare Git for Fixes if: steps.ml.outputs.has_updated_sources == 1 shell: bash run: | sudo chown -Rc $UID .git/ git config --global user.name "fiximus" git config --global user.email "github-bot@ivuorinen.net" - name: Create Pull Request if: | steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 id: cpr with: token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }} commit-message: '[MegaLinter] Apply linters automatic fixes' title: '[MegaLinter] Apply linters automatic fixes' labels: bot branch: megalinter/fixes-${{ github.ref_name }} branch-suffix: timestamp delete-branch: true body: | ## MegaLinter Fixes MegaLinter has identified and fixed code style issues. ### 🔍 Changes Made - Automated code style fixes - Formatting improvements - Lint error corrections ### 📝 Notes - Please review the changes carefully - Run tests before merging - Verify formatting matches project standards > Generated automatically by MegaLinter - name: Commit Fixes if: | steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1 with: branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} commit_message: | style: apply MegaLinter fixes [skip ci] commit_user_name: fiximus commit_user_email: github-bot@ivuorinen.net push_options: --force - name: Create Status Check if: always() uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const status = '${{ steps.check-results.outputs.status }}'; const conclusion = status === 'success' ? 'success' : 'failure'; const summary = `## MegaLinter Results ${status === 'success' ? '✅ All checks passed' : '❌ Issues found'} [View detailed report](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}) `; await core.summary .addRaw(summary) .write(); if (status !== 'success') { core.setFailed('MegaLinter found issues'); } - name: Cleanup if: always() shell: bash run: | # Remove temporary files but keep reports find . -type f -name "megalinter.*" ! -name "megalinter-reports" -delete || true find . -type d -name ".megalinter" -exec rm -rf {} + || true