ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-03-20 14:01:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
900dd967977fc9b878f4d3fd61c821386ee96f40
actions/.github/workflows/pr-lint.yml
Ismo Vuorinen 900dd96797 feat: add action-validator and clean up CI workflows (#513) 
* chore(pre-commit): update hooks and add action-validator

Update uv-pre-commit 0.10.9→0.10.11 and checkov 3.2.508→3.2.510.
Normalize single quotes to double quotes in hook args.
Add action-validator v0.8.0 hook for GitHub Actions validation.

* fix(ci): clean up workflow path filters

Remove non-existent action.yaml paths from action-security workflow.
Fix glob patterns (**.md → **/*.md) in pr-lint workflow.
Remove unused trigger paths (yarn.lock, pnpm-lock.yaml,
requirements.txt, .github/labels.yml, docs/**) from security-suite
and sync-labels workflows.

* feat(make): add lint-actions target for action-validator

Add lint-actions target that runs action-validator via pre-commit.
Include it in the lint dependency list and .PHONY declaration.

* docs: add context-mode routing rules to CLAUDE.md

Add mandatory routing rules section for context-mode MCP plugin,
documenting blocked commands, redirected tools, tool selection
hierarchy, and output constraints.

* fix(lint): resolve action-validator failure on language-version-detect

- Remove unsupported `deprecated: true` from language-version-detect/action.yml
  (deprecation already communicated via description field)
- Scope action-validator pre-commit hook to workflow and action.yml files only
- Make missing pre-commit a hard error in lint-actions target

* fix(deps): update action pins and fix trivy-action version comment

Update SHA-pinned action references to latest versions:
- github/codeql-action v4.32.6 → v4.33.0
- nick-fields/retry v3.0.2 → v4.0.0
- actions/cache v5.0.3 → v5.0.4
- oven-sh/setup-bun v2.1.3 → v2.2.0
- softprops/action-gh-release v2.5.0 → v2.6.1
- github/issue-metrics v4.1.0 → v4.1.1
- shivammathur/setup-php 2.36.0 → 2.37.0
- astral-sh/setup-uv v7.5.0 → v7.6.0
- terraform-linters/setup-tflint v6.2.1 → v6.2.2
- aquasecurity/trivy-action: pin from master to v0.35.0

Fix pinact warning in docker-build by adding missing v prefix
to trivy-action version comment (0.35.0 → v0.35.0).
2026-03-20 13:01:24 +02:00

108 lines
3.0 KiB
YAML
Raw Blame History

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: MegaLinter
on:
push:
branches:
- main
- master
paths-ignore:
- '**/*.md'
- '.github/*.md'
- 'LICENSE.md'
pull_request:
branches:
- main
- master
paths-ignore:
- '**/*.md'
- '.github/*.md'
- 'LICENSE.md'
merge_group:
env:
# MegaLinter configuration - these override the action's defaults
DISABLE_LINTERS: REPOSITORY_DEVSKIM
VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
# Report configuration
REPORT_OUTPUT_FOLDER: megalinter-reports
ENABLE_SUMMARY_REPORTER: true
ENABLE_SARIF_REPORTER: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
megalinter:
name: MegaLinter
runs-on: ubuntu-latest
timeout-minutes: 30
permissions:
actions: write
checks: write # Create and update check runs
contents: write
issues: write
packages: read # Access private packages
pull-requests: write
security-events: write
statuses: write
steps:
- name: Checkout Code
uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
with:
token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Run MegaLinter
id: pr-lint
uses: ./pr-lint
with:
token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
username: fiximus
email: github-bot@ivuorinen.net
- name: Upload SARIF Report
if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
sarif_file: megalinter-reports/sarif
category: megalinter
- name: Check Results
if: always()
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
const status = '${{ steps.pr-lint.outputs.validation_status }}';
const conclusion = status === 'success' ? 'success' : 'failure';
const summary = `## MegaLinter Results
${status === 'success' ? '✅ All checks passed' : '❌ Issues found'}
[View detailed report](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID})
`;
await core.summary
.addRaw(summary)
.write();
if (status !== 'success') {
core.setFailed('MegaLinter found issues');
}
- name: Cleanup
if: always()
shell: sh
run: |-
# Remove temporary files but keep reports
find . -type f -name "megalinter.*" ! -name "megalinter-reports" -delete || true
find . -type d -name ".megalinter" -exec rm -rf {} + || true
Reference in New Issue View Git Blame Copy Permalink