actions/.github/workflows/pr-lint.yml

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: MegaLinter

on:
  push:
    branches:
      - main
      - master
    paths-ignore:
      - '**.md'
      - 'docs/**'
      - '.github/*.md'
      - 'LICENSE'
  pull_request:
    branches:
      - main
      - master
    paths-ignore:
      - '**.md'
      - 'docs/**'
      - '.github/*.md'
      - 'LICENSE'
  merge_group:

env:
  # Apply linter fixes configuration
  APPLY_FIXES: all
  APPLY_FIXES_EVENT: pull_request
  APPLY_FIXES_MODE: commit

  # Disable linters that do not work or conflict
  DISABLE_LINTERS: REPOSITORY_DEVSKIM

  # Additional settings
  VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
  GITHUB_TOKEN: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}

  # Report configuration
  REPORT_OUTPUT_FOLDER: megalinter-reports
  ENABLE_SUMMARY_REPORTER: true
  ENABLE_SARIF_REPORTER: true

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  megalinter:
    name: MegaLinter
    runs-on: ubuntu-latest
    timeout-minutes: 30

    permissions:
      contents: write
      issues: write
      pull-requests: write
      security-events: write

    steps:
      - name: Checkout Code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
          fetch-depth: 0

      - name: MegaLinter
        id: ml
        uses: oxsecurity/megalinter/flavors/cupcake@ec124f7998718d79379a3c5b39f5359952baf21d # v8.4.2
        env:
          PARALLEL: true # Run linters in parallel
          FILTER_REGEX_EXCLUDE: '(\.automation/test|docs/json-schemas|\.github/workflows)'

          # Error configuration
          ERROR_ON_MISSING_EXEC_BIT: true
          CLEAR_REPORT_FOLDER: true
          PRINT_ALPACA: false
          SHOW_ELAPSED_TIME: true

          # File configuration
          YAML_YAMLLINT_CONFIG_FILE: .yamllint.yml
          YAML_PRETTIER_CONFIG_FILE: .prettierrc.yml
          YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: '(\.automation/test|docs/json-schemas|\.github/workflows)'

      - name: Check MegaLinter Results
        id: check-results
        if: always()
        shell: bash
        run: |
          echo "status=success" >> "$GITHUB_OUTPUT"

          if [ -f "${{ env.REPORT_OUTPUT_FOLDER }}/megalinter.log" ]; then
            if grep -q "ERROR\|CRITICAL" "${{ env.REPORT_OUTPUT_FOLDER }}/megalinter.log"; then
              echo "Linting errors found"
              echo "status=failure" >> "$GITHUB_OUTPUT"
            fi
          else
            echo "::warning::MegaLinter log file not found"
          fi

      - name: Upload Reports
        if: always()
        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: MegaLinter reports
          path: |
            megalinter-reports
            mega-linter.log
          retention-days: 30

      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter

      - name: Prepare Git for Fixes
        if: steps.ml.outputs.has_updated_sources == 1
        shell: bash
        run: |
          sudo chown -Rc $UID .git/
          git config --global user.name "fiximus"
          git config --global user.email "github-bot@ivuorinen.net"

      - name: Create Pull Request
        if: |
          steps.ml.outputs.has_updated_sources == 1 &&
          (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) &&
          env.APPLY_FIXES_MODE == 'pull_request' &&
          (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) &&
          !contains(github.event.head_commit.message, 'skip fix')
        uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7
        id: cpr
        with:
          token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
          commit-message: '[MegaLinter] Apply linters automatic fixes'
          title: '[MegaLinter] Apply linters automatic fixes'
          labels: bot
          branch: megalinter/fixes-${{ github.ref_name }}
          branch-suffix: timestamp
          delete-branch: true
          body: |
            ## MegaLinter Fixes

            MegaLinter has identified and fixed code style issues.

            ### 🔍 Changes Made
            - Automated code style fixes
            - Formatting improvements
            - Lint error corrections

            ### 📝 Notes
            - Please review the changes carefully
            - Run tests before merging
            - Verify formatting matches project standards

            > Generated automatically by MegaLinter

      - name: Commit Fixes
        if: |
          steps.ml.outputs.has_updated_sources == 1 &&
          (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) &&
          env.APPLY_FIXES_MODE == 'commit' &&
          github.ref != 'refs/heads/main' &&
          (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) &&
          !contains(github.event.head_commit.message, 'skip fix')
        uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
        with:
          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
          commit_message: |
            style: apply MegaLinter fixes

            [skip ci]
          commit_user_name: fiximus
          commit_user_email: github-bot@ivuorinen.net
          push_options: --force

      - name: Create Status Check
        if: always()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const status = '${{ steps.check-results.outputs.status }}';
            const conclusion = status === 'success' ? 'success' : 'failure';

            const summary = `## MegaLinter Results

            ${status === 'success' ? '✅ All checks passed' : '❌ Issues found'}

            [View detailed report](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID})
            `;

            await core.summary
              .addRaw(summary)
              .write();

            if (status !== 'success') {
              core.setFailed('MegaLinter found issues');
            }

      - name: Cleanup
        if: always()
        shell: bash
        run: |
          # Remove temporary files but keep reports
          find . -type f -name "megalinter.*" ! -name "megalinter-reports" -delete || true
          find . -type d -name ".megalinter" -exec rm -rf {} + || true