Skip to content

Merge pull request #4 from biosustain/fix_flavors_pipeline_v2 #87

Merge pull request #4 from biosustain/fix_flavors_pipeline_v2

Merge pull request #4 from biosustain/fix_flavors_pipeline_v2 #87

name: Code Quality
# Workflow to check if project meets the code quality standards of the Biosustain group
on:
workflow_call:
inputs:
JSON_ENV:
description: |
JSON string with environment variables to pass to the mega-linter.
To pass all environment variables, use toJson(env)
required: false
default: "{}" # Empty JSON object
type: string
workflow_dispatch:
inputs:
JSON_ENV:
description: |
JSON string with environment variables to pass to the mega-linter.
required: false
default: "{}" # Empty JSON object
type: string
# Trigger the workflow also on push or pull request in this repository
push:
branches:
- main
pull_request:
branches:
- main
# Give the default GITHUB_TOKEN write permission to commit and push, comment
# issues & post new PR; remove the ones you do not need
permissions:
security-events: write
actions: read # Needed to run codeql/upload-sarif@v3
contents: write
issues: write
pull-requests: write
statuses: write
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
check-code-quality:
name: Run MegaLinter to check code quality
runs-on: ubuntu-latest
steps:
- name: Load configuration
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
repository: biosustain/code-quality-check
path: config
- name: Checkout Code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
path: code
fetch-depth: 0
- name: Set config path environment variables
env:
JSON_ENV: ${{ inputs.JSON_ENV }}
run: |
# Set the environment variables for the MegaLinter
echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV"
# Extend the configuration file if it exists, else use default
if [ -f code/.mega-linter.yml ]; then
# This cannot be set is there is no .mega-linter.yml in project
echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV"
else
echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV"
fi
# MegaLinter
- name: MegaLinter
uses: oxsecurity/[email protected]
id: ml
env:
# All available variables are described in documentation
# https://megalinter.io/configuration/
# Define the reporters used in this action (not overrideable)
SARIF_REPORTER: true
MARKDOWN_SUMMARY_REPORTER: true
GITHUB_WORKSPACE: ${{ github.workspace }}/code
DEFAULT_WORKSPACE: ${{ github.workspace }}/code
# Validates all source when push on main, else just the git diff with
# main.
VALIDATE_ALL_CODEBASE: >
${{
github.event_name == 'push' &&
contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Upload MegaLinter artifacts
- name: Archive production artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
- name: Upload MegaLinter scan results to GitHub Security tab
continue-on-error: true # This might error if github advanced security is not enabled
if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed
uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
with:
sarif_file: "megalinter-reports/megalinter-report.sarif"
- name: Show report in job summary
if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran
run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md