fix workflow 'false' #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Quality | |
| # Workflow to check if project meets the code quality standards of the Biosustain group | |
| on: | |
| workflow_call: | |
| # Trigger the workflow also on push or pull request in this repository | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| megalinter: | |
| name: MegaLinter | |
| runs-on: ubuntu-latest | |
| # Give the default GITHUB_TOKEN write permission to commit and push, comment | |
| # issues & post new PR; remove the ones you do not need | |
| permissions: | |
| actions: read # Needed to run codeql/upload-sarif@v3 | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - name: Check if GHAS is enabled | |
| uses: actions/github-script@v7 | |
| id: ghas-enabled | |
| with: | |
| script: | | |
| const response = await github.rest.repos.get({ | |
| owner: '${{ github.repository }}'.split("/")[0], | |
| repo: '${{ github.repository }}'.split("/")[1] | |
| }); | |
| const securityEnabled = response.data.security_and_analysis?.advanced_security?.status === 'enabled'; | |
| if (!securityEnabled) { | |
| let message = 'GitHub Advanced Security is NOT enabled.'; | |
| const url = 'https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled'; | |
| message += ` For more information, see ${url}`; | |
| core.warning(message); | |
| } | |
| return securityEnabled; | |
| # Git Checkout | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} | |
| # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to | |
| # improve performance | |
| fetch-depth: 0 | |
| # MegaLinter | |
| - name: MegaLinter | |
| # You can override MegaLinter flavor used to have faster performances | |
| # More info at https://megalinter.io/flavors/ | |
| uses: oxsecurity/megalinter@v7 | |
| id: ml | |
| # All available variables are described in documentation | |
| # https://megalinter.io/configuration/ | |
| env: | |
| GITHUB_COMMENT_REPORTER: false | |
| SARIF_REPORTER: true | |
| MARKDOWN_SUMMARY_REPORTER: true | |
| MARKDOWN_SUMMARY_REPORTER_FILE_NAME: megalinter-report.md | |
| REPOSITORY_KICS_DISABLE_ERRORS: true # Disable KICS errors but keep them as warnings | |
| ACTION_ACTIONLINT_DISABLE_ERRORS: true # Disable Actionlint errors but keep them as warnings | |
| REPOSITORY_CHECKOV_DISABLE_ERRORS: true # Disable Checkov errors but keep them as warnings | |
| # Validates all source when push on main, else just the git diff with | |
| # main. Override with true if you always want to lint all sources | |
| # | |
| # To validate the entire codebase, set to: | |
| # VALIDATE_ALL_CODEBASE: true | |
| # | |
| # To validate only diff with main, set to: | |
| # VALIDATE_ALL_CODEBASE: >- | |
| # ${{ | |
| # github.event_name == 'push' && | |
| # contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) | |
| # }} | |
| VALIDATE_ALL_CODEBASE: >- | |
| ${{ | |
| github.event_name == 'push' && | |
| contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) | |
| }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE | |
| # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY | |
| DISABLE: SPELL | |
| # Upload MegaLinter artifacts | |
| - name: Archive production artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: success() || failure() | |
| with: | |
| name: MegaLinter reports | |
| path: | | |
| megalinter-reports | |
| mega-linter.log | |
| - name: Upload MegaLinter scan results to GitHub Security tab | |
| if: (steps.ghas-enabled.outputs.result == 'true') && (success() || failure()) | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'megalinter-reports/megalinter-report.sarif' | |
| - name: Show report in job summary | |
| if: always() | |
| run: cat megalinter-reports/megalinter-report.md | tee $GITHUB_STEP_SUMMARY |