Skip to content

draft

draft #16

name: Code Quality
# Workflow to check if project meets the code quality standards of the Biosustain group
on:
workflow_call:
inputs:
APPLY_FIXES: # If true, the workflow will try to fix the issues
description: |
Apply linter fixes configuration.
'all' to apply fixes of all linters, or a list of linter keys (ex: JAVASCRIPT_ES,MARKDOWN_MARKDOWNLINT)
required: false
default: none
type: string
APPLY_FIXES_EVENT:
description: |
Decide which event triggers application of fixes in a commit or a PR.
'pull_request', 'push', 'all'
required: false
default: pull_request
type: string
APPLY_FIXES_MODE:
description: |
If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
or posted in a PR (pull_request)
required: false
default: pull_request
type: string
# Trigger the workflow also on push or pull request in this repository
push:
branches:
- main
pull_request:
branches:
- main
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env:
# Apply linter fixes configuration
#
# When active, APPLY_FIXES must also be defined as environment variable
# (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES: ${{ github.event.inputs.APPLY_FIXES }}
# Decide which event triggers application of fixes in a commit or a PR
# (pull_request, push, all)
APPLY_FIXES_EVENT: ${{ github.event.inputs.APPLY_FIXES_EVENT }}
# If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
# or posted in a PR (pull_request)
APPLY_FIXES_MODE: ${{ github.event.inputs.APPLY_FIXES_MODE }}
jobs:
check-code-quality:
name: Run MegaLinter to check code quality
runs-on: ubuntu-latest
# Give the default GITHUB_TOKEN write permission to commit and push, comment
# issues & post new PR; remove the ones you do not need
permissions:
actions: read # Needed to run codeql/upload-sarif@v3
contents: write
issues: write
pull-requests: write
steps:
- name: Load configuration
uses: actions/checkout@v4
with:
path: /config
- name: Check if GHAS is enabled
uses: actions/github-script@v7
id: ghas-enabled
with:
script: |
const response = await github.rest.repos.get({
owner: '${{ github.repository }}'.split("/")[0],
repo: '${{ github.repository }}'.split("/")[1]
});
const securityEnabled = response.data.security_and_analysis?.advanced_security?.status === 'enabled';
if (!securityEnabled) {
let message = 'GitHub Advanced Security is NOT enabled.';
const url = 'https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled';
message += ` For more information, see ${url}`;
core.warning(message);
}
return securityEnabled;
- name: Checkout Code
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
# If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
# improve performance
fetch-depth: 0
# MegaLinter
- name: MegaLinter
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/flavors/
uses: oxsecurity/megalinter@v7
# All available variables are described in documentation
# https://megalinter.io/configuration/
env:
# Define the reporters used in this action (not overrideable)
SARIF_REPORTER: true
MARKDOWN_SUMMARY_REPORTER: true
# Extend the configuration file if it exists, else use default
EXTENDS: ${{ hashFiles('.mega-linter.yml') != '' && '/config/.mega-linter.yml' || '' }}
MEGALINTER_CONFIG_FILE: ${{ hashFiles('.mega-linter.yml') = '' && '/config/.mega-linter.yml' || '' }}

Check failure on line 117 in .github/workflows/code-quality-check.yml

View workflow run for this annotation

GitHub Actions / Code Quality

Invalid workflow file

The workflow is not valid. .github/workflows/code-quality-check.yml (Line: 117, Col: 35): Unexpected symbol: '='. Located at position 31 within expression: hashFiles('.mega-linter.yml') = '' && '/config/.mega-linter.yml' || ''
# Validates all source when push on main, else just the git diff with
# main. Override with true if you always want to lint all sources
#
# To validate the entire codebase, set to:
# VALIDATE_ALL_CODEBASE: true
#
# To validate only diff with main, set to:
# VALIDATE_ALL_CODEBASE: >-
# ${{
# github.event_name == 'push' &&
# contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
# }}
VALIDATE_ALL_CODEBASE: >
${{
github.event_name == 'push' &&
contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Upload MegaLinter artifacts
- name: Archive production artifacts
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
- name: Upload MegaLinter scan results to GitHub Security tab
if: (steps.ghas-enabled.outputs.result == 'true') && (success() || failure())
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'megalinter-reports/megalinter-report.sarif'
- name: Show report in job summary
if: always()
run: cat megalinter-reports/megalinter-report.md | tee $GITHUB_STEP_SUMMARY
# Set APPLY_FIXES_IF var for use in future steps
- name: Set APPLY_FIXES_IF var
run: |
printf 'APPLY_FIXES_IF=%s\n' "${{
steps.ml.outputs.has_updated_sources == 1 &&
(
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
) &&
(
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository
)
}}" >> "${GITHUB_ENV}"
# Set APPLY_FIXES_IF_* vars for use in future steps
- name: Set APPLY_FIXES_IF_* vars
run: |
printf 'APPLY_FIXES_IF_PR=%s\n' "${{
env.APPLY_FIXES_IF == 'true' &&
env.APPLY_FIXES_MODE == 'pull_request'
}}" >> "${GITHUB_ENV}"
printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{
env.APPLY_FIXES_IF == 'true' &&
env.APPLY_FIXES_MODE == 'commit' &&
(!contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref))
}}" >> "${GITHUB_ENV}"
# Create pull request if applicable
# (for now works only on PR from same repository, not from forks)
- name: Create Pull Request with applied fixes
uses: peter-evans/create-pull-request@v6
id: cpr
if: env.APPLY_FIXES_IF_PR == 'true'
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[BiosustainMegaLinter] Apply linters automatic fixes"
title: "[BiosustainMegaLinter] Apply linters automatic fixes"
labels: bot
- name: Create PR output
if: env.APPLY_FIXES_IF_PR == 'true'
run: |
echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
# Push new commit if applicable
# (for now works only on PR from same repository, not from forks)
- name: Prepare commit
if: env.APPLY_FIXES_IF_COMMIT == 'true'
run: sudo chown -Rc $UID .git/
- name: Commit and push applied linter fixes
uses: stefanzweifel/git-auto-commit-action@v4
if: env.APPLY_FIXES_IF_COMMIT == 'true'
with:
branch: >-
${{
github.event.pull_request.head.ref ||
github.head_ref ||
github.ref
}}
commit_message: "[BiosustainMegaLinter] Apply linters fixes"