From 6f843bed2df27d51fb5b810ef323a89cb295be51 Mon Sep 17 00:00:00 2001 From: Dominik Mariusz Maszczyk Date: Wed, 21 Aug 2024 15:52:28 +0200 Subject: [PATCH 1/2] move externaly accessible workflows out of .github/workflows so they can be generated in github action --- .../flavors/ci_light-code-quality-check.yml | 122 ------------- .../flavors/cupcake-code-quality-check.yml | 122 ------------- .../documentation-code-quality-check.yml | 122 ------------- .../flavors/dotnet-code-quality-check.yml | 122 ------------- .../flavors/dotnetweb-code-quality-check.yml | 122 ------------- .../flavors/formatters-code-quality-check.yml | 122 ------------- .../flavors/go-code-quality-check.yml | 122 ------------- .../flavors/java-code-quality-check.yml | 122 ------------- .../flavors/javascript-code-quality-check.yml | 122 ------------- .../flavors/php-code-quality-check.yml | 122 ------------- .../flavors/python-code-quality-check.yml | 122 ------------- .../flavors/ruby-code-quality-check.yml | 122 ------------- .../flavors/rust-code-quality-check.yml | 122 ------------- .../flavors/salesforce-code-quality-check.yml | 122 ------------- .../flavors/security-code-quality-check.yml | 122 ------------- .../flavors/swift-code-quality-check.yml | 122 ------------- .../flavors/terraform-code-quality-check.yml | 122 ------------- .../flavors/terraformg-code-quality-check.yml | 164 ------------------ .github/workflows/prepare-flavours.yml | 36 ++-- README.md | 4 +- ...uality-check.yml => code-quality-check.yml | 2 +- 21 files changed, 27 insertions(+), 2253 deletions(-) delete mode 100644 .github/workflows/flavors/ci_light-code-quality-check.yml delete mode 100644 .github/workflows/flavors/cupcake-code-quality-check.yml delete mode 100644 .github/workflows/flavors/documentation-code-quality-check.yml delete mode 100644 .github/workflows/flavors/dotnet-code-quality-check.yml delete mode 100644 .github/workflows/flavors/dotnetweb-code-quality-check.yml delete mode 100644 .github/workflows/flavors/formatters-code-quality-check.yml delete mode 100644 .github/workflows/flavors/go-code-quality-check.yml delete mode 100644 .github/workflows/flavors/java-code-quality-check.yml delete mode 100644 .github/workflows/flavors/javascript-code-quality-check.yml delete mode 100644 .github/workflows/flavors/php-code-quality-check.yml delete mode 100644 .github/workflows/flavors/python-code-quality-check.yml delete mode 100644 .github/workflows/flavors/ruby-code-quality-check.yml delete mode 100644 .github/workflows/flavors/rust-code-quality-check.yml delete mode 100644 .github/workflows/flavors/salesforce-code-quality-check.yml delete mode 100644 .github/workflows/flavors/security-code-quality-check.yml delete mode 100644 .github/workflows/flavors/swift-code-quality-check.yml delete mode 100644 .github/workflows/flavors/terraform-code-quality-check.yml delete mode 100644 .github/workflows/flavors/terraformg-code-quality-check.yml rename .github/workflows/flavors/c_cpp-code-quality-check.yml => code-quality-check.yml (98%) diff --git a/.github/workflows/flavors/ci_light-code-quality-check.yml b/.github/workflows/flavors/ci_light-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/ci_light-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/cupcake-code-quality-check.yml b/.github/workflows/flavors/cupcake-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/cupcake-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/documentation-code-quality-check.yml b/.github/workflows/flavors/documentation-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/documentation-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/dotnet-code-quality-check.yml b/.github/workflows/flavors/dotnet-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/dotnet-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/dotnetweb-code-quality-check.yml b/.github/workflows/flavors/dotnetweb-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/dotnetweb-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/formatters-code-quality-check.yml b/.github/workflows/flavors/formatters-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/formatters-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/go-code-quality-check.yml b/.github/workflows/flavors/go-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/go-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/java-code-quality-check.yml b/.github/workflows/flavors/java-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/java-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/javascript-code-quality-check.yml b/.github/workflows/flavors/javascript-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/javascript-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/php-code-quality-check.yml b/.github/workflows/flavors/php-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/php-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/python-code-quality-check.yml b/.github/workflows/flavors/python-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/python-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/ruby-code-quality-check.yml b/.github/workflows/flavors/ruby-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/ruby-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/rust-code-quality-check.yml b/.github/workflows/flavors/rust-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/rust-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/salesforce-code-quality-check.yml b/.github/workflows/flavors/salesforce-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/salesforce-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/security-code-quality-check.yml b/.github/workflows/flavors/security-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/security-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/swift-code-quality-check.yml b/.github/workflows/flavors/swift-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/swift-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/terraform-code-quality-check.yml b/.github/workflows/flavors/terraform-code-quality-check.yml deleted file mode 100644 index 5ca3d42..0000000 --- a/.github/workflows/flavors/terraform-code-quality-check.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/flavors/terraformg-code-quality-check.yml b/.github/workflows/flavors/terraformg-code-quality-check.yml deleted file mode 100644 index efe63b1..0000000 --- a/.github/workflows/flavors/terraformg-code-quality-check.yml +++ /dev/null @@ -1,164 +0,0 @@ -name: Code Quality -# Workflow to check if project meets the code quality standards of the Biosustain group - -on: - workflow_call: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - To pass all environment variables, use toJson(env) - required: false - default: "{}" # Empty JSON object - type: string - FLAVOR: - description: | - You can override MegaLinter flavor used to have faster performances - More info at https://megalinter.io/flavors/ - required: false - default: all - type: string - workflow_dispatch: - inputs: - JSON_ENV: - description: | - JSON string with environment variables to pass to the mega-linter. - required: false - default: "{}" # Empty JSON object - type: string - FLAVOR: - description: | - You can override MegaLinter flavor used to have faster performances - More info at https://megalinter.io/flavors/ - required: false - default: all - type: choice - options: - - all - - c_cpp - - ci_light - - cupcake - - documentation - - dotnet - - dotnetweb - - formatters - - go - - java - - javascript - - php - - python - - ruby - - rust - - salesforce - - security - - swift - - terraformg - - # Trigger the workflow also on push or pull request in this repository - push: - branches: - - main - pull_request: - branches: - - main - -# Give the default GITHUB_TOKEN write permission to commit and push, comment -# issues & post new PR; remove the ones you do not need -permissions: - security-events: write - actions: read # Needed to run codeql/upload-sarif@v3 - contents: write - issues: write - pull-requests: write - statuses: write - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -env: - MEGALINT_VERSION: v7.10.0 # Cannot pin this version since we use multiple flavors - MEGALINT_FLAVOR: ${{ (inputs.FLAVOR && inputs.FLAVOR != 'all') && format('/flavors/{0}', inputs.FLAVOR) || '' }} - -jobs: - check-code-quality: - name: Run MegaLinter to check code quality - runs-on: ubuntu-latest - - steps: - - name: Load configuration - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: biosustain/code-quality-check - path: config - - - name: Checkout Code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - path: code - fetch-depth: 0 - - - name: Set config path environment variables - env: - JSON_ENV: ${{ inputs.JSON_ENV }} - run: | - # Set the environment variables for the MegaLinter - echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" - # Extend the configuration file if it exists, else use default - if [ -f code/.mega-linter.yml ]; then - # This cannot be set is there is no .mega-linter.yml in project - echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - else - echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" - fi - - # MegaLinter - - name: MegaLinter - uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1 - id: ml - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - - # Define the reporters used in this action (not overrideable) - SARIF_REPORTER: true - MARKDOWN_SUMMARY_REPORTER: true - - GITHUB_WORKSPACE: ${{ github.workspace }}/code - DEFAULT_WORKSPACE: ${{ github.workspace }}/code - - # Validates all source when push on main, else just the git diff with - # main. - VALIDATE_ALL_CODEBASE: > - ${{ - github.event_name == 'push' && - contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) - }} - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - # You can override MegaLinter flavor used to have faster performances - # More info at https://megalinter.io/flavors/ - uses: oxsecurity/megalinter/flavors/${flavor}${{ env.MEGALINT_FLAVOR }}@${{ env.MEGALINT_VERSION }} - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - - name: Upload MegaLinter scan results to GitHub Security tab - continue-on-error: true # This might error if github advanced security is not enabled - if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - with: - sarif_file: "megalinter-reports/megalinter-report.sarif" - - - name: Show report in job summary - if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran - run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/.github/workflows/prepare-flavours.yml b/.github/workflows/prepare-flavours.yml index 5977433..ed2a9d3 100644 --- a/.github/workflows/prepare-flavours.yml +++ b/.github/workflows/prepare-flavours.yml @@ -1,4 +1,4 @@ -name: Update flavours +name: Update workflows on: workflow_dispatch: @@ -7,20 +7,18 @@ on: - main paths: - ".github/workflows/code-quality-check.yml" - - ".github/workflows/flavors/**" - - ".github/workflows/prepare-flavours.yml" - - "bin/prepare-flavors.sh" + - "flavors/*.yml" + - "code-quality-check.yml" permissions: contents: write - workflows: write concurrency: group: ${{ github.ref }}-${{ github.workflow }} jobs: - update-flavours: - name: Update flavours code quality checks + update-workflows: + name: Update external code quality workflow runs-on: ubuntu-latest steps: - name: Checkout Code @@ -28,19 +26,33 @@ jobs: with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + - name: Update core workflow + run: | + cp .github/workflows/code-quality-check.yml . + - name: Update flavours code quality checks run: | - mkdir -p .github/workflows/flavors + mkdir -p flavors for flavor in c_cpp ci_light cupcake documentation dotnet dotnetweb formatters go java javascript php python ruby rust salesforce security swift terraform do echo "::group::${flavor}" - sed -e "s|oxsecurity/megalinter|oxsecurity/megalinter/flavors/${flavor}|" .github/workflows/code-quality-check.yml > .github/workflows/flavors/${flavor}-code-quality-check.yml - echo "Updated .github/workflows/flavors/${flavor}-code-quality-check.yml" + sed -e "s|oxsecurity/megalinter|oxsecurity/megalinter/flavors/${flavor}|" .github/workflows/code-quality-check.yml > flavors/${flavor}-code-quality-check.yml + echo "Updated flavors/${flavor}-code-quality-check.yml" echo "::endgroup::" done - - name: Commit report + - name: Check for changes + id: check_changes + run: | + if [[ -n $(git status --porcelain) ]]; then + echo "changes=true" >> "$GITHUB_OUTPUT"; + fi + + - name: Commit updated workflows + if: steps.check_changes.outputs.changes run: | git config user.name "github-actions[bot]" git config user.email "${{ github.workflow }}+github-actions[bot]@users.noreply.github.com" - git diff --exit-code || git commit -am "Automated report" && git push + git add . + git commit -m "Autogenerated workflows update" + git push diff --git a/README.md b/README.md index 148d605..3e19927 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ on: jobs: code-quality-check: name: Code quality check - uses: biosustain/code-quality-check/.github/workflows/code-quality-check.yml@latest + uses: biosustain/code-quality-check/code-quality-check.yml@latest ``` Alternatively, for better performance one can use specific [megalinter flavour](https://megalinter.io/latest/flavors/). @@ -34,5 +34,5 @@ on: jobs: code-quality-check: name: Code quality check - uses: biosustain/code-quality-check/.github/workflows/flavors/python-code-quality-check.yml@latest + uses: biosustain/code-quality-check/flavors/python-code-quality-check.yml@latest ``` diff --git a/.github/workflows/flavors/c_cpp-code-quality-check.yml b/code-quality-check.yml similarity index 98% rename from .github/workflows/flavors/c_cpp-code-quality-check.yml rename to code-quality-check.yml index 5ca3d42..2bd76e4 100644 --- a/.github/workflows/flavors/c_cpp-code-quality-check.yml +++ b/code-quality-check.yml @@ -77,7 +77,7 @@ jobs: # MegaLinter - name: MegaLinter - uses: oxsecurity/megalinter/flavors/${flavor}@v7.10.0 + uses: oxsecurity/megalinter@v7.10.0 id: ml env: # All available variables are described in documentation From 9e4284eceb22db95eafcc67226ddfee279552585 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 21 Aug 2024 14:20:15 +0000 Subject: [PATCH 2/2] Autogenerated workflows update --- flavors/c_cpp-code-quality-check.yml | 122 +++++++++++++++++++ flavors/ci_light-code-quality-check.yml | 122 +++++++++++++++++++ flavors/cupcake-code-quality-check.yml | 122 +++++++++++++++++++ flavors/documentation-code-quality-check.yml | 122 +++++++++++++++++++ flavors/dotnet-code-quality-check.yml | 122 +++++++++++++++++++ flavors/dotnetweb-code-quality-check.yml | 122 +++++++++++++++++++ flavors/formatters-code-quality-check.yml | 122 +++++++++++++++++++ flavors/go-code-quality-check.yml | 122 +++++++++++++++++++ flavors/java-code-quality-check.yml | 122 +++++++++++++++++++ flavors/javascript-code-quality-check.yml | 122 +++++++++++++++++++ flavors/php-code-quality-check.yml | 122 +++++++++++++++++++ flavors/python-code-quality-check.yml | 122 +++++++++++++++++++ flavors/ruby-code-quality-check.yml | 122 +++++++++++++++++++ flavors/rust-code-quality-check.yml | 122 +++++++++++++++++++ flavors/salesforce-code-quality-check.yml | 122 +++++++++++++++++++ flavors/security-code-quality-check.yml | 122 +++++++++++++++++++ flavors/swift-code-quality-check.yml | 122 +++++++++++++++++++ flavors/terraform-code-quality-check.yml | 122 +++++++++++++++++++ 18 files changed, 2196 insertions(+) create mode 100644 flavors/c_cpp-code-quality-check.yml create mode 100644 flavors/ci_light-code-quality-check.yml create mode 100644 flavors/cupcake-code-quality-check.yml create mode 100644 flavors/documentation-code-quality-check.yml create mode 100644 flavors/dotnet-code-quality-check.yml create mode 100644 flavors/dotnetweb-code-quality-check.yml create mode 100644 flavors/formatters-code-quality-check.yml create mode 100644 flavors/go-code-quality-check.yml create mode 100644 flavors/java-code-quality-check.yml create mode 100644 flavors/javascript-code-quality-check.yml create mode 100644 flavors/php-code-quality-check.yml create mode 100644 flavors/python-code-quality-check.yml create mode 100644 flavors/ruby-code-quality-check.yml create mode 100644 flavors/rust-code-quality-check.yml create mode 100644 flavors/salesforce-code-quality-check.yml create mode 100644 flavors/security-code-quality-check.yml create mode 100644 flavors/swift-code-quality-check.yml create mode 100644 flavors/terraform-code-quality-check.yml diff --git a/flavors/c_cpp-code-quality-check.yml b/flavors/c_cpp-code-quality-check.yml new file mode 100644 index 0000000..4fa5359 --- /dev/null +++ b/flavors/c_cpp-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/c_cpp@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/ci_light-code-quality-check.yml b/flavors/ci_light-code-quality-check.yml new file mode 100644 index 0000000..7c540b2 --- /dev/null +++ b/flavors/ci_light-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/ci_light@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/cupcake-code-quality-check.yml b/flavors/cupcake-code-quality-check.yml new file mode 100644 index 0000000..f5c4d98 --- /dev/null +++ b/flavors/cupcake-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/cupcake@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/documentation-code-quality-check.yml b/flavors/documentation-code-quality-check.yml new file mode 100644 index 0000000..19cdc63 --- /dev/null +++ b/flavors/documentation-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/documentation@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/dotnet-code-quality-check.yml b/flavors/dotnet-code-quality-check.yml new file mode 100644 index 0000000..2b646e6 --- /dev/null +++ b/flavors/dotnet-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/dotnet@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/dotnetweb-code-quality-check.yml b/flavors/dotnetweb-code-quality-check.yml new file mode 100644 index 0000000..5ca3af2 --- /dev/null +++ b/flavors/dotnetweb-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/dotnetweb@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/formatters-code-quality-check.yml b/flavors/formatters-code-quality-check.yml new file mode 100644 index 0000000..b4aaf66 --- /dev/null +++ b/flavors/formatters-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/formatters@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/go-code-quality-check.yml b/flavors/go-code-quality-check.yml new file mode 100644 index 0000000..a107f64 --- /dev/null +++ b/flavors/go-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/go@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/java-code-quality-check.yml b/flavors/java-code-quality-check.yml new file mode 100644 index 0000000..6e93a50 --- /dev/null +++ b/flavors/java-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/java@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/javascript-code-quality-check.yml b/flavors/javascript-code-quality-check.yml new file mode 100644 index 0000000..21d8649 --- /dev/null +++ b/flavors/javascript-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/javascript@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/php-code-quality-check.yml b/flavors/php-code-quality-check.yml new file mode 100644 index 0000000..63fba68 --- /dev/null +++ b/flavors/php-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/php@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/python-code-quality-check.yml b/flavors/python-code-quality-check.yml new file mode 100644 index 0000000..09fa0db --- /dev/null +++ b/flavors/python-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/python@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/ruby-code-quality-check.yml b/flavors/ruby-code-quality-check.yml new file mode 100644 index 0000000..7376b0c --- /dev/null +++ b/flavors/ruby-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/ruby@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/rust-code-quality-check.yml b/flavors/rust-code-quality-check.yml new file mode 100644 index 0000000..0bbdff7 --- /dev/null +++ b/flavors/rust-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/rust@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/salesforce-code-quality-check.yml b/flavors/salesforce-code-quality-check.yml new file mode 100644 index 0000000..fb79199 --- /dev/null +++ b/flavors/salesforce-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/salesforce@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/security-code-quality-check.yml b/flavors/security-code-quality-check.yml new file mode 100644 index 0000000..f738f60 --- /dev/null +++ b/flavors/security-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/security@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/swift-code-quality-check.yml b/flavors/swift-code-quality-check.yml new file mode 100644 index 0000000..9b25789 --- /dev/null +++ b/flavors/swift-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/swift@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md diff --git a/flavors/terraform-code-quality-check.yml b/flavors/terraform-code-quality-check.yml new file mode 100644 index 0000000..80d22dd --- /dev/null +++ b/flavors/terraform-code-quality-check.yml @@ -0,0 +1,122 @@ +name: Code Quality +# Workflow to check if project meets the code quality standards of the Biosustain group + +on: + workflow_call: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + To pass all environment variables, use toJson(env) + required: false + default: "{}" # Empty JSON object + type: string + workflow_dispatch: + inputs: + JSON_ENV: + description: | + JSON string with environment variables to pass to the mega-linter. + required: false + default: "{}" # Empty JSON object + type: string + + # Trigger the workflow also on push or pull request in this repository + push: + branches: + - main + pull_request: + branches: + - main + +# Give the default GITHUB_TOKEN write permission to commit and push, comment +# issues & post new PR; remove the ones you do not need +permissions: + security-events: write + actions: read # Needed to run codeql/upload-sarif@v3 + contents: write + issues: write + pull-requests: write + statuses: write + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + check-code-quality: + name: Run MegaLinter to check code quality + runs-on: ubuntu-latest + + steps: + - name: Load configuration + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + repository: biosustain/code-quality-check + path: config + + - name: Checkout Code + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + path: code + fetch-depth: 0 + + - name: Set config path environment variables + env: + JSON_ENV: ${{ inputs.JSON_ENV }} + run: | + # Set the environment variables for the MegaLinter + echo "$JSON_ENV" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" | tee -a "$GITHUB_ENV" + # Extend the configuration file if it exists, else use default + if [ -f code/.mega-linter.yml ]; then + # This cannot be set is there is no .mega-linter.yml in project + echo 'EXTENDS=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + else + echo 'MEGALINTER_CONFIG=../config/.mega-linter.yml' | tee -a "$GITHUB_ENV" + fi + + # MegaLinter + - name: MegaLinter + uses: oxsecurity/megalinter/flavors/terraform@v7.10.0 + id: ml + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + + # Define the reporters used in this action (not overrideable) + SARIF_REPORTER: true + MARKDOWN_SUMMARY_REPORTER: true + + GITHUB_WORKSPACE: ${{ github.workspace }}/code + DEFAULT_WORKSPACE: ${{ github.workspace }}/code + + # Validates all source when push on main, else just the git diff with + # main. + VALIDATE_ALL_CODEBASE: > + ${{ + github.event_name == 'push' && + contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref) + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Upload MegaLinter artifacts + - name: Archive production artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + - name: Upload MegaLinter scan results to GitHub Security tab + continue-on-error: true # This might error if github advanced security is not enabled + if: always() && (steps.ml.outcome == 'failure') # Only upload if MegaLinter failed + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + with: + sarif_file: "megalinter-reports/megalinter-report.sarif" + + - name: Show report in job summary + if: always() && (steps.ml.outcome == 'success' || steps.ml.outcome == 'failure') # Only show if MegaLinter ran + run: tee "$GITHUB_STEP_SUMMARY" < megalinter-reports/megalinter-report.md