Skip to content

CI: Free disk space earlier (#3009) #892

CI: Free disk space earlier (#3009)

CI: Free disk space earlier (#3009) #892

---
#########################
#########################
## Deploy Docker Image Flavors ##
#########################
#########################
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
#######################################
# Start the job on all push to main #
#######################################
name: "Build & Deploy - BETA linters"
on:
push:
branches:
- "main"
paths:
- ".github/workflows/**"
- "Dockerfile"
- "**/Dockerfile"
- "flavors/**"
- "megalinter/**"
- "mega-linter-runner/**"
- "**/linter-versions.json"
- "TEMPLATES/**"
- ".trivyignore"
- "**/*.sh"
- "**/*.py"
- "**/sh/**"
###############
# Set the Job #
###############
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
prepare:
name: Prepare matrix
runs-on: ubuntu-latest
if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy') && !contains(github.event.head_commit.message, 'Release MegaLinter v')
steps:
- name: Build unique image name for beta
shell: bash
run: echo "UNIQUE_DOCKER_IMAGE_NAME=$(echo beta_$(date '+%Y%m%d-%H%M'))" >> $GITHUB_ENV
- name: Prepare result is ${{ env.UNIQUE_DOCKER_IMAGE_NAME }}
shell: bash
run: echo ${{ env.UNIQUE_DOCKER_IMAGE_NAME }}
outputs:
unique_docker_image_name: "${{ env.UNIQUE_DOCKER_IMAGE_NAME }}"
build:
needs: prepare
# Name the Job
name: Deploy Docker Image - Beta - Linters
# Set the agent to run on
runs-on: ${{ matrix.os }}
permissions:
packages: write
environment:
name: beta
strategy:
fail-fast: false
max-parallel: 10
matrix:
os: [ubuntu-latest]
# linters-start
linter:
[
"action_actionlint",
"ansible_ansible_lint",
"arm_arm_ttk",
"bash_exec",
"bash_shellcheck",
"bash_shfmt",
"bicep_bicep_linter",
"c_cpplint",
"clojure_clj_kondo",
"clojure_cljstyle",
"cloudformation_cfn_lint",
"coffee_coffeelint",
"copypaste_jscpd",
"cpp_cpplint",
"csharp_dotnet_format",
"csharp_csharpier",
"css_stylelint",
"css_scss_lint",
"dart_dartanalyzer",
"dockerfile_hadolint",
"editorconfig_editorconfig_checker",
"env_dotenv_linter",
"gherkin_gherkin_lint",
"go_golangci_lint",
"go_revive",
"graphql_graphql_schema_linter",
"groovy_npm_groovy_lint",
"html_djlint",
"html_htmlhint",
"java_checkstyle",
"java_pmd",
"javascript_es",
"javascript_standard",
"javascript_prettier",
"json_jsonlint",
"json_eslint_plugin_jsonc",
"json_v8r",
"json_prettier",
"json_npm_package_json_lint",
"jsx_eslint",
"kotlin_ktlint",
"kubernetes_kubeconform",
"kubernetes_helm",
"kubernetes_kubescape",
"latex_chktex",
"lua_luacheck",
"makefile_checkmake",
"markdown_markdownlint",
"markdown_remark_lint",
"markdown_markdown_link_check",
"markdown_markdown_table_formatter",
"openapi_spectral",
"perl_perlcritic",
"php_phpcs",
"php_phpstan",
"php_psalm",
"php_phplint",
"powershell_powershell",
"powershell_powershell_formatter",
"protobuf_protolint",
"puppet_puppet_lint",
"python_pylint",
"python_black",
"python_flake8",
"python_isort",
"python_bandit",
"python_mypy",
"python_pyright",
"python_ruff",
"r_lintr",
"raku_raku",
"repository_checkov",
"repository_devskim",
"repository_dustilock",
"repository_git_diff",
"repository_gitleaks",
"repository_grype",
"repository_kics",
"repository_secretlint",
"repository_semgrep",
"repository_syft",
"repository_trivy",
"repository_trivy_sbom",
"repository_trufflehog",
"rst_rst_lint",
"rst_rstcheck",
"rst_rstfmt",
"ruby_rubocop",
"rust_clippy",
"salesforce_sfdx_scanner_apex",
"salesforce_sfdx_scanner_aura",
"salesforce_sfdx_scanner_lwc",
"scala_scalafix",
"snakemake_lint",
"snakemake_snakefmt",
"spell_cspell",
"spell_proselint",
"spell_vale",
"spell_lychee",
"sql_sql_lint",
"sql_sqlfluff",
"sql_tsqllint",
"swift_swiftlint",
"tekton_tekton_lint",
"terraform_tflint",
"terraform_terrascan",
"terraform_terragrunt",
"terraform_terraform_fmt",
"tsx_eslint",
"typescript_es",
"typescript_standard",
"typescript_prettier",
"vbdotnet_dotnet_format",
"xml_xmllint",
"yaml_prettier",
"yaml_yamllint",
"yaml_v8r",
]
# linters-end
# Only run this on the main repo
if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy') && !contains(github.event.head_commit.message, 'Release MegaLinter v')
##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get current date
run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
- name: Build Image
uses: docker/build-push-action@v5
with:
context: .
file: linters/${{ matrix.linter }}/Dockerfile
platforms: linux/amd64
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=beta
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
oxsecurity/megalinter-only-${{ matrix.linter }}:beta
oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.unique_docker_image_name }}
ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:beta
ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.unique_docker_image_name }}
#####################################
# Run Linter test cases #
#####################################
- name: Run Test Cases
shell: bash
run: |
GITHUB_REPOSITORY=$([ "${{ github.event_name }}" == "pull_request" ] && echo "${{ github.event.pull_request.head.repo.full_name }}" || echo "${{ github.repository }}")
GITHUB_BRANCH=$([ "${{ github.event_name }}" == "pull_request" ] && echo "${{ github.head_ref }}" || echo "${{ github.ref_name }}")
TEST_KEYWORDS_TO_USE_UPPER="${{ matrix.linter }}"
TEST_KEYWORDS_TO_USE="${TEST_KEYWORDS_TO_USE_UPPER,,}"
docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter-only-${{ matrix.linter }}:beta
timeout-minutes: 30
##############################################
# Check Docker image security with Trivy #
##############################################
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:beta'
format: 'table'
exit-code: '1'
ignore-unfixed: true
scanners: vuln
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: 10m0s