diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml new file mode 100644 index 0000000..322a222 --- /dev/null +++ b/.github/workflows/mega-linter.yaml @@ -0,0 +1,104 @@ +--- +name: megalinter + +on: + workflow_call: + inputs: + runner: + description: runner name + type: string + default: ubuntu-latest + required: false + flavor: + description: flavor + type: string + default: "" + required: false + log-level: + description: log-level + type: string + default: info + required: false + +jobs: + megalinter: + runs-on: ${{ inputs.runner }} + permissions: + contents: write + issues: write + pull-requests: write + steps: + # https://github.com/marketplace/actions/harden-runner + - name: harden runner + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + with: + egress-policy: audit + + # https://github.com/marketplace/actions/create-github-app-token + - name: generate token + id: generate-token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + with: + app-id: ${{ secrets.github-app-id }} + private-key: ${{ secrets.github-app-key }} + + # https://github.com/marketplace/actions/checkout + - name: checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + # https://github.com/marketplace/actions/megalinter + - name: megalinter cupcake + uses: oxsecurity/megalinter/flavors/cupcake@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'cupcake' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter documentation + uses: oxsecurity/megalinter/flavors/documentation@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'documentation' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter go + uses: oxsecurity/megalinter/flavors/go@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'go' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter javascript + uses: oxsecurity/megalinter/flavors/javascript@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'javascript' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter python + uses: oxsecurity/megalinter/flavors/python@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'python' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter security + uses: oxsecurity/megalinter/flavors/security@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'security' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter terraform + uses: oxsecurity/megalinter/flavors/terraform@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == 'terraform' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: megalinter full + uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + if: inputs.flavor == '' || inputs.flavor == 'full' + env: + LOG_LEVEL: ${{ inputs.log-level || 'info' }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}