From 9cc5e47045a12bf54936684e9143fb17d1bc5d9e Mon Sep 17 00:00:00 2001
From: Jazzlyn <9011011+jazzlyn@users.noreply.github.com>
Date: Sun, 9 Feb 2025 16:10:15 +0100
Subject: [PATCH 1/2] feat(megalinter): add megalinter workflow

---
 .github/workflows/mega-linter.yaml | 51 ++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 .github/workflows/mega-linter.yaml

diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml
new file mode 100644
index 0000000..94a96e1
--- /dev/null
+++ b/.github/workflows/mega-linter.yaml
@@ -0,0 +1,51 @@
+---
+name: megalinter
+
+on:
+  workflow_call:
+    inputs:
+      runner:
+        description: runner name
+        type: string
+        default: ubuntu-latest
+        required: false
+      flavor:
+        description: flavor
+        type: string
+        default: null
+        required: false
+
+jobs:
+  build:
+    runs-on: ${{ inputs.runner }}
+    steps:
+      # https://github.com/marketplace/actions/harden-runner
+      - name: harden runner
+        uses: step-security/harden-runner@v2.10.3
+        with:
+          egress-policy: audit
+
+      # https://github.com/marketplace/actions/create-github-app-token
+      - name: generate token
+        id: generate-token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        with:
+          app-id: ${{ secrets.github-app-id }}
+          private-key: ${{ secrets.github-app-key }}
+
+      # https://github.com/marketplace/actions/checkout
+      - name: checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # TODO: setup megalinter for each flavor and run based on inputs.flavor
+      # https://github.com/marketplace/actions/megalinter
+      - name: MegaLinter
+        uses: oxsecurity/megalinter/flavors/terraform@c217fe8f7bc9207062a084e989bd97efd56e7b9a # v8.0.0
+        env:
+          VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }}
+          GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
+          # GITHUB_STATUS_REPORTER only works if VALIDATE_ALL_CODEBASE is false!
+          GITHUB_STATUS_REPORTER: true
+          REPORTERS_MARKDOWN_TYPE: simple
+          SHOW_ELAPSED_TIME: false
+          SHOW_SKIPPED_LINTERS: true

From 8dbafffcb8683b527aa90ba5bfc34bbe57861118 Mon Sep 17 00:00:00 2001
From: Jazzlyn <9011011+jazzlyn@users.noreply.github.com>
Date: Tue, 17 Jun 2025 20:53:46 +0200
Subject: [PATCH 2/2] feat(megalinter): adapt flavors

---
 .github/workflows/mega-linter.yaml | 83 ++++++++++++++++++++++++------
 1 file changed, 68 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml
index 94a96e1..322a222 100644
--- a/.github/workflows/mega-linter.yaml
+++ b/.github/workflows/mega-linter.yaml
@@ -12,23 +12,32 @@ on:
       flavor:
         description: flavor
         type: string
-        default: null
+        default: ""
+        required: false
+      log-level:
+        description: log-level
+        type: string
+        default: info
         required: false
 
 jobs:
-  build:
+  megalinter:
     runs-on: ${{ inputs.runner }}
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
     steps:
       # https://github.com/marketplace/actions/harden-runner
       - name: harden runner
-        uses: step-security/harden-runner@v2.10.3
+        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
         with:
           egress-policy: audit
 
       # https://github.com/marketplace/actions/create-github-app-token
       - name: generate token
         id: generate-token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         with:
           app-id: ${{ secrets.github-app-id }}
           private-key: ${{ secrets.github-app-key }}
@@ -37,15 +46,59 @@ jobs:
       - name: checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      # TODO: setup megalinter for each flavor and run based on inputs.flavor
       # https://github.com/marketplace/actions/megalinter
-      - name: MegaLinter
-        uses: oxsecurity/megalinter/flavors/terraform@c217fe8f7bc9207062a084e989bd97efd56e7b9a # v8.0.0
-        env:
-          VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }}
-          GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
-          # GITHUB_STATUS_REPORTER only works if VALIDATE_ALL_CODEBASE is false!
-          GITHUB_STATUS_REPORTER: true
-          REPORTERS_MARKDOWN_TYPE: simple
-          SHOW_ELAPSED_TIME: false
-          SHOW_SKIPPED_LINTERS: true
+      - name: megalinter cupcake
+        uses: oxsecurity/megalinter/flavors/cupcake@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'cupcake'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter documentation
+        uses: oxsecurity/megalinter/flavors/documentation@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'documentation'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter go
+        uses: oxsecurity/megalinter/flavors/go@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'go'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter javascript
+        uses: oxsecurity/megalinter/flavors/javascript@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'javascript'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter python
+        uses: oxsecurity/megalinter/flavors/python@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'python'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter security
+        uses: oxsecurity/megalinter/flavors/security@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'security'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter terraform
+        uses: oxsecurity/megalinter/flavors/terraform@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == 'terraform'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: megalinter full
+        uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        if: inputs.flavor == '' || inputs.flavor == 'full'
+        env:
+          LOG_LEVEL: ${{ inputs.log-level || 'info' }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}