├── .github ├── linters │ ├── .markdown-lint.yml │ └── .yaml-lint.yml ├── dependabot.yml └── workflows │ ├── call-local-super-linter.yaml │ └── reusable-super-linter.yaml ├── LICENSE ├── templates └── call-super-linter.yaml └── README.md /.github/linters/.markdown-lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # MD013/line-length - Line length 3 | MD013: 4 | # Number of characters, default is 80 5 | line_length: 9999 6 | # check code blocks? 7 | code_blocks: false 8 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # To get started with Dependabot version updates, you'll need to specify which 3 | # package ecosystems to update and where the package manifests are located. 4 | # Please see the documentation for all configuration options: 5 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 6 | 7 | version: 2 8 | updates: 9 | # Maintain dependencies for GitHub Actions 10 | - package-ecosystem: "github-actions" 11 | directory: "/" 12 | schedule: 13 | interval: "daily" 14 | -------------------------------------------------------------------------------- /.github/workflows/call-local-super-linter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # THIS IS NOT A TEMPLATE. 3 | # This is just for linting the gha-workflows repo itself. 4 | # We call the reusable workflow from its file path. 5 | 6 | name: Lint 7 | 8 | on: 9 | push: 10 | branches: 11 | - main 12 | 13 | pull_request: 14 | 15 | # cancel any previously-started, yet still active runs of this workflow on the same branch 16 | concurrency: 17 | group: ${{ github.ref }}-${{ github.workflow }} 18 | cancel-in-progress: true 19 | 20 | # reset permsissions to none at the workflow level 21 | # we'll set them at the job level below 22 | permissions: {} 23 | 24 | jobs: 25 | call-super-linter: 26 | name: Call Super-Linter 27 | 28 | permissions: 29 | contents: read # clone the repo to lint 30 | statuses: write #read/write to repo custom statuses 31 | 32 | uses: ./.github/workflows/reusable-super-linter.yaml 33 | with: 34 | # for a sample repo, avoid picking on the Dockerfile 35 | extra-envs: | 36 | VALIDATE_TRIVY=false 37 | VALIDATE_DOCKERFILE_HADOLINT=false 38 | # For a DevOps-focused repository. Prevents some code-language linters from running 39 | devops-only: true 40 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /.github/linters/.yaml-lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########################################### 3 | # These are the rules used for # 4 | # linting all the yaml files in the stack # 5 | # NOTE: # 6 | # You can disable line with: # 7 | # # yamllint disable-line # 8 | ########################################### 9 | rules: 10 | braces: 11 | level: warning 12 | min-spaces-inside: 0 13 | max-spaces-inside: 0 14 | min-spaces-inside-empty: 1 15 | max-spaces-inside-empty: 5 16 | brackets: 17 | level: warning 18 | min-spaces-inside: 0 19 | max-spaces-inside: 0 20 | min-spaces-inside-empty: 1 21 | max-spaces-inside-empty: 5 22 | colons: 23 | level: warning 24 | max-spaces-before: 0 25 | max-spaces-after: 1 26 | commas: 27 | level: warning 28 | max-spaces-before: 0 29 | min-spaces-after: 1 30 | max-spaces-after: 1 31 | comments: disable 32 | comments-indentation: disable 33 | document-end: disable 34 | document-start: disable 35 | empty-lines: 36 | level: warning 37 | max: 2 38 | max-start: 0 39 | max-end: 0 40 | hyphens: 41 | level: warning 42 | max-spaces-after: 1 43 | indentation: 44 | level: warning 45 | spaces: consistent 46 | indent-sequences: true 47 | check-multi-line-strings: false 48 | key-duplicates: enable 49 | line-length: disable 50 | new-line-at-end-of-file: disable 51 | new-lines: 52 | type: unix 53 | trailing-spaces: disable 54 | -------------------------------------------------------------------------------- /templates/call-super-linter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # template source: https://github.com/bretfisher/super-linter-workflow/blob/main/templates/call-super-linter.yaml 3 | name: Lint Code Base 4 | 5 | on: 6 | # run anytime a PR is merged to main or a direct push to main 7 | push: 8 | branches: [main] 9 | 10 | # run on any push to a PR branch 11 | pull_request: 12 | 13 | # cancel any previously-started, yet still active runs of this workflow on the same branch 14 | concurrency: 15 | group: ${{ github.ref }}-${{ github.workflow }} 16 | cancel-in-progress: true 17 | 18 | # reset permsissions to none at the workflow level 19 | # we'll set them at the job level below 20 | permissions: {} 21 | 22 | jobs: 23 | call-super-linter: 24 | name: Call Super-Linter 25 | 26 | permissions: 27 | contents: read # clone the repo to lint 28 | statuses: write # read/write to repo custom statuses 29 | 30 | ### use Reusable Workflows to call my workflow remotely 31 | ### https://docs.github.com/en/actions/learn-github-actions/reusing-workflows 32 | ### you can also call workflows from inside the same repo via file path 33 | 34 | # FIXME: customize uri to point to your own reusable linter repository 35 | uses: bretfisher/super-linter-workflow/.github/workflows/reusable-super-linter.yaml@main 36 | 37 | ### Optional settings examples 38 | 39 | # with: 40 | ### For a DevOps-focused repository. Prevents some code-language linters from running 41 | ### defaults to false 42 | # devops-only: false 43 | 44 | ### A regex to exclude files from linting 45 | ### defaults to empty 46 | # filter-regex-exclude: html/.* 47 | # 48 | ### Additional environment variables to pass to super-linter (one per line) 49 | # extra-envs: | 50 | # VALIDATE_DOCKERFILE=false 51 | # VALIDATE_JSCPD=false 52 | # VALIDATE_TRIVY=false 53 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Super Linter Reusable Workflow Examples 2 | 3 | The GitHub [Super-Linter](https://github.com/marketplace/actions/super-linter) project is a fantastic way to lint all your file types with a single GitHub Actions Workflow. A great way to implement it everywhere is to use GHA's [Reusable Workflows](https://docs.github.com/en/actions/learn-github-actions/reusing-workflows) (see below). 4 | 5 | [My video walkthrough of this repository](https://youtu.be/aXZgQM8DqXg) 6 | 7 | ## Features of this custom Super-Linter example 8 | 9 | - All the features of [Super-Linter](https://github.com/marketplace/actions/super-linter) in a _Reusable_ Workflow. 10 | - Bonus: Optionally turn off non-DevOps linters (CSS, JS, HTML, etc.) when you want to ignore code (in my case it's to ignore sample code I stick in DevOps projects). 11 | - Bonus: I added Job steps to correctly determine which branch to diff files with (in the case of having multiple release branches). 12 | - Bonus: Lints only changed files on a PR, but lints all files on merge to main (or any release) branch. 13 | 14 | > ⚠️ **DO NOT call this reusable workflow directly**, rather, use it as a template repository and fork it for your own reusable workflow. I might change this workflow at anytime, based on new GHA features or learnings, and your calling workflow might break. ⚠️ 15 | 16 | ## How to reuse this example as a _Reusable_ Workflow 17 | 18 | 1. Fork this repository for you to customize your linters in a single location for your org/projects. 19 | 2. Add a new workflow to all your other repositories and paste in this YAML to call the central-repos reusable workflow. 20 | 21 | ```yaml 22 | --- 23 | # template source: https://github.com/bretfisher/super-linter-workflow/blob/main/templates/call-super-linter.yaml 24 | name: Lint Code Base 25 | 26 | on: 27 | # run anytime a PR is merged to main or a direct push to main 28 | push: 29 | branches: [main] 30 | 31 | # run on any push to a PR branch 32 | pull_request: 33 | 34 | # cancel any previously-started, yet still active runs of this workflow on the same branch 35 | concurrency: 36 | group: ${{ github.ref }}-${{ github.workflow }} 37 | cancel-in-progress: true 38 | 39 | jobs: 40 | call-super-linter: 41 | name: Call Super-Linter 42 | 43 | permissions: 44 | contents: read # clone the repo to lint 45 | statuses: write # read/write to repo custom statuses 46 | 47 | ### use Reusable Workflows to call my workflow remotely 48 | ### https://docs.github.com/en/actions/learn-github-actions/reusing-workflows 49 | ### you can also call workflows from inside the same repo via file path 50 | 51 | # FIXME: customize uri to point to your own reusable linter repository 52 | uses: bretfisher/super-linter-workflow/.github/workflows/reusable-super-linter.yaml@main 53 | 54 | ### Optional settings examples 55 | 56 | # with: 57 | ### For a DevOps-focused repository. Prevents some code-language linters from running 58 | ### defaults to false 59 | # devops-only: false 60 | 61 | ### A regex to exclude files from linting 62 | ### defaults to empty 63 | # filter-regex-exclude: html/.* 64 | ``` 65 | 66 | ## How to run Super-Linter locally 67 | 68 | Option 1: Use [nektos/act](https://github.com/nektos/act) to run an existing GitHub Action workflow on your local repository clone. 69 | 70 | Option 2: Use Docker to [run the Super-Linter image directly](https://github.com/github/super-linter/blob/main/docs/run-linter-locally.md). 71 | 72 | Option 3: Pick the linter you want to run from Super-Linter, then install it locally to run manually. If you have a linter config, be sure to point the linter to `.github/linters/*`, and also realize that super-linter has default linter configs, that may change the linters behavior inside super-linter, with [templates listed here](https://github.com/github/super-linter/tree/main/TEMPLATES). 73 | 74 | ## This repository is part of my example DevOps repos on GitHub Actions 75 | 76 | - [bretfisher/github-actions-templates](https://github.com/BretFisher/github-actions-templates) - Main repository 77 | - (you are here) [bretfisher/super-linter-workflow](https://github.com/BretFisher/super-linter-workflow) - Reusable linter workflow 78 | - [bretfisher/docker-build-workflow](https://github.com/BretFisher/docker-build-workflow)- Reusable Docker build workflow 79 | - [bretfisher/docker-ci-automation](https://github.com/BretFisher/docker-ci-automation) - Step by step video and example of a Docker CI workflow 80 | - [My full list of container examples and tools](https://github.com/bretfisher) 81 | 82 | ## 🎉🎉🎉 Join my cloud native DevOps community 🎉🎉🎉 83 | 84 | - [My Cloud Native DevOps Discord server](https://devops.fan) 85 | - [My weekly YouTube Live show](https://www.youtube.com/@BretFisher) 86 | - [My weekly newsletter](https://www.bretfisher.com/newsletter) 87 | - [My courses and coupons](https://www.bretfisher.com/courses) 88 | -------------------------------------------------------------------------------- /.github/workflows/reusable-super-linter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # original template from: https://github.com/bretfisher/super-linter-workflow/blob/main/.github/workflows/reusable-super-linter.yaml 3 | 4 | ########################### 5 | ########################### 6 | ## Linter GitHub Actions ## 7 | ########################### 8 | ########################### 9 | name: Lint all the codes 10 | 11 | # 12 | # Documentation: 13 | # https://help.github.com/en/articles/workflow-syntax-for-github-actions 14 | # 15 | 16 | on: 17 | workflow_call: 18 | inputs: 19 | devops-only: 20 | description: For a DevOps-focused repository. Prevents some code-language linters from running 21 | required: false 22 | type: boolean 23 | default: false 24 | filter-regex-exclude: 25 | description: A regex to exclude files from linting 26 | required: false 27 | type: string 28 | extra-envs: 29 | description: Additional environment variables to pass to super-linter (one per line) 30 | required: false 31 | type: string 32 | 33 | # reset permsissions to none at the workflow level 34 | # we'll set them at the job level below 35 | permissions: {} 36 | 37 | jobs: 38 | super-lint: 39 | name: Super-Linter 40 | 41 | runs-on: ubuntu-latest 42 | 43 | permissions: 44 | contents: read # git permissions to repo pull/push 45 | statuses: write # read/write to repo custom statuses and checks 46 | 47 | steps: 48 | - name: Checkout Code 49 | uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 50 | with: 51 | # Full git history is needed to get a proper list of changed files within super-linter 52 | fetch-depth: 0 53 | persist-credentials: false 54 | 55 | ############################# 56 | # custom DEFAULT_BRANCH for repos where PR target isn't always main/master 57 | ############################# 58 | - name: Set DEFAULT_BRANCH to PR target 59 | # if base_ref has a value, this is a PR 60 | # we save the PR target branch name to a variable for use in linter config 61 | # we pass string between job steps by echoing to $GITHUB_ENV, making it available in $env later 62 | if: ${{ github.base_ref != '' }} 63 | run: | 64 | echo "DEFAULT_BRANCH=${GITHUB_BASE_REF}" >> "$GITHUB_ENV" 65 | echo "this is a PR branch. Let's only lint the files that are changed against the target branch '${GITHUB_BASE_REF}'" 66 | 67 | - name: Set DEFAULT_BRANCH to current branch 68 | # if base_ref has no value, this is just a commit on a branch 69 | # we need to strip refs/heads from github.ref to find the current branch name 70 | # then save the current branch name to a variable for use in linter config later 71 | # we pass strings between job steps by echoing to $GITHUB_ENV, making it available in $env later 72 | if: ${{ github.base_ref == '' }} 73 | run: | 74 | echo "DEFAULT_BRANCH=$(echo "$GITHUB_REF" | sed 's/refs\/heads\///')" >> "$GITHUB_ENV" 75 | echo "this is just a branch push, not a PR." 76 | 77 | # used as a debug step to ensure we're only linting all files on release branches 78 | - name: Are we linting all files? 79 | run: | 80 | echo VALIDATE_ALL_CODEBASE=${{ !contains(github.event_name, 'pull_request') }} 81 | 82 | # customize excluded paths and files with regex 83 | - name: FILTER_REGEX_EXCLUDE 84 | if: ${{ inputs.filter-regex-exclude }} 85 | run: | 86 | { 87 | echo "FILTER_REGEX_EXCLUDE=${INPUTS_FILTER_REGEX_EXCLUDE}" >> "$GITHUB_ENV" 88 | } 89 | env: 90 | INPUTS_FILTER_REGEX_EXCLUDE: ${{ inputs.filter-regex-exclude }} 91 | 92 | # disable non-DevOps focused linters that might run on sample code or 3rd party code 93 | # these env's will get pass to the next step 94 | - name: Disable non-DevOps linters 95 | if: ${{ inputs.devops-only == true }} 96 | run: | 97 | { 98 | echo "VALIDATE_CSS=false"; 99 | echo "VALIDATE_HTML=false"; 100 | echo "VALIDATE_JAVASCRIPT_ES=false"; 101 | echo "VALIDATE_TYPESCRIPT_ES=false"; 102 | echo "VALIDATE_TYPESCRIPT_STANDARD=false"; 103 | echo "VALIDATE_JAVASCRIPT_STANDARD=false"; 104 | echo "VALIDATE_PYTHON_MYPY=false"; 105 | echo "VALIDATE_PYTHON_BLACK=false"; 106 | echo "VALIDATE_PYTHON_FLAKE8=false"; 107 | echo "VALIDATE_PYTHON_ISORT=false"; 108 | echo "VALIDATE_RUBY=false"; 109 | echo "VALIDATE_PHP=false"; 110 | echo "VALIDATE_CSHARP=false"; 111 | 112 | } >> "$GITHUB_ENV" 113 | 114 | # Pass in custom environment variables from the calling workflow 115 | - name: Set EXTRA_ENVS 116 | if: ${{ inputs.extra-envs }} 117 | shell: bash 118 | env: 119 | EXTRA_ENVS: ${{ inputs.extra-envs }} 120 | run: | 121 | printf '%s\n' "$EXTRA_ENVS" >> "$GITHUB_ENV" 122 | 123 | ############################# 124 | # Run many Linters against changed files on PRs, and ALL files on commit to release branch 125 | ############################# 126 | # https://github.com/marketplace/actions/super-linter 127 | - name: Lint Code Base 128 | uses: super-linter/super-linter/slim@47984f49b4e87383eed97890fe2dca6063bbd9c3 #v8.3.1 129 | env: 130 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 131 | # by default super-linter assumes our repo default branch doesn't change 132 | # and it also assumes our PRs are always against that default branch 133 | # for multi-trunk (releases) repos, this get the base branch from the previous steps 134 | # see issue https://github.com/github/super-linter/issues/1123 135 | DEFAULT_BRANCH: ${{ env.DEFAULT_BRANCH }} 136 | # setting this to false means that only changed files will be scanned in each commit 137 | VALIDATE_ALL_CODEBASE: ${{ !contains(github.event_name, 'pull_request') }} 138 | # turn off dockerfilelint, as its a dead project 139 | # https://github.com/replicatedhq/dockerfilelint/issues/169 140 | # hadolint will still run and is sufficient (no need for two linters) 141 | VALIDATE_DOCKERFILE: false 142 | # turn off JSCPD copy/paste detection, which results in lots of results for examples and devops repos 143 | VALIDATE_JSCPD: false 144 | # turn off shfmt shell formatter as we already have shellcheck 145 | VALIDATE_SHELL_SHFMT: false 146 | # editorconfig is great, but... 147 | # editorconfig-linter is rather generic and file-specific linters are better 148 | # turn off editorconfig-checker, which flags too many false positives 149 | VALIDATE_EDITORCONFIG: false 150 | # prevent Kubernetes CRD API's from causing kubeval to fail 151 | # also change schema location to an up-to-date list 152 | # https://github.com/yannh/kubernetes-json-schema/#kubeval 153 | KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/ 154 | --------------------------------------------------------------------------------