From 33c92e9ee44227ef857e4fef2f1dafc3d718c065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20=C3=81lvaro?= Date: Fri, 16 Oct 2020 21:20:42 +0200 Subject: [PATCH 1/4] ci: Add super-linter GitHub action --- .github/workflows/code-scanning.yml | 2 +- .github/workflows/linter.yml | 24 ++++++++++++++++++++++++ .shellcheckrc | 3 +++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/linter.yml diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index d0664bf..646ac92 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -1,4 +1,4 @@ -name: "Code Scanning" +name: Code Scanning on: schedule: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..4339be5 --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,24 @@ +name: Lint Code + +on: + pull_request: + branches: + - master + +jobs: + lint: + name: Lint code + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Lint code base + uses: github/super-linter@v3 + env: + VALIDATE_DOCKERFILE_HADOLINT: true + VALIDATE_BASH: true + DEFAULT_BRANCH: master + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.shellcheckrc b/.shellcheckrc index 4444152..ed22ec8 100644 --- a/.shellcheckrc +++ b/.shellcheckrc @@ -1,6 +1,9 @@ # Check shellcheck wiki at: # https://github.com/koalaman/shellcheck/wiki/SCXXXX +# Allow following non-constant source +disable=SC1090 + # Redirections are performed by the current shell before sudo is started. disable=SC2024 From 077f303d8701cf52d60e83276337ca27d1f34606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20=C3=81lvaro?= Date: Sat, 17 Oct 2020 11:24:46 +0200 Subject: [PATCH 2/4] ci: Extend security analysis to push events --- .github/workflows/publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 183951c..62508d9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -93,7 +93,6 @@ jobs: name: Security analysis runs-on: ubuntu-latest needs: publish - if: github.event_name == 'release' steps: - name: Prepare metadata id: metadata From affe2e85116e21e12236bc3305ecd7ab088a5e4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20=C3=81lvaro?= Date: Sat, 17 Oct 2020 11:25:09 +0200 Subject: [PATCH 3/4] ci: Rename code-scanning workflow --- .../workflows/{code-scanning.yml => security-analysis.yml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{code-scanning.yml => security-analysis.yml} (94%) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/security-analysis.yml similarity index 94% rename from .github/workflows/code-scanning.yml rename to .github/workflows/security-analysis.yml index 646ac92..acd4829 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/security-analysis.yml @@ -1,11 +1,11 @@ -name: Code Scanning +name: Security analysis on: schedule: - cron: '0 0 * * 1' jobs: - code-scan: + security-analysis: name: Trivy scan runs-on: ubuntu-latest From fd03b1e1f70641fdb3a3fa267bc38e1fdd353702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20=C3=81lvaro?= Date: Sat, 17 Oct 2020 11:26:35 +0200 Subject: [PATCH 4/4] ci: Rename linter step --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 4339be5..84956fe 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -7,7 +7,7 @@ on: jobs: lint: - name: Lint code + name: Super Linter runs-on: ubuntu-latest steps: - name: Checkout repository