diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md new file mode 100644 index 0000000..f54b3f4 --- /dev/null +++ b/.github/copilot-instructions.md @@ -0,0 +1,77 @@ +# Copilot Instructions for This Repository + +## Repository Purpose + +This repository provides reusable GitHub Actions workflows and shared linting configuration for `super-linter`. + +Primary goal: + +- Ensure teams consume a consistent linting setup across repositories. + +This repository is not an application runtime project. Changes should focus on workflow reliability, configuration consistency, and clear maintenance. + +## Source of Truth + +The reusable workflow behavior is based on the official `super-linter` project: + +- + +Scope of this dependency policy: + +- `.github/workflows/super-linter.yml` +- `.github/workflows/super-linter-non-slim.yml` + +Apply `super-linter` compatibility and naming alignment rules only to these two workflows. + +When adding or changing linter flags, environment variables, or workflow behavior: + +1. Prefer documented `super-linter` inputs and env variables. +2. Keep naming aligned with upstream conventions (`VALIDATE_*`, `*_FILE_NAME`, etc.). +3. Avoid introducing custom behavior that conflicts with upstream semantics. + +## Language Policy + +Use English only for all human-readable content in this repository, including: + +- Markdown documentation +- YAML comments +- Code comments +- Pull request descriptions generated from this repo context +- Commit message suggestions generated from this repo context + +Do not introduce German or mixed-language documentation/comments. + +## Editing Guidelines + +When modifying reusable workflows (especially `super-linter` workflows): + +1. Keep include-mode and exclude-mode logic consistent. +2. If a new `VALIDATE_*` input is added, wire it in all required places: + - `workflow_call.inputs` + - include-mode `if` condition + - include-mode `env` mapping + - exclude-mode `if` condition (if applicable) + - exclude-mode explicit disable (`false`) when needed +3. Preserve backward compatibility for existing consumers whenever possible. +4. Keep defaults conservative (`false`) for optional linters unless explicitly requested otherwise. + +## Safety and Scope + +- Do not add secrets or tokens to workflow files. +- Do not hardcode repository-specific private paths beyond existing patterns. +- Keep changes minimal and focused on linting standardization. + +## Validation Expectations + +After workflow edits, verify: + +1. YAML syntax is valid. +2. Input names match env usage exactly. +3. Conditions do not accidentally enable extra linters. +4. Comments remain concise and in English. + +## Preferred Change Style + +- Make small, reviewable changes. +- Prefer explicitness over clever shortcuts in workflow logic. +- Add short comments only when behavior is non-obvious. diff --git a/.github/workflows/super-linter-non-slim.yml b/.github/workflows/super-linter-non-slim.yml index ff433b1..6f7a80e 100644 --- a/.github/workflows/super-linter-non-slim.yml +++ b/.github/workflows/super-linter-non-slim.yml @@ -22,6 +22,15 @@ on: "Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE." + FILTER_REGEX_EXCLUDE: + required: false + type: string + default: "" + description: > + "If you need to exclude some files from linting, you can use this. + Do not lint sql files: FILTER_REGEX_EXCLUDE: .*.sql + Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.* + Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js" VALIDATE_ALL_CODEBASE: required: false type: boolean @@ -36,6 +45,12 @@ on: default: false description: > "Enable kubeval validation for Kubernetes manifests." + VALIDATE_KUBERNETES_KUBECONFORM: + required: false + type: boolean + default: false + description: > + "Enable kubeconform validation for Kubernetes manifests." KUBERNETES_KUBEVAL_FILE_NAME: required: false type: string @@ -66,6 +81,12 @@ on: default: false description: > "Enable ShellCheck validation." + VALIDATE_SHELL_SHFMT: + required: false + type: boolean + default: false + description: > + "Enable shfmt validation." VALIDATE_MARKDOWN: required: false type: boolean @@ -108,14 +129,18 @@ jobs: path: ${{ inputs.CODEQUALITY_PATH }} ref: ${{ inputs.CODEQUALITY_REF }} + - name: Configure git for private modules + run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" + - name: Lint Code Base (include mode) - if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} + if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} uses: github/super-linter@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }} CHECKOV_FILE_NAME: checkov/.checkov.yaml DEFAULT_BRANCH: main + FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}" GITHUB_TOKEN: ${{ github.token }} JAVA_FILE_NAME: java/checkstyle/checkstyle.xml KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}" @@ -127,10 +152,12 @@ jobs: VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }} VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }} VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }} + VALIDATE_KUBERNETES_KUBECONFORM: ${{ inputs.VALIDATE_KUBERNETES_KUBECONFORM && 'true' || '' }} VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }} VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }} VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }} VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }} + VALIDATE_SHELL_SHFMT: ${{ inputs.VALIDATE_SHELL_SHFMT && 'true' || '' }} VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }} VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }} YAML_CONFIG_FILE: yaml/.yaml-lint.yml @@ -138,13 +165,14 @@ jobs: SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint - name: Lint Code Base (exclude mode) - if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} + if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} uses: github/super-linter@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }} CHECKOV_FILE_NAME: checkov/.checkov.yaml DEFAULT_BRANCH: main + FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}" GITHUB_TOKEN: ${{ github.token }} JAVA_FILE_NAME: java/checkstyle/checkstyle.xml # KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}" @@ -155,6 +183,8 @@ jobs: VALIDATE_JSCPD: false VALIDATE_NATURAL_LANGUAGE: false VALIDATE_KUBERNETES_KUBEVAL: false + VALIDATE_KUBERNETES_KUBECONFORM: false + VALIDATE_SHELL_SHFMT: false YAML_CONFIG_FILE: yaml/.yaml-lint.yml TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index dfdbadb..2b794d3 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -45,6 +45,12 @@ on: default: false description: > "Enable kubeval validation for Kubernetes manifests." + VALIDATE_KUBERNETES_KUBECONFORM: + required: false + type: boolean + default: false + description: > + "Enable kubeconform validation for Kubernetes manifests." KUBERNETES_KUBEVAL_FILE_NAME: required: false type: string @@ -75,6 +81,12 @@ on: default: false description: > "Enable ShellCheck validation." + VALIDATE_SHELL_SHFMT: + required: false + type: boolean + default: false + description: > + "Enable shfmt validation." VALIDATE_MARKDOWN: required: false type: boolean @@ -121,7 +133,7 @@ jobs: run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - name: Lint Code Base (include mode) - if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} + if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} uses: github/super-linter/slim@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml @@ -140,10 +152,12 @@ jobs: VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }} VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }} VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }} + VALIDATE_KUBERNETES_KUBECONFORM: ${{ inputs.VALIDATE_KUBERNETES_KUBECONFORM && 'true' || '' }} VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }} VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }} VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }} VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }} + VALIDATE_SHELL_SHFMT: ${{ inputs.VALIDATE_SHELL_SHFMT && 'true' || '' }} VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }} VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }} YAML_CONFIG_FILE: yaml/.yaml-lint.yml @@ -151,7 +165,7 @@ jobs: SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint - name: Lint Code Base (exclude mode) - if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} + if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} uses: github/super-linter/slim@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml @@ -169,6 +183,8 @@ jobs: VALIDATE_JSCPD: false VALIDATE_NATURAL_LANGUAGE: false VALIDATE_KUBERNETES_KUBEVAL: false + VALIDATE_KUBERNETES_KUBECONFORM: false + VALIDATE_SHELL_SHFMT: false YAML_CONFIG_FILE: yaml/.yaml-lint.yml TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint