From efa9703697cad5ca3a045ac1289bd722ffcb3475 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rene=CC=81=20Burghardt?= Date: Wed, 10 Jun 2026 13:33:47 +0200 Subject: [PATCH 1/3] feat: add validation options for kubeconform and shfmt in super-linter workflows --- .github/copilot-instructions.md | 63 +++++++++++++++++++++ .github/workflows/super-linter-non-slim.yml | 34 ++++++++++- .github/workflows/super-linter.yml | 20 ++++++- 3 files changed, 113 insertions(+), 4 deletions(-) create mode 100644 .github/copilot-instructions.md diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md new file mode 100644 index 0000000..a7d83d7 --- /dev/null +++ b/.github/copilot-instructions.md @@ -0,0 +1,63 @@ +# Copilot Instructions for This Repository + +## Repository Purpose +This repository provides reusable GitHub Actions workflows and shared linting configuration for `super-linter`. + +Primary goal: +- Ensure teams consume a consistent linting setup across repositories. + +This repository is not an application runtime project. Changes should focus on workflow reliability, configuration consistency, and clear maintenance. + +## Source of Truth +The reusable workflow behavior is based on the official `super-linter` project: +- https://github.com/super-linter/super-linter + +Scope of this dependency policy: +- `.github/workflows/super-linter.yml` +- `.github/workflows/super-linter-non-slim.yml` + +Apply `super-linter` compatibility and naming alignment rules only to these two workflows. + +When adding or changing linter flags, environment variables, or workflow behavior: +1. Prefer documented `super-linter` inputs and env variables. +2. Keep naming aligned with upstream conventions (`VALIDATE_*`, `*_FILE_NAME`, etc.). +3. Avoid introducing custom behavior that conflicts with upstream semantics. + +## Language Policy +Use English only for all human-readable content in this repository, including: +- Markdown documentation +- YAML comments +- Code comments +- Pull request descriptions generated from this repo context +- Commit message suggestions generated from this repo context + +Do not introduce German or mixed-language documentation/comments. + +## Editing Guidelines +When modifying reusable workflows (especially `super-linter` workflows): +1. Keep include-mode and exclude-mode logic consistent. +2. If a new `VALIDATE_*` input is added, wire it in all required places: + - `workflow_call.inputs` + - include-mode `if` condition + - include-mode `env` mapping + - exclude-mode `if` condition (if applicable) + - exclude-mode explicit disable (`false`) when needed +3. Preserve backward compatibility for existing consumers whenever possible. +4. Keep defaults conservative (`false`) for optional linters unless explicitly requested otherwise. + +## Safety and Scope +- Do not add secrets or tokens to workflow files. +- Do not hardcode repository-specific private paths beyond existing patterns. +- Keep changes minimal and focused on linting standardization. + +## Validation Expectations +After workflow edits, verify: +1. YAML syntax is valid. +2. Input names match env usage exactly. +3. Conditions do not accidentally enable extra linters. +4. Comments remain concise and in English. + +## Preferred Change Style +- Make small, reviewable changes. +- Prefer explicitness over clever shortcuts in workflow logic. +- Add short comments only when behavior is non-obvious. diff --git a/.github/workflows/super-linter-non-slim.yml b/.github/workflows/super-linter-non-slim.yml index ff433b1..6f7a80e 100644 --- a/.github/workflows/super-linter-non-slim.yml +++ b/.github/workflows/super-linter-non-slim.yml @@ -22,6 +22,15 @@ on: "Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE." + FILTER_REGEX_EXCLUDE: + required: false + type: string + default: "" + description: > + "If you need to exclude some files from linting, you can use this. + Do not lint sql files: FILTER_REGEX_EXCLUDE: .*.sql + Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.* + Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js" VALIDATE_ALL_CODEBASE: required: false type: boolean @@ -36,6 +45,12 @@ on: default: false description: > "Enable kubeval validation for Kubernetes manifests." + VALIDATE_KUBERNETES_KUBECONFORM: + required: false + type: boolean + default: false + description: > + "Enable kubeconform validation for Kubernetes manifests." KUBERNETES_KUBEVAL_FILE_NAME: required: false type: string @@ -66,6 +81,12 @@ on: default: false description: > "Enable ShellCheck validation." + VALIDATE_SHELL_SHFMT: + required: false + type: boolean + default: false + description: > + "Enable shfmt validation." VALIDATE_MARKDOWN: required: false type: boolean @@ -108,14 +129,18 @@ jobs: path: ${{ inputs.CODEQUALITY_PATH }} ref: ${{ inputs.CODEQUALITY_REF }} + - name: Configure git for private modules + run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" + - name: Lint Code Base (include mode) - if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} + if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} uses: github/super-linter@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }} CHECKOV_FILE_NAME: checkov/.checkov.yaml DEFAULT_BRANCH: main + FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}" GITHUB_TOKEN: ${{ github.token }} JAVA_FILE_NAME: java/checkstyle/checkstyle.xml KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}" @@ -127,10 +152,12 @@ jobs: VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }} VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }} VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }} + VALIDATE_KUBERNETES_KUBECONFORM: ${{ inputs.VALIDATE_KUBERNETES_KUBECONFORM && 'true' || '' }} VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }} VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }} VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }} VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }} + VALIDATE_SHELL_SHFMT: ${{ inputs.VALIDATE_SHELL_SHFMT && 'true' || '' }} VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }} VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }} YAML_CONFIG_FILE: yaml/.yaml-lint.yml @@ -138,13 +165,14 @@ jobs: SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint - name: Lint Code Base (exclude mode) - if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} + if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} uses: github/super-linter@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }} CHECKOV_FILE_NAME: checkov/.checkov.yaml DEFAULT_BRANCH: main + FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}" GITHUB_TOKEN: ${{ github.token }} JAVA_FILE_NAME: java/checkstyle/checkstyle.xml # KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}" @@ -155,6 +183,8 @@ jobs: VALIDATE_JSCPD: false VALIDATE_NATURAL_LANGUAGE: false VALIDATE_KUBERNETES_KUBEVAL: false + VALIDATE_KUBERNETES_KUBECONFORM: false + VALIDATE_SHELL_SHFMT: false YAML_CONFIG_FILE: yaml/.yaml-lint.yml TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index dfdbadb..2b794d3 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -45,6 +45,12 @@ on: default: false description: > "Enable kubeval validation for Kubernetes manifests." + VALIDATE_KUBERNETES_KUBECONFORM: + required: false + type: boolean + default: false + description: > + "Enable kubeconform validation for Kubernetes manifests." KUBERNETES_KUBEVAL_FILE_NAME: required: false type: string @@ -75,6 +81,12 @@ on: default: false description: > "Enable ShellCheck validation." + VALIDATE_SHELL_SHFMT: + required: false + type: boolean + default: false + description: > + "Enable shfmt validation." VALIDATE_MARKDOWN: required: false type: boolean @@ -121,7 +133,7 @@ jobs: run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - name: Lint Code Base (include mode) - if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} + if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }} uses: github/super-linter/slim@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml @@ -140,10 +152,12 @@ jobs: VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }} VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }} VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }} + VALIDATE_KUBERNETES_KUBECONFORM: ${{ inputs.VALIDATE_KUBERNETES_KUBECONFORM && 'true' || '' }} VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }} VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }} VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }} VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }} + VALIDATE_SHELL_SHFMT: ${{ inputs.VALIDATE_SHELL_SHFMT && 'true' || '' }} VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }} VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }} YAML_CONFIG_FILE: yaml/.yaml-lint.yml @@ -151,7 +165,7 @@ jobs: SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint - name: Lint Code Base (exclude mode) - if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} + if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }} uses: github/super-linter/slim@v7 env: ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml @@ -169,6 +183,8 @@ jobs: VALIDATE_JSCPD: false VALIDATE_NATURAL_LANGUAGE: false VALIDATE_KUBERNETES_KUBEVAL: false + VALIDATE_KUBERNETES_KUBECONFORM: false + VALIDATE_SHELL_SHFMT: false YAML_CONFIG_FILE: yaml/.yaml-lint.yml TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint From 5a3b30bbcf94b7108693bdb4001a8996f19e38ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rene=CC=81=20Burghardt?= Date: Wed, 10 Jun 2026 13:42:15 +0200 Subject: [PATCH 2/3] fmt/Markdown prettier --- .github/copilot-instructions.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index a7d83d7..c46fcf2 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -1,30 +1,38 @@ # Copilot Instructions for This Repository ## Repository Purpose + This repository provides reusable GitHub Actions workflows and shared linting configuration for `super-linter`. Primary goal: + - Ensure teams consume a consistent linting setup across repositories. This repository is not an application runtime project. Changes should focus on workflow reliability, configuration consistency, and clear maintenance. ## Source of Truth + The reusable workflow behavior is based on the official `super-linter` project: + - https://github.com/super-linter/super-linter Scope of this dependency policy: + - `.github/workflows/super-linter.yml` - `.github/workflows/super-linter-non-slim.yml` Apply `super-linter` compatibility and naming alignment rules only to these two workflows. When adding or changing linter flags, environment variables, or workflow behavior: + 1. Prefer documented `super-linter` inputs and env variables. 2. Keep naming aligned with upstream conventions (`VALIDATE_*`, `*_FILE_NAME`, etc.). 3. Avoid introducing custom behavior that conflicts with upstream semantics. ## Language Policy + Use English only for all human-readable content in this repository, including: + - Markdown documentation - YAML comments - Code comments @@ -34,7 +42,9 @@ Use English only for all human-readable content in this repository, including: Do not introduce German or mixed-language documentation/comments. ## Editing Guidelines + When modifying reusable workflows (especially `super-linter` workflows): + 1. Keep include-mode and exclude-mode logic consistent. 2. If a new `VALIDATE_*` input is added, wire it in all required places: - `workflow_call.inputs` @@ -46,18 +56,22 @@ When modifying reusable workflows (especially `super-linter` workflows): 4. Keep defaults conservative (`false`) for optional linters unless explicitly requested otherwise. ## Safety and Scope + - Do not add secrets or tokens to workflow files. - Do not hardcode repository-specific private paths beyond existing patterns. - Keep changes minimal and focused on linting standardization. ## Validation Expectations + After workflow edits, verify: + 1. YAML syntax is valid. 2. Input names match env usage exactly. 3. Conditions do not accidentally enable extra linters. 4. Comments remain concise and in English. ## Preferred Change Style + - Make small, reviewable changes. - Prefer explicitness over clever shortcuts in workflow logic. - Add short comments only when behavior is non-obvious. From dc01cbd032f27cd46a19d30a2e74516ea6f75468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rene=CC=81=20Burghardt?= Date: Wed, 10 Jun 2026 13:56:20 +0200 Subject: [PATCH 3/3] fix: correct link formatting in copilot instructions --- .github/copilot-instructions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index c46fcf2..f54b3f4 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -14,7 +14,7 @@ This repository is not an application runtime project. Changes should focus on w The reusable workflow behavior is based on the official `super-linter` project: -- https://github.com/super-linter/super-linter +- Scope of this dependency policy: