riege · HardTy · Jun 10, 2026 · Jun 10, 2026 · Jun 10, 2026 · Jun 10, 2026
@@ -0,0 +1,77 @@
+# Copilot Instructions for This Repository
+
+## Repository Purpose
+
+This repository provides reusable GitHub Actions workflows and shared linting configuration for `super-linter`.
+
+Primary goal:
+
+- Ensure teams consume a consistent linting setup across repositories.
+
+This repository is not an application runtime project. Changes should focus on workflow reliability, configuration consistency, and clear maintenance.
+
+## Source of Truth
+
+The reusable workflow behavior is based on the official `super-linter` project:
+
+- <https://github.com/super-linter/super-linter>
+
+Scope of this dependency policy:
+
+- `.github/workflows/super-linter.yml`
+- `.github/workflows/super-linter-non-slim.yml`
+
+Apply `super-linter` compatibility and naming alignment rules only to these two workflows.
+
+When adding or changing linter flags, environment variables, or workflow behavior:
+
+1. Prefer documented `super-linter` inputs and env variables.
+2. Keep naming aligned with upstream conventions (`VALIDATE_*`, `*_FILE_NAME`, etc.).
+3. Avoid introducing custom behavior that conflicts with upstream semantics.
+
+## Language Policy
+
+Use English only for all human-readable content in this repository, including:
+
+- Markdown documentation
+- YAML comments
+- Code comments
+- Pull request descriptions generated from this repo context
+- Commit message suggestions generated from this repo context
+
+Do not introduce German or mixed-language documentation/comments.
+
+## Editing Guidelines
+
+When modifying reusable workflows (especially `super-linter` workflows):
+
+1. Keep include-mode and exclude-mode logic consistent.
+2. If a new `VALIDATE_*` input is added, wire it in all required places:
+   - `workflow_call.inputs`
+   - include-mode `if` condition
+   - include-mode `env` mapping
+   - exclude-mode `if` condition (if applicable)
+   - exclude-mode explicit disable (`false`) when needed
+3. Preserve backward compatibility for existing consumers whenever possible.
+4. Keep defaults conservative (`false`) for optional linters unless explicitly requested otherwise.
+
+## Safety and Scope
+
+- Do not add secrets or tokens to workflow files.
+- Do not hardcode repository-specific private paths beyond existing patterns.
+- Keep changes minimal and focused on linting standardization.
+
+## Validation Expectations
+
+After workflow edits, verify:
+
+1. YAML syntax is valid.
+2. Input names match env usage exactly.
+3. Conditions do not accidentally enable extra linters.
+4. Comments remain concise and in English.
+
+## Preferred Change Style
+
+- Make small, reviewable changes.
+- Prefer explicitness over clever shortcuts in workflow logic.
+- Add short comments only when behavior is non-obvious.
@@ -22,6 +22,15 @@ on:
           "Flag to set the root directory for Ansible file location(s),
           relative to DEFAULT_WORKSPACE. Set to . to use the top-level of
           the DEFAULT_WORKSPACE."
+      FILTER_REGEX_EXCLUDE:
+        required: false
+        type: string
+        default: ""
+        description: >
+          "If you need to exclude some files from linting, you can use this.
+          Do not lint sql files: FILTER_REGEX_EXCLUDE: .*.sql
+          Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*
+          Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js"
       VALIDATE_ALL_CODEBASE:
         required: false
         type: boolean
@@ -36,6 +45,12 @@ on:
         default: false
         description: >
           "Enable kubeval validation for Kubernetes manifests."
+      VALIDATE_KUBERNETES_KUBECONFORM:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable kubeconform validation for Kubernetes manifests."
       KUBERNETES_KUBEVAL_FILE_NAME:
         required: false
         type: string
@@ -66,6 +81,12 @@ on:
         default: false
         description: >
           "Enable ShellCheck validation."
+      VALIDATE_SHELL_SHFMT:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable shfmt validation."
       VALIDATE_MARKDOWN:
         required: false
         type: boolean
@@ -108,14 +129,18 @@ jobs:
           path: ${{ inputs.CODEQUALITY_PATH }}
           ref: ${{ inputs.CODEQUALITY_REF }}
 
+      - name: Configure git for private modules
+        run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
+
       - name: Lint Code Base (include mode)
-        if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
+        if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
         uses: github/super-linter@v7
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
           ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
           CHECKOV_FILE_NAME: checkov/.checkov.yaml
           DEFAULT_BRANCH: main
+          FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
           GITHUB_TOKEN: ${{ github.token }}
           JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
           KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}"
@@ -127,24 +152,27 @@ jobs:
           VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
           VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
           VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
+          VALIDATE_KUBERNETES_KUBECONFORM: ${{ inputs.VALIDATE_KUBERNETES_KUBECONFORM && 'true' || '' }}
           VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
           VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
           VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
           VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }}
+          VALIDATE_SHELL_SHFMT: ${{ inputs.VALIDATE_SHELL_SHFMT && 'true' || '' }}
           VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
           VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
           YAML_CONFIG_FILE: yaml/.yaml-lint.yml
           TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
           SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint
 
       - name: Lint Code Base (exclude mode)
-        if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
+        if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
         uses: github/super-linter@v7
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
           ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
           CHECKOV_FILE_NAME: checkov/.checkov.yaml
           DEFAULT_BRANCH: main
+          FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
           GITHUB_TOKEN: ${{ github.token }}
           JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
           # KUBERNETES_KUBEVAL_FILE_NAME: "${{ inputs.KUBERNETES_KUBEVAL_FILE_NAME }}"
@@ -155,6 +183,8 @@ jobs:
           VALIDATE_JSCPD: false
           VALIDATE_NATURAL_LANGUAGE: false
           VALIDATE_KUBERNETES_KUBEVAL: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
+          VALIDATE_SHELL_SHFMT: false
           YAML_CONFIG_FILE: yaml/.yaml-lint.yml
           TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
           SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint
@@ -45,6 +45,12 @@ on:
         default: false
         description: >
           "Enable kubeval validation for Kubernetes manifests."
+      VALIDATE_KUBERNETES_KUBECONFORM:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable kubeconform validation for Kubernetes manifests."
       KUBERNETES_KUBEVAL_FILE_NAME:
         required: false
         type: string
@@ -75,6 +81,12 @@ on:
         default: false
         description: >
           "Enable ShellCheck validation."
+      VALIDATE_SHELL_SHFMT:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable shfmt validation."
       VALIDATE_MARKDOWN:
         required: false
         type: boolean
@@ -121,7 +133,7 @@ jobs:
         run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
 
       - name: Lint Code Base (include mode)
-        if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
+        if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
         uses: github/super-linter/slim@v7
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
@@ -140,18 +152,20 @@ jobs:
           VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
           VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
           VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
+          VALIDATE_KUBERNETES_KUBECONFORM: ${{ inputs.VALIDATE_KUBERNETES_KUBECONFORM && 'true' || '' }}
           VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
           VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
           VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
           VALIDATE_BASH: ${{ inputs.VALIDATE_BASH && 'true' || '' }}
+          VALIDATE_SHELL_SHFMT: ${{ inputs.VALIDATE_SHELL_SHFMT && 'true' || '' }}
           VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
           VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
           YAML_CONFIG_FILE: yaml/.yaml-lint.yml
           TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
           SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint
 
       - name: Lint Code Base (exclude mode)
-        if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
+        if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_KUBERNETES_KUBECONFORM || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_BASH || inputs.VALIDATE_SHELL_SHFMT || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
         uses: github/super-linter/slim@v7
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
@@ -169,6 +183,8 @@ jobs:
           VALIDATE_JSCPD: false
           VALIDATE_NATURAL_LANGUAGE: false
           VALIDATE_KUBERNETES_KUBEVAL: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
+          VALIDATE_SHELL_SHFMT: false
           YAML_CONFIG_FILE: yaml/.yaml-lint.yml
           TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
           SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint