-
Notifications
You must be signed in to change notification settings - Fork 1
49 lines (45 loc) · 1.53 KB
/
super-linter.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# This workflow executes several linters on changed files based on languages used in your code base whenever
# you push a code or open a pull request.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/github/super-linter
name: Lint Code Base
on:
workflow_dispatch:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
permissions:
contents: read
jobs:
run-lint:
permissions:
contents: read # for actions/checkout to fetch code
statuses: write # for github/super-linter to mark status of each linter run
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
api0.prismacloud.io:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
- name: Lint Code Base
uses: github/super-linter@4e51915f4a812abf59fed160bb14595c0a38a9e7 # v6
#checkov:skip=skip-check:CKV2_GHA_1
env:
VALIDATE_ALL_CODEBASE: true
DEFAULT_BRANCH: "main"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISABLE_ERRORS: true