✨ Add MegaLinter (#871)

ministryofjustice · May 17, 2024 · d6d5228 · d6d5228
1 parent 5606c72
commit d6d5228
Show file tree

Hide file tree

Showing 6 changed files with 80 additions and 1 deletion.
diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml
@@ -2,7 +2,7 @@ name: code-formatter
 
 on:
   pull_request:
-    types: [opened, edited, reopened, synchronize]
+    branches: [main]
 
 jobs:
   format-code:

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -0,0 +1,40 @@
+name: ♻️ MegaLinter
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions: {}
+
+jobs:
+  megalinter:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: MegaLinter
+        uses: oxsecurity/megalinter@03986e6993ccf699a22451118520680b438e7d2a # v7.11.1
+        env:
+          VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # Validates all source when push on main, else just the git diff with main. Override with true if you always want to lint all sources
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Archive production artifacts
+        if: success() || failure()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      - name: Upload MegaLinter scan results to GitHub Security tab
+        if: success() || failure()
+        uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
+        with:
+          sarif_file: "megalinter-reports/megalinter-report.sarif"
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@
 .DS_Store
 .vscode
 .idea
+megalinter-reports
diff --git a/.gitleaksignore b/.gitleaksignore
@@ -0,0 +1 @@
+60e8f406be4219b01e7363d1de37662c3a020707:organisation-security/terraform/cloudformation/OracleDbLTS-Orchestrate.yaml:generic-api-key:279
diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -0,0 +1,35 @@
+---
+# Configuration file for MegaLinter
+# See all available variables at https://megalinter.io/latest/config-file/ and in linters documentation
+APPLY_FIXES: none
+ENABLE_LINTERS:
+  # GitHub Actions
+  - ACTION_ACTIONLINT
+
+  # JSON
+  - JSON_PRETTIER
+
+  # Markdown
+  - MARKDOWN_MARKDOWNLINT
+
+  # Repository
+  - REPOSITORY_TRIVY
+  - REPOSITORY_GITLEAKS
+
+  # Terraform
+  - TERRAFORM_TERRAFORM_FMT
+  - TERRAFORM_TFLINT
+
+  # YAML
+  - YAML_PRETTIER
+
+SARIF_REPORTER: true
+DISABLE_ERRORS: false
+MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true
+SHOW_ELAPSED_TIME: true
+FILEIO_REPORTER: false
+PARALLEL: true
+GITHUB_STATUS_REPORTER: true
+GITHUB_COMMENT_REPORTER: true
+VALIDATE_ALL_CODEBASE: false
+LOG_LEVEL: INFO
diff --git a/trivy.yaml b/trivy.yaml
@@ -0,0 +1,2 @@
+severity:
+  - CRITICAL
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,4 @@ @@
     .DS_Store
     .vscode
     .idea
+    megalinter-reports
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		60e8f406be4219b01e7363d1de37662c3a020707:organisation-security/terraform/cloudformation/OracleDbLTS-Orchestrate.yaml:generic-api-key:279