🔄 synced file(s) with dealroom/core-mothership #304
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Auto-synced file, managed by [dealroom/core-mothership](https://github.com/dealroom/core-mothership) | |
| # The changes to this file will be automatically overwritten on the next sync. Do not edit by hand! | |
| name: Lint | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, labeled, unlabeled] | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.event.action }}-${{ github.event.label.name }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| # Run only if: | |
| # - the `force-lint` label is present | |
| # - the `dependencies` is not present | |
| # - the `sync` label is NOT present | |
| # - the PR is NOT created by dependabot or renovate bots | |
| if: | | |
| contains(github.event.pull_request.labels.*.name, 'force-lint') | |
| || | |
| ( | |
| !contains(github.event.pull_request.labels.*.name, 'dependencies') | |
| && | |
| !contains(github.event.pull_request.labels.*.name, 'sync') | |
| && | |
| github.event.pull_request.user.login != 'dependabot[bot]' | |
| && | |
| github.event.pull_request.user.login != 'renovate[bot]' | |
| ) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| # To report GitHub Actions status checks | |
| statuses: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Ensure SHA pinned actions | |
| uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b88cd0aad2c36a63e42c71f81cb1958fed95ac87 # v3.0.10 | |
| - name: Check that "do not merge" or "do-not-merge" label is not present | |
| if: contains(github.event.pull_request.labels.*.name, 'do not merge') || contains(github.event.pull_request.labels.*.name, 'do-not-merge') | |
| run: | | |
| echo 'The "do not merge" or "do-not-merge" label is present. Please remove it before merging.' | |
| exit 1 | |
| shell: bash | |
| - name: Check if a setup action exists | |
| id: check_files | |
| uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 | |
| with: | |
| files: ./.github/actions/setup/action.yml | |
| - name: Load super-linter configuration | |
| run: grep -o '^[^#]*' .github/super-linter.env >> "$GITHUB_ENV" | |
| - name: Setup application | |
| uses: ./.github/actions/setup | |
| if: steps.check_files.outputs.files_exists == 'true' | |
| with: | |
| github-token: ${{ secrets.GH_TOKEN_DEALROOMBA }} | |
| extensions: ${{ vars.EXTENSIONS || 'none' }} | |
| - name: Lint Codebase | |
| uses: super-linter/super-linter/slim@b4515bd4ad9d0aa4681960e053916ab991bdbe96 # v6.8.0 | |
| # For a full list of environment variables see `.github/super-linter.env` | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # Required for checkov pulling external modules from private repositories | |
| GITHUB_PAT: ${{ secrets.GH_TOKEN_DEALROOMBA }} | |
| VALIDATE_ALL_CODEBASE: ${{ vars.LINT_VALIDATE_ALL_CODEBASE || 'true' }} |