🔄 synced file(s) with dealroom/core-mothership #336
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Auto-synced file, managed by [dealroom/core-mothership](https://github.com/dealroom/core-mothership) | |
# The changes to this file will be automatically overwritten on the next sync. Do not edit by hand! | |
name: Lint | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, labeled, unlabeled] | |
permissions: read-all | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.event_name }} | |
cancel-in-progress: true | |
jobs: | |
pr-labels: | |
runs-on: ubuntu-latest | |
outputs: | |
labels: ${{ steps.pr-labels.outputs.labels }} | |
permissions: | |
contents: read | |
pull-requests: read | |
steps: | |
- name: Get PR labels | |
id: pr-labels | |
uses: joerick/pr-labels-action@0543b277721e852d821c6738d449f2f4dea03d5f # v1.0.9 | |
lint: | |
needs: pr-labels | |
# Run only if: | |
# - the `force-lint` label is present | |
# OR | |
# - the `dependencies` is not present | |
# AND the `sync` label is NOT present | |
# AND the PR is NOT created by dependabot or renovate bots | |
if: | | |
contains(needs.pr-labels.outputs.labels, 'force-lint') | |
|| | |
( | |
!contains(needs.pr-labels.outputs.labels, 'dependencies') | |
&& | |
!contains(needs.pr-labels.outputs.labels, 'sync') | |
&& | |
github.event.pull_request.user.login != 'dependabot[bot]' | |
&& | |
github.event.pull_request.user.login != 'renovate[bot]' | |
) | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
# To report GitHub Actions status checks | |
statuses: write | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
fetch-depth: 0 | |
- name: Ensure SHA pinned actions | |
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b8f9a25a51fe633d9215ac7734854dc11cd299cb # v3.0.13 | |
- name: Check that "do not merge" or "do-not-merge" label is not present | |
if: | | |
( | |
contains(needs.pr-labels.outputs.labels, 'do not merge') | |
|| | |
contains(needs.pr-labels.outputs.labels, 'do-not-merge') | |
) | |
run: | | |
echo 'The "do not merge" or "do-not-merge" label is present. Please remove it before merging.' | |
exit 1 | |
shell: bash | |
- name: Check if a setup action exists | |
id: check_files | |
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 | |
with: | |
files: ./.github/actions/setup/action.yml | |
- name: Load super-linter configuration | |
run: grep -o '^[^#]*' .github/super-linter.env >> "$GITHUB_ENV" | |
- name: Setup application | |
uses: ./.github/actions/setup | |
if: steps.check_files.outputs.files_exists == 'true' | |
with: | |
github-token: ${{ secrets.GH_TOKEN_DEALROOMBA }} | |
extensions: ${{ vars.EXTENSIONS || 'none' }} | |
- name: Lint Codebase | |
uses: super-linter/super-linter/slim@b4515bd4ad9d0aa4681960e053916ab991bdbe96 # v6.8.0 | |
# For a full list of environment variables see `.github/super-linter.env` | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# Required for checkov pulling external modules from private repositories | |
GITHUB_PAT: ${{ secrets.GH_TOKEN_DEALROOMBA }} | |
VALIDATE_ALL_CODEBASE: ${{ vars.LINT_VALIDATE_ALL_CODEBASE || 'true' }} |