Skip to content

Add github pull request workflow for terraform #227

Add github pull request workflow for terraform

Add github pull request workflow for terraform #227

---
name: PR Quality Checker
on: # yamllint disable-line rule:truthy
# push:
# branches: [ "main" ]
pull_request:
types:
- opened
- ready_for_review
- synchronize
- reopened
branches:
- main
# Allow one concurrent deployment
concurrency:
group: ${{ format('{0}-{1}-{2}', github.event_name, github.base_ref || github.ref, github.head_ref || github.event.number) }}
cancel-in-progress: true
env:
DEBUG: ${{ secrets.ACTIONS_RUNNER_DEBUG || vars.ACTIONS_RUNNER_DEBUG || secrets.ACTIONS_STEP_DEBUG || vars.ACTIONS_STEP_DEBUG || false }} # Check debug mode
jobs:
linter:
name: MegaLinter
runs-on: ubuntu-latest
env: # Comment env block if you do not want to apply fixes
# Apply linter fixes configuration
APPLY_FIXES: |
- MARKDOWN_MARKDOWNLINT
- MARKDOWN_MARKDOWN_TABLE_FORMATTER
- SPELL_LYCHEE # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request)
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR
# Remove the ones you do not need
contents: write
issues: write
pull-requests: write
steps:
- name: 🩺 Debug
if: ${{ env.DEBUG == 'true' }}
uses: raven-actions/debug@v1
with:
vars-context: ${{ toJson(vars) }}
secrets-context: ${{ toJson(secrets) }}
needs-context: ${{ toJson(needs) }}
inputs-context: ${{ toJson(inputs) }}
- name: ⤵️ Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
- name: 🧹 MegaLinter
id: megalinter
uses: oxsecurity/megalinter/flavors/documentation@v7
# uses: oxsecurity/megalinter@v7
env:
GITHUB_TOKEN: ${{ github.token }}
# All available variables are described in documentation
# https://megalinter.io/configuration/
VALIDATE_ALL_CODEBASE: ${{ (contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) && github.ref == 'refs/heads/main') || false }} # Validates all source when push on main, else just the git diff with main. Override with true if you always want to lint all sources
REPOSITORY_GITLEAKS_PR_COMMITS_SCAN: ${{ (github.event_name == 'pull_request' && 'true') || 'false' }} # If true, Gitleaks will scan all commits of a PR, not only the last one
- name: 📦 Archive MegaLinter artifacts
if: ${{ always() && (steps.megalinter.outcome == 'success' || steps.megalinter.outcome == 'failure') }}
uses: actions/upload-artifact@v3
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
- name: 🤖 Get bot details
if: ${{ steps.megalinter.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) }}
id: bot-details
uses: raven-actions/bot-details@v1
- name: 🆙 Commit and push applied linter fixes
if: ${{ steps.megalinter.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
commit_message: "style: apply linter fixes"
commit_user_name: ${{ steps.bot-details.outputs.name }}
commit_user_email: ${{ steps.bot-details.outputs.email }}
commit_author: ${{ steps.bot-details.outputs.name-email }}