# MegaLinter GitHub Action configuration file
# More info at https://megalinter.io
---
name: MegaLinter

# Trigger mega-linter at every push. Action will also be visible from
# Pull Requests to main
on:
  # Comment this line to trigger action only on pull-requests
  # (not recommended if you don't pay for GH Actions)
  push:

  pull_request:
    branches:
      - main
      - master

# Comment env block if you do not want to apply fixes
env:
  # Apply linter fixes configuration
  #
  # When active, APPLY_FIXES must also be defined as environment variable
  # (in github/workflows/mega-linter.yml or other CI tool)
  APPLY_FIXES: <%= APPLY_FIXES %>

  # Decide which event triggers application of fixes in a commit or a PR
  # (pull_request, push, all)
  APPLY_FIXES_EVENT: pull_request

  # If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
  # or posted in a PR (pull_request)
  APPLY_FIXES_MODE: commit

concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}
  cancel-in-progress: true

permissions: {}

jobs:
  megalinter:
    name: MegaLinter
    runs-on: ubuntu-latest

    # Give the default GITHUB_TOKEN write permission to commit and push, comment
    # issues, and post new Pull Requests; remove the ones you do not need
    permissions:
      contents: write
      issues: write
      pull-requests: write

    steps:
      # Git Checkout
      - name: Checkout Code
        uses: actions/checkout@v6
        with:
          # SECURITY NOTE: Using a Personal Access Token (PAT) is NOT
          # recommended. Open-source projects have been heavily targeted by
          # supply-chain attacks in recent months, and a leaked PAT can give
          # attackers broad write access to your repository — better safe
          # than sorry! If you only need workflows to re-trigger after
          # MegaLinter applies fixes, prefer one of these safer alternatives:
          #   - Manually re-run the workflow from the GitHub Actions tab, or
          #   - Push another commit on the branch to trigger workflows again.
          # Only define `secrets.PAT` if you fully understand the trade-off.
          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
          <%- PERSIST_CREDENTIALS %>

          # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
          # improve performance
          fetch-depth: 0

      # MegaLinter
      - name: MegaLinter

        # You can override MegaLinter flavor used to have faster performances
        # More info at https://megalinter.io/latest/flavors/
        uses: <%= GITHUB_ACTION_NAME %>@<%= GITHUB_ACTION_VERSION %>

        id: ml

        # All available variables are described in documentation
        # https://megalinter.io/latest/config-file/
        env:
          # Validates all source when push on main, else just the git diff with
          # main. Override with true if you always want to lint all sources
          #
          # To validate the entire codebase, set to:
          # VALIDATE_ALL_CODEBASE: true
          #
          # To validate only diff with main, set to:
          # VALIDATE_ALL_CODEBASE: >-
          #   ${{
          #     github.event_name == 'push' &&
          #     github.ref == 'refs/heads/main'
          #   }}
          VALIDATE_ALL_CODEBASE: <%- VALIDATE_ALL_CODE_BASE_GHA %>

          # Disable LLM Advisor for bot PRs (dependabot, renovate, etc.)
          LLM_ADVISOR_ENABLED: >-
            ${{
              github.event_name != 'pull_request' ||
              (github.event.pull_request.user.login != 'dependabot[bot]' &&
               github.event.pull_request.user.login != 'renovate[bot]' &&
               github.event.pull_request.user.login != 'github-actions[bot]' &&
               !startsWith(github.event.pull_request.user.login, 'dependabot') &&
               !startsWith(github.event.pull_request.user.login, 'renovate'))
            }}

          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

          # Uncomment to use ApiReporter (Grafana)
          # API_REPORTER: true
          # API_REPORTER_URL: ${{ secrets.API_REPORTER_URL }}
          # API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_BASIC_AUTH_USERNAME }}
          # API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_BASIC_AUTH_PASSWORD }}
          # API_REPORTER_METRICS_URL: ${{ secrets.API_REPORTER_METRICS_URL }}
          # API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_USERNAME }}
          # API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_PASSWORD }}
          # API_REPORTER_DEBUG: false

          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF
          # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY

      # Upload MegaLinter artifacts
      - name: Archive production artifacts
        uses: actions/upload-artifact@v7
        if: success() || failure()
        with:
          name: MegaLinter reports
          include-hidden-files: "true"
          path: |
            megalinter-reports
            mega-linter.log

      # Create pull request if applicable
      # (for now works only on PR from same repository, not from forks)
      - name: Create Pull Request with applied fixes
        uses: peter-evans/create-pull-request@v7
        id: cpr
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'pull_request' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        with:
          # SECURITY NOTE: see the warning on the checkout step above —
          # using `secrets.PAT` is NOT recommended for security reasons.
          # Prefer manually re-running the workflow or pushing another
          # commit on the branch to trigger workflows again.
          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
          commit-message: "[MegaLinter] Apply linters automatic fixes"
          title: "[MegaLinter] Apply linters automatic fixes"
          labels: bot

      - name: Create PR output
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'pull_request' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        env:
          PR_NUMBER: ${{ steps.cpr.outputs.pull-request-number }}
          PR_URL: ${{ steps.cpr.outputs.pull-request-url }}
        run: |
          echo "PR Number - ${PR_NUMBER}"
          echo "PR URL - ${PR_URL}"

      # Push new commit if applicable
      # (for now works only on PR from same repository, not from forks)
      - name: Prepare commit
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'commit' &&
          github.ref != 'refs/heads/main' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        run: sudo chown -Rc $UID .git/

      - name: Commit and push applied linter fixes
        uses: stefanzweifel/git-auto-commit-action@v7
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'commit' &&
          github.ref != 'refs/heads/main' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        with:
          branch: >-
            ${{
              github.event.pull_request.head.ref ||
              github.head_ref ||
              github.ref
            }}
          commit_message: "[MegaLinter] Apply linters fixes"
          commit_user_name: megalinter-bot
          commit_user_email: 129584137+megalinter-bot@users.noreply.github.com
