From db4253f002209b9cb1b489ea38a2de93f4553071 Mon Sep 17 00:00:00 2001 From: Daniel Gibbs Date: Sun, 19 Apr 2026 21:06:52 +0000 Subject: [PATCH] fix(ci): resolve super-linter failures - Set DEFAULT_BRANCH to current branch to fix 'master not found' error - Use fetch-depth: 0 so GITHUB_BEFORE_SHA can be resolved - Set update_etl.sh executable bit (BASH_EXEC) - Fix .codespellrc tab indentation (EDITORCONFIG) - Add .gitleaks.toml allowlist for GA4 Measurement Protocol API secret (GITLEAKS) - Fix .markdown-lint.yml: disable MD030/MD013/MD033/MD041/MD051 to match existing repo style (MARKDOWN) --- .github/linters/.codespellrc | 10 +++++----- .github/linters/.gitleaks.toml | 9 +++++++++ .github/linters/.markdown-lint.yml | 11 ++++------- .github/workflows/action-super-linter.yml | 6 +++--- lgsm/modules/update_etl.sh | 0 5 files changed, 21 insertions(+), 15 deletions(-) create mode 100644 .github/linters/.gitleaks.toml mode change 100644 => 100755 lgsm/modules/update_etl.sh diff --git a/.github/linters/.codespellrc b/.github/linters/.codespellrc index 229066881..47dd5ccea 100644 --- a/.github/linters/.codespellrc +++ b/.github/linters/.codespellrc @@ -1,11 +1,11 @@ [codespell] # Skip data tables that contain many short server identifiers (e.g. "fof", "nd") skip = - lgsm/data/*.csv, - package-lock.json, - */package-lock.json, - node_modules, - */node_modules/* + lgsm/data/*.csv, + package-lock.json, + */package-lock.json, + node_modules, + */node_modules/* # Ignore common identifiers/acronyms and extensions used throughout LinuxGSM ignore-words-list = distroname,fof,nd,sav,parms,ThirdParty diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml new file mode 100644 index 000000000..b61845ba6 --- /dev/null +++ b/.github/linters/.gitleaks.toml @@ -0,0 +1,9 @@ +title = "LinuxGSM Gitleaks Config" + +[allowlist] + description = "Known false positives" + regexes = [ + # Google Analytics 4 Measurement Protocol API secret - not a sensitive credential, + # it is intentionally embedded in client-side code and is safe to be public. + '''apisecret="[A-Za-z0-9_\-]+"''', + ] diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml index 094bbbcd6..62d421814 100644 --- a/.github/linters/.markdown-lint.yml +++ b/.github/linters/.markdown-lint.yml @@ -12,12 +12,9 @@ MD013: false # MD033: The main README uses inline HTML for badges. MD033: false -# Match existing list formatting in this repo. +# MD007: Repo uses 2-space indentation for nested lists. MD007: - indent: 4 + indent: 2 -MD030: - ul_single: 3 - ol_single: 2 - ul_multi: 3 - ol_multi: 2 +# MD030: Repo mixes 1-space unordered and 2-space ordered list markers. +MD030: false diff --git a/.github/workflows/action-super-linter.yml b/.github/workflows/action-super-linter.yml index de396dcd4..e2755e20a 100644 --- a/.github/workflows/action-super-linter.yml +++ b/.github/workflows/action-super-linter.yml @@ -27,9 +27,8 @@ jobs: - name: Checkout code uses: actions/checkout@v6 with: - # Shallow clone reduces transient fetch failures (HTTP 500) from GitHub. - # We lint the whole codebase instead of relying on git history. - fetch-depth: 1 + # Full clone required so super-linter can resolve GITHUB_BEFORE_SHA. + fetch-depth: 0 fetch-tags: false persist-credentials: false @@ -42,6 +41,7 @@ jobs: env: # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEFAULT_BRANCH: ${{ github.ref_name }} VALIDATE_BIOME_FORMAT: false VALIDATE_BIOME_LINT: false VALIDATE_GITHUB_ACTIONS_ZIZMOR: false diff --git a/lgsm/modules/update_etl.sh b/lgsm/modules/update_etl.sh old mode 100644 new mode 100755