From 7557620a56eb70dd3d64b3c9598ac8116aff0c66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz> Date: Thu, 13 Mar 2025 17:00:45 +0000 Subject: [PATCH] Megalinter: updates * no algorthm check from devsskim * tune grype linter * updata paths to ignore --- .mega-linter.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.mega-linter.yaml b/.mega-linter.yaml index d0f9810..8125672 100644 --- a/.mega-linter.yaml +++ b/.mega-linter.yaml @@ -20,6 +20,7 @@ DISABLE_LINTERS: # yaml[octal-values]: bug ANSIBLE_ANSIBLE_LINT_ARGUMENTS: >- -x yaml[octal-values] + --exclude .ansible/roles/ --exclude megalinter-reports/ --exclude */deployments/*.yaml --exclude */playbooks/files/calico.yaml @@ -39,13 +40,17 @@ REPOSITORY_CHECKOV_ARGUMENTS: >- --skip-path .*/playbooks/files/(jupyterhub-jwt|calico).yaml --skip-path .*/playbooks/upgrade.yaml +# DS126858 (algorithm): false positive, used as images tag # DS137138 (http): local communication # DS169125 (ssl): protocol actually banned # DS169126 (ssl): protocol actually banned # DS176209: FIXME jupyterhub-jwt.yaml REPOSITORY_DEVSKIM_ARGUMENTS: >- - --ignore-globs .git/**,**/playbooks/files/calico.yaml - --ignore-rule-ids DS137138,DS169125,DS169126,DS176209 + --ignore-globs /tmp/lint/.ansible/**,/tmp/lint/.git/**,/tmp/lint/**/playbooks/files/calico.yaml + --ignore-rule-ids DS126858,DS137138,DS169125,DS169126,DS176209 + +# no check for terraform plugins +REPOSITORY_GRYPE_ARGUMENTS: --exclude ./*/terraform/** # terraform_unused_declarations: common variables file # terraform_required_providers: common requirements file @@ -57,6 +62,6 @@ TERRAFORM_TFLINT_ARGUMENTS: >- YAML_PRETTIER_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*)\.yaml$ -YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*|playbooks/files/calico|terraform/cloud-init)\.yaml$ +YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*|playbooks/files/calico|terraform/cloud-init)\.yaml$|^common/playbooks/templates/nexus/.*\.yaml$ -FILTER_REGEX_EXCLUDE: ^.*\.swp$ +FILTER_REGEX_EXCLUDE: ^.*\.swp|\.ansible/.*$ -- GitLab