feat: run linters in parallel

.github/linters/.checkov-test-linters.yaml → .github/linters/.checkov-test-linters-failure.yaml

@@ -1,5 +1,9 @@
 ---
 # Options reference: https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html
 
+directory:
+  - test/linters/checkov/bad
+
 quiet: false
+
 ...

.github/linters/.checkov-test-linters-success.yaml

@@ -0,0 +1,8 @@
+---
+# Options reference: https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html
+
+directory:
+  - test/linters/checkov/good
+
+quiet: false
+...

.github/linters/.gitleaks-ignore-tests.toml

@@ -0,0 +1,13 @@
+
+title = "gitleaks config"
+
+[extend]
+# useDefault will extend the base configuration with the default gitleaks config:
+# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
+useDefault = true
+
+[allowlist]
+description = "Allow secrets in test files"
+paths = [
+  '''.*/test/linters/gitleaks/bad/.*'''
+]

.github/workflows/ci.yml

@@ -110,6 +110,7 @@ jobs:
           VALIDATE_ALL_CODEBASE: false
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BRANCH: main
+          GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
           RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json"
           TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
 

.gitignore

@@ -77,6 +77,9 @@ super-linter.report
 # Code coverage data for tests
 .coverage
 
+# Terraform workspace
+.terraform
+
 # Test reports
 test/reports
 

Dockerfile

@@ -134,6 +134,7 @@ RUN apk add --no-cache \
     nodejs-current \
     openjdk17-jre \
     openssh-client \
+    parallel \
     perl \
     php82 \
     php82-ctype \

Makefile

@@ -164,6 +164,7 @@ test-git-flags: ## Run super-linter with different git-related flags
 		-e ACTIONS_RUNNER_DEBUG=true \
 		-e ERROR_ON_MISSING_EXEC_BIT=true \
 		-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
+		-e FILTER_REGEX_EXCLUDE=".*/test/linters/.*" \
 		-e DEFAULT_BRANCH=main \
 		-e IGNORE_GENERATED_FILES=true \
 		-e IGNORE_GITIGNORED_FILES=true \
@@ -178,6 +179,8 @@ lint-codebase: ## Lint the entire codebase
 		-e ACTIONS_RUNNER_DEBUG=true \
 		-e DEFAULT_BRANCH=main \
 		-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
+		-e FILTER_REGEX_EXCLUDE=".*/test/linters/.*" \
+		-e GITLEAKS_CONFIG_FILE=".gitleaks-ignore-tests.toml" \
 		-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
 		-e VALIDATE_ALL_CODEBASE=true \
 		-v "$(CURDIR):/tmp/lint" \
@@ -195,6 +198,7 @@ lint-subset-files-enable-only-one-type: ## Lint a small subset of files in the c
 		-e ACTIONS_RUNNER_DEBUG=true \
 		-e DEFAULT_BRANCH=main \
 		-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
+		-e FILTER_REGEX_EXCLUDE=".*/test/linters/.*" \
 		-e VALIDATE_ALL_CODEBASE=true \
 		-e VALIDATE_MARKDOWN=true \
 		-v "$(CURDIR):/tmp/lint" \
@@ -207,6 +211,7 @@ lint-subset-files-enable-expensive-io-checks: ## Lint a small subset of files in
 		-e ACTIONS_RUNNER_DEBUG=true \
 		-e DEFAULT_BRANCH=main \
 		-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
+		-e FILTER_REGEX_EXCLUDE=".*/test/linters/.*" \
 		-e VALIDATE_ALL_CODEBASE=true \
 		-e VALIDATE_ARM=true \
 		-e VALIDATE_CLOUDFORMATION=true \
@@ -272,19 +277,19 @@ test-custom-ssl-cert: ## Test the configuration of a custom SSL/TLS certificate
 		$(SUPER_LINTER_TEST_CONTAINER_URL)
 
 .phony: test-linters
-test-linters: ## Run the linters test suite
-	docker run \
-		-e ACTIONS_RUNNER_DEBUG=true \
-		-e CHECKOV_FILE_NAME=".checkov-test-linters.yaml" \
-		-e DEFAULT_BRANCH=main \
-		-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
-		-e JSCPD_CONFIG_FILE=".jscpd-test-linters.json" \
-		-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-		-e RUN_LOCAL=true \
-		-e TEST_CASE_RUN=true \
-		-e TYPESCRIPT_STANDARD_TSCONFIG_FILE=".github/linters/tsconfig.json" \
-		-v "$(CURDIR):/tmp/lint" \
-		$(SUPER_LINTER_TEST_CONTAINER_URL)
+test-linters: test-linters-expect-success test-linters-expect-failure ## Run the linters test suite
+
+.phony: test-linters-expect-success
+test-linters-expect-success: ## Run the linters test suite expecting successes
+	$(CURDIR)/test/run-super-linter-tests.sh \
+		$(SUPER_LINTER_TEST_CONTAINER_URL) \
+		"run_test_cases_expect_success"
+
+.phony: test-linters-expect-failure
+test-linters-expect-failure: ## Run the linters test suite expecting failures
+	$(CURDIR)/test/run-super-linter-tests.sh \
+		$(SUPER_LINTER_TEST_CONTAINER_URL) \
+		"run_test_cases_expect_failure"
 
 .phony: build-dev-container-image
 build-dev-container-image: ## Build commit linter container image

docs/add-new-linter.md

@@ -90,6 +90,7 @@ new tool, it should include:
 - Update the orchestration scripts to run the new tool:
 
   - `lib/linter.sh`
+  - `lib/functions/linterCommands.sh`
   - Provide the logic to populate the list of files or directories to examine: `lib/buildFileList.sh`
   - If necessary, provide elaborate logic to detect if the tool should examine a file or a directory: `lib/detectFiles.sh`
   - If the tool needs to take into account special cases:

docs/upgrade-guide.md

@@ -52,10 +52,6 @@ This section helps you migrate from super-linter `v5` to `v6`.
 - If you defined secret patterns in `.gitleaks.toml`, Gitleaks may report errors
   about that file. If this happens, you can
   [configure Gitleaks to ignore that file](https://github.com/gitleaks/gitleaks/tree/master?tab=readme-ov-file#gitleaksignore).
-- Gitleaks doesn't consider the `FILTER_REGEX_EXCLUDE`, `FILTER_REGEX_INCLUDE`,
-  `IGNORE_GENERATED_FILES`, `IGNORE_GITIGNORED_FILES` variables. For more
-  information about how to ignore files with Gitleaks, see
-  [the Gitleaks documentation](https://github.com/gitleaks/gitleaks/tree/master?tab=readme-ov-file#gitleaksignore).
 
 ### Jscpd