feat: add include-mode lint inputs for super-linter (#85)

schuster-riege · web-flow · commit 74e54fc2cf0c · 2026-04-01T16:04:50.000+02:00
This PR adds reusable workflow inputs for VALIDATE_KUBERNETES_KUBEVAL, 
VALIDATE_GITHUB_ACTIONS, VALIDATE_CHECKOV, and VALIDATE_GITLEAKS. It
introduces
include/exclude mode handling to avoid super-linter include/exclude
conflicts
and updates the README with usage examples.
diff --git a/.github/workflows/super-linter-non-slim.yml b/.github/workflows/super-linter-non-slim.yml
@@ -30,6 +30,54 @@ on:
           "Will parse the entire repository and find all files to validate
           across all types. NOTE: When set to false, only new or edited files
           will be parsed for validation."
+      VALIDATE_KUBERNETES_KUBEVAL:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable kubeval validation for Kubernetes manifests."
+      VALIDATE_GITHUB_ACTIONS:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable GitHub Actions validation."
+      VALIDATE_CHECKOV:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Checkov validation."
+      VALIDATE_GITLEAKS:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Gitleaks validation."
+      VALIDATE_MARKDOWN:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Markdown validation in include mode."
+      VALIDATE_YAML:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable YAML validation in include mode."
+      VALIDATE_MARKDOWN_PRETTIER:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Markdown Prettier validation."
+      VALIDATE_YAML_PRETTIER:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable YAML Prettier validation."
 
 jobs:
   build:
@@ -48,7 +96,34 @@ jobs:
           path: ${{ inputs.CODEQUALITY_PATH }}
           ref: ${{ inputs.CODEQUALITY_REF }}
 
-      - name: Lint Code Base
+      - name: Lint Code Base (include mode)
+        if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
+        uses: github/super-linter@v7
+        env:
+          ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
+          ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
+          CHECKOV_FILE_NAME: checkov/.checkov.yaml
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ github.token }}
+          JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
+          KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
+          LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
+          MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
+          VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}"
+          VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
+          VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
+          VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
+          VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
+          VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
+          VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
+          VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
+          VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
+          YAML_CONFIG_FILE: yaml/.yaml-lint.yml
+          TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
+          SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint
+
+      - name: Lint Code Base (exclude mode)
+        if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
         uses: github/super-linter@v7
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
@@ -39,6 +39,54 @@ on:
           "Will parse the entire repository and find all files to validate
           across all types. NOTE: When set to false, only new or edited files
           will be parsed for validation."
+      VALIDATE_KUBERNETES_KUBEVAL:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable kubeval validation for Kubernetes manifests."
+      VALIDATE_GITHUB_ACTIONS:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable GitHub Actions validation."
+      VALIDATE_CHECKOV:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Checkov validation."
+      VALIDATE_GITLEAKS:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Gitleaks validation."
+      VALIDATE_MARKDOWN:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Markdown validation in include mode."
+      VALIDATE_YAML:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable YAML validation in include mode."
+      VALIDATE_MARKDOWN_PRETTIER:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable Markdown Prettier validation."
+      VALIDATE_YAML_PRETTIER:
+        required: false
+        type: boolean
+        default: false
+        description: >
+          "Enable YAML Prettier validation."
 
 jobs:
   build:
@@ -60,7 +108,35 @@ jobs:
       - name: Configure git for private modules
         run: git config --global url."https://${{ github.token }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
 
-      - name: Lint Code Base
+      - name: Lint Code Base (include mode)
+        if: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER }}
+        uses: github/super-linter/slim@v7
+        env:
+          ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
+          ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
+          CHECKOV_FILE_NAME: checkov/.checkov.yaml
+          DEFAULT_BRANCH: main
+          FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
+          GITHUB_TOKEN: ${{ github.token }}
+          JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
+          KUBERNETES_KUBEVAL_OPTIONS: --ignore-missing-schemas
+          LINTER_RULES_PATH: "${{ inputs.CODEQUALITY_PATH }}/"
+          MARKDOWN_CONFIG_FILE: markdown/.markdown-lint.yml
+          VALIDATE_ALL_CODEBASE: "${{ inputs.VALIDATE_ALL_CODEBASE }}"
+          VALIDATE_MARKDOWN: ${{ inputs.VALIDATE_MARKDOWN && 'true' || '' }}
+          VALIDATE_YAML: ${{ inputs.VALIDATE_YAML && 'true' || '' }}
+          VALIDATE_KUBERNETES_KUBEVAL: ${{ inputs.VALIDATE_KUBERNETES_KUBEVAL && 'true' || '' }}
+          VALIDATE_GITHUB_ACTIONS: ${{ inputs.VALIDATE_GITHUB_ACTIONS && 'true' || '' }}
+          VALIDATE_CHECKOV: ${{ inputs.VALIDATE_CHECKOV && 'true' || '' }}
+          VALIDATE_GITLEAKS: ${{ inputs.VALIDATE_GITLEAKS && 'true' || '' }}
+          VALIDATE_MARKDOWN_PRETTIER: ${{ inputs.VALIDATE_MARKDOWN_PRETTIER && 'true' || '' }}
+          VALIDATE_YAML_PRETTIER: ${{ inputs.VALIDATE_YAML_PRETTIER && 'true' || '' }}
+          YAML_CONFIG_FILE: yaml/.yaml-lint.yml
+          TERRAFORM_TFLINT_CONFIG_FILE: terraform/.tflint.hcl
+          SQLFLUFF_CONFIG_FILE: sqlfluff/.sqlfluff-lint
+
+      - name: Lint Code Base (exclude mode)
+        if: ${{ !(inputs.VALIDATE_KUBERNETES_KUBEVAL || inputs.VALIDATE_GITHUB_ACTIONS || inputs.VALIDATE_CHECKOV || inputs.VALIDATE_GITLEAKS || inputs.VALIDATE_MARKDOWN || inputs.VALIDATE_YAML || inputs.VALIDATE_MARKDOWN_PRETTIER || inputs.VALIDATE_YAML_PRETTIER) }}
         uses: github/super-linter/slim@v7
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
diff --git a/README.md b/README.md
@@ -9,8 +9,80 @@ Use this workflow if your repository consists of multiple file formats (e.g. Jav
 Add a new workflow file like [this one](.github/workflows/lint.yml) or add the following lines to a existing workflow:
 
 ```yaml
-  call-lint-workflow:
-    uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+```
+
+Optional input to enable kubeval for Kubernetes manifests:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_KUBERNETES_KUBEVAL: true
+```
+
+Optional input to enable GitHub Actions validation:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_GITHUB_ACTIONS: true
+```
+
+Optional input to enable Checkov validation:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_CHECKOV: true
+```
+
+Optional input to enable Gitleaks validation:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_GITLEAKS: true
+```
+
+Optional input to enable Markdown Prettier validation:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_MARKDOWN_PRETTIER: true
+```
+
+Optional input to enable YAML Prettier validation:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_YAML_PRETTIER: true
+```
+
+Optional input to enable Markdown validation in include mode:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_MARKDOWN: true
+```
+
+Optional input to enable YAML validation in include mode:
+
+```yaml
+call-lint-workflow:
+uses: "riege/code-quality/.github/workflows/super-linter.yml@v1.0.0"
+with:
+  VALIDATE_YAML: true
 ```
 
 ## Terraform
