megalinter icon indicating copy to clipboard operation
megalinter copied to clipboard

Published 20 hours ago verified publisher icon oxsecurity

MegaLinter v6 has been released !

Open nvuillam opened this issue 2 years ago • 12 comments

After being promised for months now, MegaLinter v6 has finally been released :)

You can see all the updates in the release notes -> https://github.com/oxsecurity/megalinter/releases/tag/v6.0.0

Just run npx mega-linter-runner@latest --upgrade to use it :) (troubleshooting)

Some linters has been removed, so if you referred to them in your configuration, you'll have to remove them

  • DOCKERFILE_DOCKERFILELINT : It was not maintained anymore and hadolint much more efficient
  • RST_RSTFMT : It was highly experimental and not maintained anymore

On some big repos, some of the new linters can be slow (like REPOSITORY_GITLEAKS) or too noisy ( like REPOSITORY_SEMGREP), don't hesitate to disable them using DISABLE_LINTERS property in .mega-linter.yml: You only can decide the linters you need !

If you see any bug/issue, please let us know !

Best regards

MegaLinter maintainers & OX Security team

Wanna know why MegaLinter has joined OX Security ? Please read the following article :)

https://nicolas.vuillamy.fr/megalinter-sells-his-soul-and-joins-ox-security-2a91a0027628

Edit: Known issues:

  • Redirection of github action megalinter/megalinter to oxsecurity/megalinter

    • GitHub deprecated automated redirections for GitHub Actions, so you need to replace megalinter/megalinter by oxsecurity/megalinter, even if you don't want to migrate to v6 yet

  • PRE_COMMANDS using npm install. Fixed in v6.0.4

    • temp fix by adding cd /node-deps && npm install xxx .... This will be automatically added soon (#1258)

  • mega-linter-runner does not upgrade report folder for uploading artifacts (#1609) Fixed in v6.0.5

    • workaround: replace manually report by megalinter-reports

nvuillam avatar Jul 10 '22 23:07 nvuillam

Félicitations! Et merci de perpétuer l'esprit OSS malgré le changement de giron de Megalinter 👍

lolrenx avatar Jul 11 '22 10:07 lolrenx

The repo path change broke all my github actions...

Congrats on V6 and the new managers!

brianpaden289 avatar Jul 11 '22 18:07 brianpaden289

The repo path change broke all my github actions...

Congrats on V6 and the new managers!

What did break exactly ? There is an automatic redirection between old repo and new repo :/ If you give more details we may find a solution ^^

nvuillam avatar Jul 11 '22 21:07 nvuillam

Yeah it broke for us also:

image

~Perhaps redirection doesn't work when using workflows that are centralized, e.g. we have our workflow that uses megalinter in a "workflows" repo that is then used by our other repos.~ See below.

Systemmanic avatar Jul 11 '22 23:07 Systemmanic

Redirects don't work for actions at all, by design:

https://github.com/actions/runner/issues/1695

As per docs:

https://docs.github.com/en/actions/learn-github-actions/finding-and-customizing-actions#adding-an-action-to-your-workflow

image

Systemmanic avatar Jul 11 '22 23:07 Systemmanic

@syncdk when I migrated from nvuillam to megalinter it worked like a charm, I did not expect this one, sorry 😭

nvuillam avatar Jul 12 '22 05:07 nvuillam

Yeah, it appears that GitHub changed this behavior between the time of the two migrations. I didn't notice since we use the pre-commit hook.

Kurt-von-Laven avatar Jul 12 '22 06:07 Kurt-von-Laven

Running npx mega-linter-runner still pulls the container:

Pulling docker image megalinter/megalinter:v5 ...

Doing npx mega-linter-runner --upgrade and running again doesn't seem to do anything. Is this user error or is something up?

andrewvaughan avatar Jul 13 '22 23:07 andrewvaughan

@andrewvaughan I think you have a previous version in cache.

Please can you try npm uninstall mega-linter-runner -g, then npx mega-linter-runner@latest --upgrade again ?

And if it still does not work, you can try npm i mega-linter-runner@latest -g then mega-linter-runner --upgrade

nvuillam avatar Jul 13 '22 23:07 nvuillam

That worked, thanks!

andrewvaughan avatar Jul 14 '22 00:07 andrewvaughan

The repo path changes broke our GitHub actions as well, but we made slight change in the workflow. From uses: megalinter/megalinter@v5 To uses: oxsecurity/megalinter@v6

Followed this template

mohsin996 avatar Aug 19 '22 11:08 mohsin996

@mohsin996 that's what mega-linter-runner --upgrade does for you :)

It also adds megalinter-reports in .gitignore file , as the report folder has changed in v6 :)

nvuillam avatar Aug 19 '22 13:08 nvuillam

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

github-actions[bot] avatar Oct 23 '22 01:10 github-actions[bot]

@nvuillam Is there any reason why MARKDOWN_REMARK_LINT was disabled in v6 (see https://oxsecurity.github.io/megalinter/latest/descriptors/markdown_remark_lint/)

Using locally to test my migration from v5 to v6

----------------------------------------------------------------------------------------------------
------------------------------------ MegaLinter, by OX Security ------------------------------------
----------------------------------------------------------------------------------------------------
 - Image Creation Date: 2022-10-23T22:50:51Z
 - Image Revision: f58627d
 - Image Version: v6
----------------------------------------------------------------------------------------------------
The MegaLinter documentation can be found at:
 - https://oxsecurity.github.io/megalinter/latest
----------------------------------------------------------------------------------------------------
MegaLinter initialization

MARKDOWN_REMARK_LINT has been temporary disabled in MegaLinter, please use a previous MegaLinter version or wait for the next one !

FYI: was disabled in context of PR #1153 (see https://github.com/oxsecurity/megalinter/blame/main/megalinter/descriptors/markdown.megalinter-descriptor.yml#L49)

llaville avatar Oct 30 '22 07:10 llaville

@nvuillam would it be possible to reconsider adding RST_RSTFMT back? They added support for pre-commit and although their development is rather limited, they seem to be the most extensive linter and support auto-fixing. Thanks!

onemec avatar Nov 01 '22 15:11 onemec

@onemec now that python packages are installed in virtualenvs, it may be possible :)

Let's see what CI job says in the pull request :) https://github.com/oxsecurity/megalinter/pull/2035

nvuillam avatar Nov 01 '22 15:11 nvuillam

@onemec rstfmt is back in beta version, and soon in next release :)

nvuillam avatar Nov 01 '22 17:11 nvuillam

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

github-actions[bot] avatar Dec 02 '22 00:12 github-actions[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

github-actions[bot] avatar Jan 02 '23 00:01 github-actions[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

github-actions[bot] avatar Feb 01 '23 01:02 github-actions[bot]