search

oxsecurity / megalinter

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
https://megalinter.io
GNU Affero General Public License v3.0
1.8k stars 215 forks source link

False negatives in v8r when validating mega-linter.yml #3674

Closed vonbraunbates closed 1 week ago

vonbraunbates commented 1 week ago

Describe the bug As for #321 except the properties missing from the schema are APPLY_FIXES_EVENT and APPLY_FIXES_MODE

To Reproduce Steps to reproduce the behavior:

  1. Add APPLY_FIXES_EVENT: commit to .mega-linter.yml
  2. Run npx mega-linter-runner -e "'ENABLE_LINTERS=YAML_V8R'" to validate the megalinter config file against the schema
  3. Open the report .megalinter-reports/linters_logs/WARNING-YAML-V8R.log to see the details:

Processing ./.mega-linter.yml Searching for schema in .v8rrc.yml ... Cache hit: using cached response from https://www.schemastore.org/api/json/catalog.json Cache hit: using cached response from https://json.schemastore.org/schema-catalog.json Searching for schema in https://www.schemastore.org/api/json/catalog.json ... Found schema in https://www.schemastore.org/api/json/catalog.json ... Cache miss: calling https://raw.githubusercontent.com/megalinter/megalinter/main/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json Validating ./.mega-linter.yml against schema from https://raw.githubusercontent.com/megalinter/megalinter/main/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json ... ✖ ./.mega-linter.yml is invalid

./.mega-linter.yml# must NOT have additional properties ./.mega-linter.yml# must NOT have additional properties

Via a process of elimination, the APPLY_FIXES_* properties turn out to be missing from the schema.

Expected behavior These are allowed flags so should validate correctly in V8R. Perhaps the only subtlety with these is this note which reads:

You can use Updated sources reporter if you don't want fixes to be automatically applied on git branch, but download them in a zipped file and manually extract them in your project If used, APPLY_FIXES_EVENT and APPLY_FIXES_MODE can not be defined in .mega-linter.ymlconfig file, they must be set as environment variables

Does that mean that neither of these are valid properties (because they "can not be defined in [the] config file")? In which case the V8R report is correct, but the documentation should be clarified (to specify that they should be supplied only as environment variables).

Screenshots None

Additional context None

vonbraunbates commented 1 week ago

3152 and #3064 are similar issues, different properties.

nvuillam commented 1 week ago

@vonbraunbates APPLY_FIXES_EVENT is a variable only used in MegaLinter GitHub Actions Workflow, it is not internally used by MegaLinter own engine, that's why it is not in the Schema :)

(defining it in .mega-linter.yml config file would have no effect at all)

vonbraunbates commented 6 days ago

So the validator is correct: thank you, I will remove these lines from my config file and put them in the actions workflow instead.

nvuillam commented 6 days ago

You're welcome :)