MegaLinter: Reduce your technical debt and secure your code base for free !
Using linters on your projects will provide the following benefits:
- Reduce the number of bugs , security flaws and performance issues
- Improve coding skills of every member of your team
- Ensure a unique code style for your sources, so it is more easily understandable
- Reduce the technical debt, so ensure lower maintenance charges for your applications in the future
There are linters existing for practically every language, format or configuration files, and most of them are open-source.
You can learn more about linters on the following web sites and articles:
Strategies
There are different strategies to use linters on your projects:
- Manually install and configure all linters one by one so they are run locally and from CI jobs (can be performed with Husky and pre-commit)
- Use IDE linter plugins
- Use cloud services, like SonarCloud, CodeClimate, Codacy, CodeScene…
- Use Open-Source linters aggregators, like SuperLinter and MegaLinter
- Mix several of these strategies
I chose on all my projects to use IDE linter plugins + MegaLinter, and this tutorial will describe how to setup such strategy on a Github repository using Github Actions as CI (the instructions are applicable to other git and CI providers)
Note: such strategy is opiniotated, there are pros and cons for all strategies, that can depend of the team experience, the available budget, the project size…
What is MegaLinter ?
MegaLinter is an 100% Open-Source tool for CI/CD workflows that analyzes consistency and quality of 49 languages, 22 formats, 21 tooling formats , excessive copy-pastes and spelling mistakes in your repository sources, generates various reports, and can even apply formatting and auto-fixes, to ensure all your projects sources are clean, whatever IDE/toolbox are used by their developers.
Ready to use out of the box as a GitHub Action or any CI system, highly configurable and free for all uses
MegaLinter Setup
MegaLinter provides a command-line installer that will allow you to automatically create configuration and CI job files allowing to run a code analysis at every pull request, or even everytime a new commit is pushed in a repository.
Pre-requisite: you need to have node.js installed on your computer.
- Clone your repository
- Create a new git branch that will be used for definition
- Run command
npx mega-linter-runner --installand follow the instructions. - If you decide to automatically apply fixes, add the following item in your
.gitignorefile:report/ - Commit the updated files, push your branch then create a Pull Request
Configure MegaLinter
The first MegaLinter job should fail and display errors in a post on the Pull Request page.
Don’t panic, you don’t have to fix all the issues: for each of them, you have the choice between:
- Solve the linter error
- Configure the linter to ignore some errors
- Exclude files from linting
- Disable the linter
- Define all errors from this linter as non-blocking
- Define a maximum number of errors allowed for a linter
Note: you’ll need linter keys that can be found in documentation in column Configuration key
Solve a linter error
You can see the linter errors details by viewing CI job artifacts.
Just update your code to solve the error, commit and push to trigger a new MegaLinter analysis job :)
Configure a linter to ignore some errors
Each linter has a page in MegaLinter documentation , and contains info about:
- How to configure the linter using its configuration file
- MegaLinter variable names that you can use to override the default linter call built and run by MegaLinter
Some linters like cspell provide a fixed configuration file in artifacts, that you can copy-paste in your local files.
Ignore files
Files can be ignored using RegExp patterns defined in .mega-linter.ymlvariables:
FILTER_REGEX_EXCLUDE<linter-key>_FILTER_REGEX_EXCLUDE
You can easily build regular expressions using https://regex101.com/
Disable a linter
You can disable a linter by adding its linter key in property DISABLE_LINTERSin .mega-linter.yml
Define a linter as non-blocking
Each linter can be defined as non-blocking in .mega-linter.yml`configuration file using variable
<linter-key>_DISABLE_ERRORS: true
Define a maximum number of errors allowed for a linter
If your existing code base is big, you may want to avoid to solve the existing linter errors, but prevent from adding new errors.
In that case, you can define a maximum number of allowed errors for a linter using <linter-key>_DISABLE_ERRORS_IF_LESS_THAN: <number>.
Use a MegaLinter flavor
If a flavor is suggested, to improve performances you can update file .github/workflows/mega-linter.ymlto use theMegaLinter Flavor Github Action given in the documentation.
Bonus: Automatically apply fixes
When there are no blocking errors, if you chose to automatically apply fixes, you can see that MegaLinter will add a new commit with fixes.
Bonus: IDE Configuration
You can update your repository VsCode recommended extensions to benefit from linter checks with the same configuration than MegaLinter, while editing your source code.
Download MegaLinter artifact, and just copy-paste IDE-config folder content in your repository: it contains recommended VsCode extensions file and linter default configuration files
You’re all set !
Now your repository sources are clean and secure, you can merge your Pull Request !
Advanced usage
MegaLinter is highly configurable, you can also check the following chapters in the documentation
- Add a MegaLinter badge in your repository
- Pre-commands and post-commands
- Reporters
What’s next ?
MegaLinter v6 is currently being implemented, and will have a big focus on Security linters, and a lot of other surprises, stay tuned !
