task: trivy security warnings (#218)

chriswk · Copilot · web-flow · commit f4c3ba9a7b73 · 2025-11-12T14:16:17.000+01:00
* chore(ci): Turn off trivy superlinting for now. Requires a more focused job to fix

* Update README.md



Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/.github/super-linter.env b/.github/super-linter.env
@@ -0,0 +1,11 @@
+DEFAULT_BRANCH=main
+VALIDATE_ALL_CODEBASE=false
+VALIDATE_JSCPD=false
+VALIDATE_KUBERNETES_KUBEVAL=false
+VALIDATE_YAML=false
+VALIDATE_KUBERNETES_KUBECONFORM=false
+VALIDATE_CHECKOV=false
+VALIDATE_YAML_PRETTIER=false
+VALIDATE_ESLINT=false
+VALIDATE_BIOME_FORMAT=false
+VALIDATE_TRIVY=false
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -51,17 +51,16 @@ jobs:
           # Full git history is needed to get a proper
           # list of changed files within `super-linter`
           fetch-depth: 0
+      - name: Load super-linter configuration
+        # Use grep inverse matching to exclude eventual comments in the .env file
+        # because the GitHub Actions command to set environment variables doesn't
+        # support comments.
+        # Ref: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#setting-an-environment-variable
+        run: grep -v '^#' .github/super-linter.env >> "$GITHUB_ENV"
       - name: Lint Code Base
         uses: super-linter/super-linter@v8.2.1
         env:
-          DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VALIDATE_ALL_CODEBASE: false
-          VALIDATE_JSCPD: false
-          VALIDATE_KUBERNETES_KUBEVAL: false
-          VALIDATE_YAML: false
-          VALIDATE_KUBERNETES_KUBECONFORM: false
-          VALIDATE_CHECKOV: false
 
   kubeconform:
     runs-on: ubuntu-latest
diff --git a/README.md b/README.md
@@ -64,3 +64,14 @@ helm install --debug --generate-name . # this will install the chart using the l
 # To see the output of the helm chart without running it locally, you can run the following command:
 helm install --debug --dry-run --generate-name .
 ```
+
+## Running superlinter locally
+If you're struggling with getting CI to successfully lint your code, you can run superlinter locally to see what's wrong. To do this, you need to have Docker installed on your machine. Once you have Docker installed, you can run the following command:
+
+```bash
+docker run --rm \
+    -e RUN_LOCAL=true \
+    --env-file ".github/super-linter.env" \
+    -v "$(pwd)":/tmp/lint \
+    ghcr.io/super-linter/super-linter:latest
+```
