Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
621ae77
feat: add root runtime smoke tests for PHP, .NET, Rust, npm, Salesfor…
Wuodan Jun 16, 2026
071f6d1
feat: add opt-in mega-linter-runner user-map mode (definition) (#1975)
Wuodan Jun 15, 2026
c22fa8c
feat: add opt-in mega-linter-runner user-map mode (generated) (#1975)
Wuodan Jun 16, 2026
dfffc85
feat: add non-root runtime smoke tests for PHP, .NET, Rust, npm, Sale…
Wuodan Jun 16, 2026
71a29f6
feat: install .NET tools outside /root (definition) (#1975)
Wuodan Jun 15, 2026
be65e4e
feat: install .NET tools outside /root (generated) (#1975)
Wuodan Jun 15, 2026
391084a
feat: install Rust outside /root (definition) (#1975)
Wuodan Jun 15, 2026
415d406
feat: install Rust outside /root (generated) (#1975)
Wuodan Jun 15, 2026
f55d06d
feat: install PHP outside /root (definition) (#1975)
Wuodan Jun 15, 2026
acdacc6
feat: install PHP outside /root (generated) (#1975)
Wuodan Jun 15, 2026
9778637
feat: install Salesforce outside /root (definition) (#1975)
Wuodan Jun 16, 2026
26f226b
feat: install Salesforce outside /root (generated) (#1975)
Wuodan Jun 16, 2026
ec29e29
feat: support non-root SSH startup in entrypoint (definition) (#1975)
Wuodan Jun 16, 2026
91acea7
feat: support non-root SSH startup in entrypoint (definition) (#1975)
Wuodan Jun 16, 2026
ad7745d
feat: configure npm prefix outside /root (definition) (#1975)
Wuodan Jun 15, 2026
9d914e6
feat: configure npm prefix outside /root (generated) (#1975)
Wuodan Jun 16, 2026
31f4777
Merge branch 'main' into upstream-PR/06-Run-container-as-non-root
Wuodan Jun 17, 2026
5f85610
feat: install Rust outside /root (definition) (#1975)
Wuodan Jun 17, 2026
3eddb0a
feat: install Rust outside /root (generated) (#1975)
Wuodan Jun 17, 2026
b397334
feat: add opt-in mega-linter-runner user-map mode (definition) (#1975)
Wuodan Jun 17, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions .automation/build.py
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,9 @@ def generate_flavor(flavor, flavor_info):
]
extra_lines += [
"COPY entrypoint.sh /entrypoint.sh",
"RUN chmod +x entrypoint.sh",
"COPY sh/setup-runtime-user /usr/bin/setup-runtime-user",
"RUN chmod +x entrypoint.sh && \\",
" chmod u+x /usr/bin/setup-runtime-user",
'ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]',
]
build_dockerfile(
Expand Down Expand Up @@ -543,14 +545,19 @@ def build_dockerfile(
if keep_rustup is True:
rustup_cargo_cmd = " && ".join(rust_commands)
cargo_install_command = (
"RUN curl https://sh.rustup.rs -sSf |"
+ " sh -s -- -y --profile minimal --default-toolchain ${RUST_RUST_VERSION} \\\n"
+ ' && export PATH="/root/.cargo/bin:/root/.cargo/env:${PATH}" \\\n'
"RUN export RUSTUP_HOME=/usr/local/rustup CARGO_HOME=/usr/local/cargo \\\n"
+ " && curl https://sh.rustup.rs -sSf |"
+ " sh -s -- -y --profile minimal --default-toolchain ${RUST_RUST_VERSION} --no-modify-path \\\n"
+ ' && export PATH="${CARGO_HOME}/bin:${PATH}" \\\n'
+ " && rustup default stable \\\n"
+ f" && {rustup_cargo_cmd} \\\n"
+ " && rm -rf /root/.cargo/registry /root/.cargo/git "
+ "/root/.cache/sccache\n"
+ 'ENV PATH="/root/.cargo/bin:/root/.cargo/env:${PATH}"'
+ ' && for bin in "${CARGO_HOME}"/bin/*; do \\\n'
+ ' ln -sf "$bin" /usr/local/bin/"$(basename "$bin")"; \\\n'
+ " done \\\n"
+ ' && rm -rf "${CARGO_HOME}/registry" "${CARGO_HOME}/git" /root/.cache/sccache\n'
+ "ENV RUSTUP_HOME=/usr/local/rustup\n"
+ "ENV CARGO_HOME=/usr/local/cargo\n"
+ 'ENV PATH="/usr/local/cargo/bin:${PATH}"'
)
# Pin every standalone `FROM alpine:X.Y` build stage to the runtime image's
# Alpine version (parsed from the python base image) so helper stages can never
Expand Down Expand Up @@ -636,7 +643,8 @@ def build_dockerfile(
if len(npm_packages) > 0:
npm_install_command = (
"WORKDIR /node-deps\n"
+ "RUN npm --no-cache install --ignore-scripts --omit=dev \\\n "
+ "RUN npm config set prefix /usr/local \\\n"
+ " && npm --no-cache install --ignore-scripts --omit=dev \\\n "
+ " \\\n ".join(list(dict.fromkeys(npm_packages)))
+ " && \\\n"
# + ' echo "Fixing audit issues with npm…" \\\n'
Expand Down Expand Up @@ -834,15 +842,17 @@ def generate_linter_dockerfiles():
" CONFIG_REPORTER=false \\",
" SARIF_TO_HUMAN=false" "",
# "EXPOSE 80",
"RUN mkdir /root/docker_ssh && mkdir /usr/bin/megalinter-sh",
"RUN mkdir /tmp/docker_ssh && mkdir /usr/bin/megalinter-sh",
"EXPOSE 22",
"COPY entrypoint.sh /entrypoint.sh",
"COPY sh /usr/bin/megalinter-sh",
"COPY sh/megalinter_exec /usr/bin/megalinter_exec",
"COPY sh/setup-runtime-user /usr/bin/setup-runtime-user",
"COPY sh/motd /etc/motd",
'RUN find /usr/bin/megalinter-sh/ -type f -iname "*.sh" -exec chmod +x {} \\; && \\',
" chmod +x entrypoint.sh && \\",
" chmod +x /usr/bin/megalinter_exec && \\",
" chmod u+x /usr/bin/setup-runtime-user && \\",
" echo \"alias megalinter='python -m megalinter.run'\" >> ~/.bashrc && source ~/.bashrc && \\",
" echo \"alias megalinter_exec='/usr/bin/megalinter_exec'\" >> ~/.bashrc && source ~/.bashrc",
'RUN export STANDALONE_LINTER_VERSION="$(python -m megalinter.run --input /tmp --linterversion)" && \\',
Expand Down
3 changes: 3 additions & 0 deletions .cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,8 @@
"dargs",
"datrie",
"depd",
"delgroup",
"deluser",
"dezalgo",
"dont",
"drmaa",
Expand Down Expand Up @@ -1664,6 +1666,7 @@
"upshape",
"urllib3",
"usergroup",
"adduser",
"utilstest",
"utogenconf",
"uvicorn",
Expand Down
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
- Exclude `REPORT_OUTPUT_FOLDER` from linting when configured as an absolute path inside the workspace (e.g. `/tmp/lint/megalinter-reports`), fixing #7845.
- Fix command injection in Roslynator linter (`DOTNET_ROSLYNATOR`) where a crafted `.csproj` filename could break out of `dotnet restore` arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.
- Fix `IndexError` when building the single-linter Docker image for a linter whose activation depends on a file (e.g. `SPELL_VALE` requires `.vale.ini`): `python -m megalinter.run --linterversion` now bypasses activation filtering since the per-linter image is built for that linter unconditionally.
- Allow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (#1975).

- Reporters

Expand All @@ -45,6 +46,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
- Update Docker pull counters in README badges and `flavors-stats.json` with latest ghcr.io stats

- mega-linter-runner
- Add `--user-map` / `--no-user-map` to control whether the MegaLinter container runs in non-root mode. On POSIX systems `--user-map` uses the current host UID:GID; on other hosts it falls back to `1000:1000`.

- Dev
- Stop generating per-linter Dockerfiles for linters marked `disabled: true` in their descriptor. The matching images were already excluded from the build matrix (`linters_matrix.json`) and never published, so the on-disk `linters/<linter>/Dockerfile` was dead code. Deleted the 8 corresponding stale Dockerfile directories.
Expand Down
49 changes: 30 additions & 19 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -539,12 +539,18 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \
#############################################################################################

#CARGO__START
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain ${RUST_RUST_VERSION} \
&& export PATH="/root/.cargo/bin:/root/.cargo/env:${PATH}" \
RUN export RUSTUP_HOME=/usr/local/rustup CARGO_HOME=/usr/local/cargo \
&& curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain ${RUST_RUST_VERSION} --no-modify-path \
&& export PATH="${CARGO_HOME}/bin:${PATH}" \
&& rustup default stable \
&& rustup component add clippy \
&& rm -rf /root/.cargo/registry /root/.cargo/git /root/.cache/sccache
ENV PATH="/root/.cargo/bin:/root/.cargo/env:${PATH}"
&& for bin in "${CARGO_HOME}"/bin/*; do \
ln -sf "$bin" /usr/local/bin/"$(basename "$bin")"; \
done \
&& rm -rf "${CARGO_HOME}/registry" "${CARGO_HOME}/git" /root/.cache/sccache
ENV RUSTUP_HOME=/usr/local/rustup
ENV CARGO_HOME=/usr/local/cargo
ENV PATH="/usr/local/cargo/bin:${PATH}"
#CARGO__END

##############################
Expand Down Expand Up @@ -730,7 +736,8 @@ ENV NODE_OPTIONS="--max-old-space-size=8192" \
NODE_ENV=production
#NPM__START
WORKDIR /node-deps
RUN npm --no-cache install --ignore-scripts --omit=dev \
RUN npm config set prefix /usr/local \
&& npm --no-cache install --ignore-scripts --omit=dev \
@salesforce/cli@${NPM_SALESFORCE_CLI_VERSION} \
typescript@${NPM_TYPESCRIPT_VERSION} \
@coffeelint/cli@${NPM_COFFEELINT_CLI_VERSION} \
Expand Down Expand Up @@ -803,8 +810,8 @@ esac \
&& chmod +x /opt/microsoft/powershell/7/pwsh \
&& ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh \
# CSHARP installation
&& apk add --no-cache dotnet10-sdk
ENV PATH="${PATH}:/root/.dotnet/tools"
&& apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
ENV PATH="${PATH}:/usr/local/dotnet-tools"
# DART installation
ENV LANG=C.UTF-8
RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \
Expand Down Expand Up @@ -859,7 +866,8 @@ ENV PATH="$JAVA_HOME/bin:${PATH}"
# PHP installation
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
# Managed with COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
# POWERSHELL installation
# Next line commented because already managed by another linter
# RUN case ${TARGETPLATFORM} in \
Expand All @@ -876,6 +884,7 @@ ENV PATH="/root/.composer/vendor/bin:${PATH}"
# ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
# Next line commented because already managed by another linter
# ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand All @@ -892,9 +901,9 @@ RUN curl --retry-all-errors --retry 10 -fLo coursier https://github.com/coursier
# TYPESCRIPT installation
# VBDOTNET installation
# Next line commented because already managed by another linter
# RUN apk add --no-cache dotnet10-sdk
# RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
# Next line commented because already managed by another linter
# ENV PATH="${PATH}:/root/.dotnet/tools"
# ENV PATH="${PATH}:/usr/local/dotnet-tools"
# actionlint installation
# Managed with COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
# # shellcheck is a dependency for actionlint
Expand Down Expand Up @@ -940,9 +949,9 @@ esac \
# jscpd installation
# cpplint installation
# csharpier installation
&& dotnet tool install --allow-roll-forward --global csharpier --version "${CSHARP_CSHARPIER_VERSION}" \
&& dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools csharpier --version "${CSHARP_CSHARPIER_VERSION}" \
# roslynator installation
&& dotnet tool install --allow-roll-forward --global roslynator.dotnet.cli --version "${CSHARP_ROSLYNATOR_VERSION}" \
&& dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools roslynator.dotnet.cli --version "${CSHARP_ROSLYNATOR_VERSION}" \
# stylelint installation
# dartanalyzer installation
&& case ${TARGETPLATFORM} in \
Expand Down Expand Up @@ -1098,10 +1107,10 @@ ENV PATH="~/.raku/bin:/opt/rakudo-pkg/bin:/opt/rakudo-pkg/share/perl6/site/bin:$
# checkov installation
# devskim installation
# Next line commented because already managed by another linter
# RUN apk add --no-cache dotnet10-sdk
# RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
# Next line commented because already managed by another linter
# ENV PATH="${PATH}:/root/.dotnet/tools"
RUN dotnet tool install --allow-roll-forward --global Microsoft.CST.DevSkim.CLI --version ${REPOSITORY_DEVSKIM_VERSION} \
# ENV PATH="${PATH}:/usr/local/dotnet-tools"
RUN dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools Microsoft.CST.DevSkim.CLI --version ${REPOSITORY_DEVSKIM_VERSION} \
# dustilock installation
# Managed with COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock
# gitleaks installation
Expand Down Expand Up @@ -1168,10 +1177,10 @@ RUN dotnet tool install --allow-roll-forward --global Microsoft.CST.DevSkim.CLI
# sqlfluff installation
# tsqllint installation
# Next line commented because already managed by another linter
# RUN apk add --no-cache dotnet10-sdk
# RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
# Next line commented because already managed by another linter
# ENV PATH="${PATH}:/root/.dotnet/tools"
&& dotnet tool install --allow-roll-forward --global TSQLLint --version ${SQL_TSQLLINT_VERSION}
# ENV PATH="${PATH}:/usr/local/dotnet-tools"
&& dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools TSQLLint --version ${SQL_TSQLLINT_VERSION}
# swiftlint installation
# renovate: datasource=docker depName=ghcr.io/realm/swiftlint
ENV SWIFT_SWIFTLINT_VERSION=0.63.3
Expand Down Expand Up @@ -1249,6 +1258,8 @@ LABEL com.github.actions.name="MegaLinter" \

#EXTRA_DOCKERFILE_LINES__START
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x entrypoint.sh
COPY sh/setup-runtime-user /usr/bin/setup-runtime-user
RUN chmod +x entrypoint.sh && \
chmod u+x /usr/bin/setup-runtime-user
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
#EXTRA_DOCKERFILE_LINES__END
4 changes: 2 additions & 2 deletions docs/descriptors/csharp.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ description: dotnet-format, csharpier, roslynator are available to analyze CSHAR

- Dockerfile commands :
```dockerfile
RUN apk add --no-cache dotnet10-sdk
ENV PATH="${PATH}:/root/.dotnet/tools"
RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
ENV PATH="${PATH}:/usr/local/dotnet-tools"
```

6 changes: 3 additions & 3 deletions docs/descriptors/csharp_csharpier.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,11 +124,11 @@ Commands:
- Dockerfile commands :
```dockerfile
# Parent descriptor install
RUN apk add --no-cache dotnet10-sdk
ENV PATH="${PATH}:/root/.dotnet/tools"
RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
ENV PATH="${PATH}:/usr/local/dotnet-tools"
# Linter install
# renovate: datasource=nuget depName=csharpier
ARG CSHARP_CSHARPIER_VERSION=1.2.6
RUN dotnet tool install --allow-roll-forward --global csharpier --version "${CSHARP_CSHARPIER_VERSION}"
RUN dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools csharpier --version "${CSHARP_CSHARPIER_VERSION}"
```

6 changes: 3 additions & 3 deletions docs/descriptors/csharp_roslynator.md
Original file line number Diff line number Diff line change
Expand Up @@ -123,11 +123,11 @@ Run 'roslynator help [command]' for more information on a command.
- Dockerfile commands :
```dockerfile
# Parent descriptor install
RUN apk add --no-cache dotnet10-sdk
ENV PATH="${PATH}:/root/.dotnet/tools"
RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
ENV PATH="${PATH}:/usr/local/dotnet-tools"
# Linter install
# renovate: datasource=nuget depName=roslynator.dotnet.cli
ARG CSHARP_ROSLYNATOR_VERSION=0.12.0
RUN dotnet tool install --allow-roll-forward --global roslynator.dotnet.cli --version "${CSHARP_ROSLYNATOR_VERSION}"
RUN dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools roslynator.dotnet.cli --version "${CSHARP_ROSLYNATOR_VERSION}"
```

3 changes: 2 additions & 1 deletion docs/descriptors/php.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ description: phpcs, phpstan, psalm, phplint, php-cs-fixer are available to analy
```dockerfile
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
```

- APK packages (Linux):
Expand Down
3 changes: 2 additions & 1 deletion docs/descriptors/php_php_cs_fixer.md
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,8 @@ Help:
# Parent descriptor install
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
# Linter install
# renovate: datasource=packagist depName=friendsofphp/php-cs-fixer
ARG PHP_FRIENDSOFPHP_PHP_CS_FIXER_VERSION=v3.95.7
Expand Down
3 changes: 2 additions & 1 deletion docs/descriptors/php_phpcs.md
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,8 @@ Miscellaneous Options:
# Parent descriptor install
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
# Linter install
# renovate: datasource=packagist depName=squizlabs/php_codesniffer
ARG PHP_SQUIZLABS_PHP_CODESNIFFER_VERSION=4.0.1
Expand Down
3 changes: 2 additions & 1 deletion docs/descriptors/php_phplint.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,8 @@ Options:
# Parent descriptor install
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
# Linter install
# renovate: datasource=packagist depName=overtrue/phplint
ARG PHP_OVERTRUE_PHPLINT_VERSION=9.7.2
Expand Down
3 changes: 2 additions & 1 deletion docs/descriptors/php_phpstan.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,8 @@ Options:
# Parent descriptor install
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
# Linter install
# renovate: datasource=packagist depName=phpstan/phpstan
ARG PHP_PHPSTAN_PHPSTAN_VERSION=2.2.2
Expand Down
3 changes: 2 additions & 1 deletion docs/descriptors/php_psalm.md
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,8 @@ Miscellaneous:
# Parent descriptor install
RUN update-alternatives --install /usr/bin/php php /usr/bin/php84 110
COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer
ENV PATH="/root/.composer/vendor/bin:${PATH}"
ENV COMPOSER_HOME=/usr/local/composer
ENV PATH="/usr/local/composer/vendor/bin:${PATH}"
# Linter install
# renovate: datasource=packagist depName=vimeo/psalm
ARG PHP_VIMEO_PSALM_VERSION=6.16.1
Expand Down
6 changes: 3 additions & 3 deletions docs/descriptors/repository_devskim.md
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,9 @@ devskim 1.0.70+d69541fde7
```dockerfile
# renovate: datasource=nuget depName=Microsoft.CST.DevSkim.CLI
ARG REPOSITORY_DEVSKIM_VERSION=1.0.70
RUN apk add --no-cache dotnet10-sdk
ENV PATH="${PATH}:/root/.dotnet/tools"
RUN dotnet tool install --allow-roll-forward --global Microsoft.CST.DevSkim.CLI --version ${REPOSITORY_DEVSKIM_VERSION}
RUN apk add --no-cache dotnet10-sdk && install -d /usr/local/dotnet-tools
ENV PATH="${PATH}:/usr/local/dotnet-tools"
RUN dotnet tool install --allow-roll-forward --tool-path /usr/local/dotnet-tools Microsoft.CST.DevSkim.CLI --version ${REPOSITORY_DEVSKIM_VERSION}
```


Expand Down
1 change: 1 addition & 0 deletions docs/descriptors/salesforce.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.28.6
ARG SFDX_HARDIS_VERSION=7.15.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand Down
1 change: 1 addition & 0 deletions docs/descriptors/salesforce_code_analyzer_apex.md
Original file line number Diff line number Diff line change
Expand Up @@ -493,6 +493,7 @@ ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.28.6
ARG SFDX_HARDIS_VERSION=7.15.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand Down
1 change: 1 addition & 0 deletions docs/descriptors/salesforce_code_analyzer_aura.md
Original file line number Diff line number Diff line change
Expand Up @@ -718,6 +718,7 @@ ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.28.6
ARG SFDX_HARDIS_VERSION=7.15.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand Down
1 change: 1 addition & 0 deletions docs/descriptors/salesforce_code_analyzer_lwc.md
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.28.6
ARG SFDX_HARDIS_VERSION=7.15.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand Down
1 change: 1 addition & 0 deletions docs/descriptors/salesforce_lightning_flow_scanner.md
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.28.6
ARG SFDX_HARDIS_VERSION=7.15.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand Down
1 change: 1 addition & 0 deletions docs/descriptors/salesforce_sfdx_scanner_apex.md
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,7 @@ ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.28.6
ARG SFDX_HARDIS_VERSION=7.15.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
ENV XDG_DATA_HOME=/usr/local/share
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
Expand Down
Loading
Loading