mega-linter-runner: processing of environment variables fails when called via VS Code tasks

[ehrenle]

Describe the bug
When running mega-linter-runner directly in the terminal, the --env flags and their values are processed correctly. However, when the same command (with escaped quotes) is executed in Visual Studio Code via a VS Code task, the environment variables are parsed incorrectly.

To Reproduce
Steps to reproduce the behavior:

1. Run the following command directly in the terminal:

   mega-linter-runner --flavor cupcake --env 'VALIDATE_ALL_CODEBASE=false' --env "'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'"
   

   The command runs successfully, and the environment variables are processed as expected.

2. Configure a VS Code task with the following configuration:

   {
       "label": "Run mega-linter-runner fast (Windows)",
       "type": "shell",
       "command": "mega-linter-runner --flavor cupcake --env 'VALIDATE_ALL_CODEBASE=false' --env \"'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'\"",
       "group": {
           "kind": "build",
           "isDefault": true
       },
       "problemMatcher": []
   }
   

3. Run the task in VS Code.

   The task is executed and the command looks correct.
   However, the environment variables are not split correctly, which leads to an incorrect analysis, as follows:

   docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e VALIDATE_ALL_CODEBASE=false -e DISABLE_LINTERS=PYTHON_PYRIGHT -e SPELL_CSPELL -e REPOSITORY_GRYPE -e REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

   Specific the incorrect part: -e DISABLE_LINTERS=PYTHON_PYRIGHT -e SPELL_CSPELL -e REPOSITORY_GRYPE -e REPOSITORY_KICS

Expected behavior
For the example above, the expected parsed docker run command should look like:

docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e VALIDATE_ALL_CODEBASE=false -e DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

Screenshots
mega-linter-runner executed directly:

mega-linter-runner executed via VS Code task:

[echoix]

You might want to play with the "args" key, that is an array. See a bit below https://code.visualstudio.com/docs/editor/tasks#_custom-tasks

[ehrenle]

Unfortunately, the "args" option does not solve the problem, whether used alone or with a specified quoting type like "strong" or "weak."
To clarify: this is a Windows-specific issue when using PowerShell. The described VS Code task works just fine under Linux (bash).

[echoix]

Can I see the json you tried, to see the pattern that didn't work?

[ehrenle]

Of course. Here are the different versions I have tried:

V1

    {
      "label": "Run mega-linter-runner V1",
      "type": "shell",
      "command": "mega-linter-runner",
      "args": [
        "--flavor",
        "cupcake",
        "--env",
        "'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'"
      ],
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "problemMatcher": []
    }

Output

Executing task: mega-linter-runner --flavor cupcake --env 'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS' 

Pulling docker image oxsecurity/megalinter-cupcake:v8 ... 
INFO: this operation can be long during the first use of mega-linter-runner
The next runs, it will be immediate (thanks to docker cache !)
v8: Pulling from oxsecurity/megalinter-cupcake
Digest: sha256:fb8592250ca460b72d4caa1e45ba83189530e5484fd412b08c78aeefc60e3421
Status: Image is up to date for oxsecurity/megalinter-cupcake:v8
docker.io/oxsecurity/megalinter-cupcake:v8

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview oxsecurity/megalinter-cupcake:v8
Command: docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e DISABLE_LINTERS=PYTHON_PYRIGHT -e SPELL_CSPELL -e REPOSITORY_GRYPE -e REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

V2

    {
      "label": "Run mega-linter-runner V2",
      "type": "shell",
      "command": "mega-linter-runner",
      "args": [
        "--flavor=cupcake",
        "--env='DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'"
      ],
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "problemMatcher": []
    }

Output

Executing task: mega-linter-runner --flavor=cupcake --env='DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS' 

Pulling docker image oxsecurity/megalinter-cupcake:v8 ... 
INFO: this operation can be long during the first use of mega-linter-runner
The next runs, it will be immediate (thanks to docker cache !)
v8: Pulling from oxsecurity/megalinter-cupcake
Digest: sha256:fb8592250ca460b72d4caa1e45ba83189530e5484fd412b08c78aeefc60e3421
Status: Image is up to date for oxsecurity/megalinter-cupcake:v8
docker.io/oxsecurity/megalinter-cupcake:v8

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview oxsecurity/megalinter-cupcake:v8
Command: docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e DISABLE_LINTERS=PYTHON_PYRIGHT -e SPELL_CSPELL -e REPOSITORY_GRYPE -e REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

V3

    {
      "label": "Run mega-linter-runner V3",
      "type": "shell",
      "command": "mega-linter-runner",
      "args": [
        "--flavor",
        "cupcake",
        "--env",
        {
          "value": "'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'",
          "quoting": "weak"
        }
      ],
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "problemMatcher": []
    }

Output

Executing task: mega-linter-runner --flavor cupcake --env "'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'" 

Pulling docker image oxsecurity/megalinter-cupcake:v8 ... 
INFO: this operation can be long during the first use of mega-linter-runner
The next runs, it will be immediate (thanks to docker cache !)
v8: Pulling from oxsecurity/megalinter-cupcake
Digest: sha256:fb8592250ca460b72d4caa1e45ba83189530e5484fd412b08c78aeefc60e3421
Status: Image is up to date for oxsecurity/megalinter-cupcake:v8
docker.io/oxsecurity/megalinter-cupcake:v8

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview oxsecurity/megalinter-cupcake:v8
Command: docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e DISABLE_LINTERS=PYTHON_PYRIGHT -e SPELL_CSPELL -e REPOSITORY_GRYPE -e REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

V4

    {
      "label": "Run mega-linter-runner V4",
      "type": "shell",
      "command": "mega-linter-runner",
      "args": [
        "--flavor",
        "cupcake",
        "--env",
        {
          "value": "DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS",
          "quoting": "strong"
        }
      ],
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "problemMatcher": []
    }

Output

Executing task: mega-linter-runner --flavor cupcake --env 'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS' 

Pulling docker image oxsecurity/megalinter-cupcake:v8 ... 
INFO: this operation can be long during the first use of mega-linter-runner
The next runs, it will be immediate (thanks to docker cache !)
v8: Pulling from oxsecurity/megalinter-cupcake
Digest: sha256:fb8592250ca460b72d4caa1e45ba83189530e5484fd412b08c78aeefc60e3421
Status: Image is up to date for oxsecurity/megalinter-cupcake:v8
docker.io/oxsecurity/megalinter-cupcake:v8

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview oxsecurity/megalinter-cupcake:v8
Command: docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e DISABLE_LINTERS=PYTHON_PYRIGHT -e SPELL_CSPELL -e REPOSITORY_GRYPE -e REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

V5 with PowerShell Command

    {
      "label": "Run mega-linter-runner V5",
      "type": "shell",
      "command": "powershell",
      "args": [
        "-Command",
        "& { mega-linter-runner --flavor cupcake --env \"'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'\" }"
      ],
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "problemMatcher": []
    }

Output

Executing task: powershell -Command '& { mega-linter-runner --flavor cupcake --env "'DISABLE_LINTERS=PYTHON_PYRIGHT,SPELL_CSPELL,REPOSITORY_GRYPE,REPOSITORY_KICS'" }' 

Pulling docker image oxsecurity/megalinter-cupcake:v8 ... 
INFO: this operation can be long during the first use of mega-linter-runner
The next runs, it will be immediate (thanks to docker cache !)
v8: Pulling from oxsecurity/megalinter-cupcake
Digest: sha256:fb8592250ca460b72d4caa1e45ba83189530e5484fd412b08c78aeefc60e3421
Status: Image is up to date for oxsecurity/megalinter-cupcake:v8
docker.io/oxsecurity/megalinter-cupcake:v8

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview oxsecurity/megalinter-cupcake:v8
Command: docker run --platform linux/amd64 --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v C:\Users\leone\OneDrive\Dokumente\GitHub\SCS:/tmp/lint:rw -e DISABLE_LINTERS=PYTHON_PYRIGHT SPELL_CSPELL REPOSITORY_GRYPE REPOSITORY_KICS oxsecurity/megalinter-cupcake:v8

[nvuillam]

This is not the solution you're looking for, but meanwhile maybe you can use the .mega-linter.yml file to define the following:

DISABLE_LINTERS: 
- PYTHON_PYRIGHT
- SPELL_CSPELL
- REPOSITORY_GRYPE
- REPOSITORY_KICS

[ehrenle]

Thank you for the suggestion!

Currently, we are using the DISABLE_LINTERS variable in the .mega-linter.yml file to deactivate certain linters for pull request checks. Our approach with the --env "'DISABLE_LINTERS... argument in the runner aims to provide a more lightweight linting check for local development.

Feature Suggestion:
As an alternative to the --env parameter, it would be helpful to add support for defining multiple configurations directly within the .mega-linter.yml file. This would allow users to specify different setups for various environments, such as local development and CI/CD pipelines, without relying on command-line parameters.

[nvuillam]

@ehrenle you can already do that if you succeed to send the variable MEGALINTER_CONFIG :)

For example:

• don't send it in CI and it will use .mega-linter.yml
• define MEGALINTER_CONFIG=.mega-linter-local.yml and it will use .mega-linter-local.yml

[ehrenle]

Oh, great! It doesn't solve the original problem/bug, but it's definitely a good solution that I prefer for our use case.
Thank you very much!

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.