diff --git a/.github/workflows/comment_issue.yml b/.github/workflows/comment_issue.yml deleted file mode 100644 index 12fb218..0000000 --- a/.github/workflows/comment_issue.yml +++ /dev/null @@ -1,97 +0,0 @@ -name: Comment issue on Jira - -on: - issue_comment: - types: [created] - -jobs: - jira: - env: - JIRA_CREATE_COMMENT_AUTO: ${{ secrets.JIRA_CREATE_COMMENT_AUTO }} - runs-on: ubuntu-latest - steps: - - - name: Start workflow if JIRA_CREATE_COMMENT_AUTO is enabled - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' - run: echo "Starting workflow" - - - name: Check GitHub Issue type - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' - id: github_issue_type - uses: actions/github-script@v2.0.0 - with: - result-encoding: string - script: | - // An Issue can be a pull request, you can identify pull requests by the pull_request key - const pullRequest = ${{ toJson(github.event.issue.pull_request) }} - if(pullRequest) { - return "pull-request" - } else { - return "issue" - } - - - name: Check if GitHub Issue has JIRA_ISSUE_LABEL - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' - id: github_issue_has_jira_issue_label - uses: actions/github-script@v2.0.0 - env: - JIRA_ISSUE_LABEL: ${{ secrets.JIRA_ISSUE_LABEL }} - with: - result-encoding: string - script: | - const labels = ${{ toJson(github.event.issue.labels) }} - if(labels.find(label => label.name == process.env.JIRA_ISSUE_LABEL)) { - return "true" - } else { - return "false" - } - - - name: Continue workflow only for Issues (not Pull Requests) tagged with JIRA_ISSUE_LABEL - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' && env.GITHUB_ISSUE_TYPE == 'issue' && env.GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL == 'true' - env: - GITHUB_ISSUE_TYPE: ${{ steps.github_issue_type.outputs.result }} - GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL: ${{ steps.github_issue_has_jira_issue_label.outputs.result }} - run: echo "GitHub Issue is tracked on Jira, eligilbe to be commented" - - - name: Jira Login - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' && env.GITHUB_ISSUE_TYPE == 'issue' && env.GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL == 'true' - id: login - uses: atlassian/gajira-login@v2.0.0 - env: - GITHUB_ISSUE_TYPE: ${{ steps.github_issue_type.outputs.result }} - GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL: ${{ steps.github_issue_has_jira_issue_label.outputs.result }} - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Extract Jira number - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' && env.GITHUB_ISSUE_TYPE == 'issue' && env.GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL == 'true' - id: extract_jira_number - uses: actions/github-script@v2.0.0 - env: - GITHUB_ISSUE_TYPE: ${{ steps.github_issue_type.outputs.result }} - GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL: ${{ steps.github_issue_has_jira_issue_label.outputs.result }} - JIRA_PROJECT: ${{ secrets.JIRA_PROJECT }} - GITHUB_TITLE: ${{ github.event.issue.title }} - with: - script: | - const jiraTaskRegex = new RegExp(`\\\[(${process.env.JIRA_PROJECT}-[0-9]+?)\\\]`) - return process.env.GITHUB_TITLE.match(jiraTaskRegex)[1] - result-encoding: string - - - name: Jira Add comment on issue - if: env.JIRA_CREATE_COMMENT_AUTO == 'true' && env.GITHUB_ISSUE_TYPE == 'issue' && env.GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL == 'true' - id: add_comment_jira_issue - uses: atlassian/gajira-comment@v2.0.2 - env: - GITHUB_ISSUE_TYPE: ${{ steps.github_issue_type.outputs.result }} - GITHUB_ISSUE_HAS_JIRA_ISSUE_LABEL: ${{ steps.github_issue_has_jira_issue_label.outputs.result }} - with: - issue: ${{ steps.extract_jira_number.outputs.result }} - comment: | - GitHub Comment : ${{ github.event.comment.user.login }} - {quote}${{ github.event.comment.body }}{quote} - ---- - {panel} - _[Github permalink |${{ github.event.comment.html_url }}]_ - {panel} diff --git a/.github/workflows/create_issue.yml b/.github/workflows/create_issue.yml deleted file mode 100644 index 14c9f3b..0000000 --- a/.github/workflows/create_issue.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: Create issue on Jira - -on: - issues: - types: [opened] - -jobs: - jira: - env: - JIRA_CREATE_ISSUE_AUTO: ${{ secrets.JIRA_CREATE_ISSUE_AUTO }} - runs-on: ubuntu-latest - steps: - - - name: Start workflow if JIRA_CREATE_ISSUE_AUTO is enabled - if: env.JIRA_CREATE_ISSUE_AUTO == 'true' - run: echo "Starting workflow" - - - name: Jira Login - if: env.JIRA_CREATE_ISSUE_AUTO == 'true' - id: login - uses: atlassian/gajira-login@v2.0.0 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Jira Create issue - if: env.JIRA_CREATE_ISSUE_AUTO == 'true' - id: create_jira_issue - uses: atlassian/gajira-create@v2.0.1 - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: "[GH#${{ github.event.issue.number }}] ${{ github.event.issue.title }}" - description: | - ${{ github.event.issue.body }} - ---- - {panel} - _[Github permalink |${{ github.event.issue.html_url }}]_ - {panel} - - - name: Update Jira issue if JIRA_UPDATE_ISSUE_BODY is defined - if: env.JIRA_CREATE_ISSUE_AUTO == 'true' && env.JIRA_UPDATE_ISSUE_BODY != '' - env: - JIRA_UPDATE_ISSUE_BODY: ${{ secrets.JIRA_UPDATE_ISSUE_BODY }} - run: > - curl - -u ${{ secrets.JIRA_USER_EMAIL }}:${{ secrets.JIRA_API_TOKEN }} - -X PUT - -H 'Content-Type: application/json' - -d '${{ env.JIRA_UPDATE_ISSUE_BODY }}' - ${{ secrets.JIRA_BASE_URL }}/rest/api/2/issue/${{ steps.create_jira_issue.outputs.issue }} - - - name: Update GitHub issue - if: env.JIRA_CREATE_ISSUE_AUTO == 'true' - uses: actions/github-script@v2.0.0 - env: - JIRA_ISSUE_NUMBER: ${{ steps.create_jira_issue.outputs.issue }} - GITHUB_ORIGINAL_TITLE: ${{ github.event.issue.title }} - JIRA_ISSUE_LABEL: ${{ secrets.JIRA_ISSUE_LABEL }} - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const newTitle = `[${process.env.JIRA_ISSUE_NUMBER}] ${process.env.GITHUB_ORIGINAL_TITLE}` - github.issues.update({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - title: newTitle - }) - github.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: [process.env.JIRA_ISSUE_LABEL] - }) - - - - name: Add comment after sync - if: env.JIRA_CREATE_ISSUE_AUTO == 'true' - uses: actions/github-script@v2.0.0 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - github.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: 'Internal ticket created : [${{ steps.create_jira_issue.outputs.issue }}](${{ secrets.JIRA_BASE_URL }}/browse/${{ steps.create_jira_issue.outputs.issue }})' - }) diff --git a/.github/workflows/create_issue_on_label.yml b/.github/workflows/create_issue_on_label.yml deleted file mode 100644 index de4ab93..0000000 --- a/.github/workflows/create_issue_on_label.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Create issue on Jira when labeled with JIRA_ISSUE_LABEL - -on: - issues: - types: [labeled] - -jobs: - jira: - env: - JIRA_ISSUE_LABEL: ${{ secrets.JIRA_ISSUE_LABEL }} - runs-on: ubuntu-latest - steps: - - - name: Start workflow if GitHub issue is tagged with JIRA_ISSUE_LABEL - if: github.event.label.name == env.JIRA_ISSUE_LABEL - run: echo "Starting workflow" - - - name: Jira Login - if: github.event.label.name == env.JIRA_ISSUE_LABEL - id: login - uses: atlassian/gajira-login@v2.0.0 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Jira Create issue - if: github.event.label.name == env.JIRA_ISSUE_LABEL - id: create_jira_issue - uses: atlassian/gajira-create@v2.0.1 - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: "[GH#${{ github.event.issue.number }}] ${{ github.event.issue.title }}" - description: | - ${{ github.event.issue.body }} - ---- - {panel} - _[Github permalink |${{ github.event.issue.html_url }}]_ - {panel} - - - name: Update Jira issue if JIRA_UPDATE_ISSUE_BODY is defined - if: github.event.label.name == env.JIRA_ISSUE_LABEL && env.JIRA_UPDATE_ISSUE_BODY != '' - env: - JIRA_UPDATE_ISSUE_BODY: ${{ secrets.JIRA_UPDATE_ISSUE_BODY }} - run: > - curl - -u ${{ secrets.JIRA_USER_EMAIL }}:${{ secrets.JIRA_API_TOKEN }} - -X PUT - -H 'Content-Type: application/json' - -d '${{ env.JIRA_UPDATE_ISSUE_BODY }}' - ${{ secrets.JIRA_BASE_URL }}/rest/api/2/issue/${{ steps.create_jira_issue.outputs.issue }} - - - name: Change Title - if: github.event.label.name == env.JIRA_ISSUE_LABEL - uses: actions/github-script@v2.0.0 - env: - JIRA_ISSUE_NUMBER: ${{ steps.create_jira_issue.outputs.issue }} - GITHUB_ORIGINAL_TITLE: ${{ github.event.issue.title }} - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const newTitle = `[${process.env.JIRA_ISSUE_NUMBER}] ${process.env.GITHUB_ORIGINAL_TITLE}` - github.issues.update({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - title: newTitle - }) - - - name: Add comment after sync - if: github.event.label.name == env.JIRA_ISSUE_LABEL - uses: actions/github-script@v2.0.0 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - github.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: 'Internal ticket created : [${{ steps.create_jira_issue.outputs.issue }}](${{ secrets.JIRA_BASE_URL }}/browse/${{ steps.create_jira_issue.outputs.issue }})' - }) diff --git a/README.md b/README.md index d5dfabc..ca7bb99 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Codacy Badge](https://app.codacy.com/project/badge/Grade/946b78614f154f81b1c9c0514fd9f35c)](https://www.codacy.com/gh/codacy/codacy-analysis-cli-action/dashboard?utm_source=github.com&utm_medium=referral&utm_content=codacy/codacy-analysis-cli-action&utm_campaign=Badge_Grade) -GitHub Action for running Codacy static analysis on [over 30 supported languages](https://docs.codacy.com/getting-started/supported-languages-and-tools/) and returning identified issues in the code. +GitHub Action for running Codacy static analysis on [over 40 supported languages](https://docs.codacy.com/getting-started/supported-languages-and-tools/) and returning identified issues in the code.
@@ -10,7 +10,7 @@ GitHub Action for running Codacy static analysis on [over 30 supported languages
-[Codacy](https://www.codacy.com/) is an automated code review tool that makes it easy to ensure your team is writing high-quality code by analyzing more than 30 programming languages such as PHP, JavaScript, Python, Java, and Ruby. Codacy allows you to define your own quality rules, code patterns and quality settings you'd like to enforce to prevent issues on your codebase. +[Codacy](https://www.codacy.com/) is an automated code review tool that makes it easy to ensure your team is writing high-quality code by analyzing more than 40 programming languages such as PHP, JavaScript, Python, Java, and Ruby. Codacy allows you to define your own quality rules, code patterns and quality settings you'd like to enforce to prevent issues on your codebase. The Codacy GitHub Action supports the following scenarios: @@ -85,7 +85,7 @@ jobs: # Adjust severity of non-security issues gh-code-scanning-compat: true # Force 0 exit code to allow SARIF file generation - # This will handover control about PR rejection to the GitHub side + # This will hand over control about PR rejection to the GitHub side max-allowed-issues: 2147483647 # Upload the SARIF file generated in the previous step @@ -97,7 +97,7 @@ jobs: ## Integration with Codacy for client-side tools -Use the GitHub Action to run any of the [containerized Codacy client-side tools](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/) and upload the results of the analysis to Codacy. +Use the GitHub Action to run any of the [**containerized** client-side tools supported by Codacy](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/) and upload the results of the analysis to Codacy. In this scenario, the GitHub action: @@ -110,18 +110,20 @@ After this, Codacy displays the results of the analysis of your commits and pull To use the GitHub Action with Codacy integration: +1. On Codacy, [enable the containerized client-side tool](../../repositories-configure/configuring-code-patterns.md) and configure the corresponding code patterns on your repository **Code patterns** page. + 1. On Codacy, enable **Run analysis through build server** in your repository **Settings**, tab **General**, **Repository analysis**. This setting enables Codacy to wait for the results of the local analysis before resuming the analysis of your commits. 2. Set up an API token to allow the GitHub Action to authenticate on Codacy: - - **If you're setting up one repository**, [obtain a project API token](../codacy-api/api-tokens/#project-api-tokens) and store it as an [encrypted secret for your **repository**](https://docs.github.com/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository) with the name `CODACY_PROJECT_TOKEN`. - - **If you're setting up multiple repositories**, [obtain an account API token](../codacy-api/api-tokens/#account-api-tokens) and store it as an [encrypted secret for your **organization**](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-an-organization) with the name `CODACY_API_TOKEN`. + - **If you're setting up one repository**, [obtain a project API token](https://docs.codacy.com/codacy-api/api-tokens/#project-api-tokens) and store it as an [encrypted secret for your **repository**](https://docs.github.com/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository) with the name `CODACY_PROJECT_TOKEN`. + - **If you're setting up multiple repositories**, [obtain an account API token](https://docs.codacy.com/codacy-api/api-tokens/#account-api-tokens) and store it as an [encrypted secret for your **organization**](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-an-organization) with the name `CODACY_API_TOKEN`. - > ⚠️ **Never write API tokens on your configuration files** and keep your API tokens well protected, as they grant owner permissions to your projects on Codacy. + > ⚠️ **Never write API tokens to your configuration files** and keep your API tokens well protected, as they grant owner permissions to your projects on Codacy. -3. Add the following to a file `.github/workflows/codacy-analysis.yaml` in your repository, where `` is the name of the [**containerized** client-side tool](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/) that the Codacy Analysis CLI will run locally, or don't specify this parameter to run all tools supported by Codacy: +3. Add the following to a file `.github/workflows/codacy-analysis.yaml` in your repository, where `` is the name of the [containerized client-side tool](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/) that the Codacy Analysis CLI will run locally, or don't specify this parameter to run all tools supported by Codacy: ```yaml name: Codacy Analysis CLI @@ -147,6 +149,16 @@ To use the GitHub Action with Codacy integration: max-allowed-issues: 2147483647 ``` + **If you're running a Go client-side tool** you must also set up the Go environment before running the Codacy Analysis CLI GitHub Action. We recommend using the [setup-go GitHub Action](https://github.com/actions/setup-go) for this: + + ```yaml + - name: set-up go + uses: actions/setup-go@v3 + with: + # Go version currently supported by Codacy + go-version: 1.19.1 + ``` + 4. Optionally, specify the following parameters to run [**standalone** client-side tools](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/): ```yaml @@ -154,7 +166,7 @@ To use the GitHub Action with Codacy integration: run-staticcheck: "true" ``` - Due to the complex orchestration of the tools Clang-Tidy and Faux Pas, in this case the action can receive instead the output files of the tools and uploads them to Codacy: + Due to the complex orchestration of the tools Clang-Tidy and Faux Pas, the action can receive instead the output files of the tools and upload them to Codacy: ```yaml clang-tidy-output: "path/to/output" @@ -169,12 +181,19 @@ To use the GitHub Action with Codacy integration: 5. Optionally, [enable the GitHub integration](https://docs.codacy.com/repositories-configure/integrations/github-integration/) on Codacy to have information about the analysis of the changed files directly on your pull requests. -## Extra configurations +## Parameters + +The Codacy GitHub Action is a wrapper for running the [Codacy Analysis CLI](https://github.com/codacy/codacy-analysis-cli). For a list of supported input parameters, see [`action.yml`](./action.yml). To pass input parameters to the action, [update the associated `with` map](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsstepswith). -The Codacy GitHub Action is a wrapper for running the [Codacy Analysis CLI](https://github.com/codacy/codacy-analysis-cli) and supports [the same parameters as the command `analyze`](https://github.com/codacy/codacy-analysis-cli#commands-and-configuration), with the following exceptions: +The following example limits analysis to a `src` directory and provides additional details by setting `verbose` to `true`. -- `--commit-uuid` (the action always analyzes the commit that triggered it) -- `--username` and `--project` (the action automatically uses the owner and name of the repository when you specify the parameter `api-token`) +```yaml +- name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@master + with: + directory: src + verbose: true +``` ## Contributing diff --git a/action.yml b/action.yml index a1425de..a43d32b 100644 --- a/action.yml +++ b/action.yml @@ -17,29 +17,38 @@ inputs: description: "API account token to retrieve your remote Codacy configuration for the project being analyzed" codacy-api-base-url: required: false - description: "Codacy's API URL, to retrieve your remote Codacy configuration" + description: "Codacy API URL to retrieve your remote Codacy configuration" format: required: false - description: "Format of the output file" + description: "Output file format" output: required: false - description: "Send analysis results to an output file" + description: "Path to a file to save the analysis results" directory: required: false - description: "The directory to be analyzed" + description: "Directory to analyze" parallel: required: false description: "Number of tools to run in parallel" + max-tool-memory: + required: false + description: "Maximum allowed memory for running each tool (bytes)" max-allowed-issues: required: false default: "2147483647" description: "Maximum number of issues allowed for the analysis to succeed" + registry-address: + required: false + default: "gh" + description: "Alternative registry address (e.g. artprod.mycompany/)" tool: required: false - description: "The name of the tool to analyze the code" + description: >- + Only run a specific tool or tool category (metrics, issues, duplication). + For the full list of tools, see https://docs.codacy.com/repositories-configure/codacy-configuration-file/#which-tools-can-be-configured-and-which-name-should-i-use tool-timeout: required: false - description: "Maximum time each tool has to execute" + description: "Tool execution timeout (e.g. 15minutes, 1hour)" upload: required: false description: "Upload analysis results to Codacy" @@ -51,52 +60,53 @@ inputs: description: "Fail the analysis if any tool fails to run" allow-network: required: false - description: "Allow network access for tools" + description: "Allow the tools to access the network" force-file-permissions: required: false description: "Force files to be readable by changing the permissions before running the analysis" gh-code-scanning-compat: required: false description: >- - Reduce issue severity by one level, for non-security issues, for compatibility with GitHub's code scanning feature. - This option will only have an effect when used in conjunction with '--format sarif'. + Reduce issue severity by one level for non-security issues, for compatibility with GitHub's code scanning feature. + This option only has an effect when used with 'format: sarif'. run-docker-tools: required: false default: "true" description: >- - Run dockerized tools. Possible values (true|false) - Check the full list in https://docs.codacy.com/repositories-configure/codacy-configuration-file/#which-tools-can-be-configured-and-which-name-should-i-use + Run all dockerized tools supported by Codacy. + For the full list of tools, see https://docs.codacy.com/repositories-configure/codacy-configuration-file/#which-tools-can-be-configured-and-which-name-should-i-use run-gosec: required: false - description: >- - Run GoSec. Possible values (true|false) + description: "Run Gosec" run-staticcheck: required: false - description: >- - Run StaticCheck. Possible values (true|false) + description: "Run Staticcheck" clang-tidy-output: required: false - description: >- - Path to a file containing the output of Clang Tidy. + description: "Path to a file containing the output of Clang-Tidy." faux-pas-output: required: false - description: >- - Path to a file containing the output of Faux Pas. + description: "Path to a file containing the output of Faux Pas." skip-uncommitted-files-check: required: false - description: >- - Skip validation on uncommitted changes + description: "Skip validation of uncommitted changes" + skip-container-engine-check: + required: false + description: "Skip check for the presence of a known container engine before executing" runs: using: "composite" steps: - name: "Set Global Variables" shell: bash run: | - echo "CODACY_BASE_URL_OR_DEFAULT=$(if [ ${{ inputs.codacy-api-base-url }} ]; then echo "${{ inputs.codacy-api-base-url }}"; else echo "https://api.codacy.com"; fi)" >> $GITHUB_ENV - echo "OWNER_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 1)" >> $GITHUB_ENV - echo "REPOSITORY_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_ENV - echo "ORGANIZATION_PROVIDER=$(if [ "$GITHUB_SERVER_URL" == "https://github.com" ]; then echo "gh"; else echo "ghe"; fi)" >> $GITHUB_ENV - echo "COMMIT_SHA=$(if [ ${{ github.event_name }} == "pull_request" ]; then echo "${{ github.event.pull_request.head.sha }}"; else echo "${{ github.sha }}"; fi)" >> $GITHUB_ENV + echo "CODACY_BASE_URL_OR_DEFAULT=$(if [ -n "${{ inputs.codacy-api-base-url }}" ]; then echo "${{ inputs.codacy-api-base-url }}"; else echo "https://api.codacy.com"; fi)" >> "$GITHUB_ENV" + echo "OWNER_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d '/' -f 1)" >> "$GITHUB_ENV" + echo "REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d '/' -f 2)" >> "$GITHUB_ENV" + echo "ORGANIZATION_PROVIDER=$(if [ "$GITHUB_SERVER_URL" == "https://github.com" ]; then echo "gh"; else echo "ghe"; fi)" >> "$GITHUB_ENV" + echo "COMMIT_SHA=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo "${{ github.event.pull_request.head.sha }}"; else echo "${{ github.sha }}"; fi)" >> "$GITHUB_ENV" + if [ -n "${{ inputs.skip-container-engine-check }}" ]; then + echo "SKIP_CONTAINER_ENGINE_CHECK=${{ inputs.skip-container-engine-check }}" >> "$GITHUB_ENV" + fi - name: "Prepare curl authentication header" shell: bash @@ -105,7 +115,7 @@ runs: echo "CURL_CODACY_AUTH_AUTHENTICATION=api-token: ${{ inputs.api-token }}" >> $GITHUB_ENV elif [ -n "${{ inputs.project-token }}" ]; then echo "CURL_CODACY_AUTH_AUTHENTICATION=project-token: ${{ inputs.project-token }}" >> $GITHUB_ENV - elif [ ${{ inputs.upload }} = true ]; then + elif [ "${{ inputs.upload }}" == "true" ]; then echo "At least one authentication method is required to upload results." exit 1 fi @@ -117,18 +127,16 @@ runs: if [ "${{ inputs.run-gosec }}" == "true" ]; then cd /tmp - curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.7.0 + curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.15.0 chmod +x ./bin/gosec - curl -fsSL https://api.github.com/repos/codacy/codacy-gosec/releases/latest \ - | grep "browser_download_url" | grep -v "browser_download_url.*jar" \ - | cut -d '"' -f 4 \ - | xargs -L 1 curl -fsSL -o /tmp/codacy-gosec + CODACY_GOSEC_VERSION=$(curl -SL "https://artifacts.codacy.com/bin/codacy-gosec/latest" -o-) + curl -fsSL "https://artifacts.codacy.com/bin/codacy-gosec/$CODACY_GOSEC_VERSION/codacy-gosec-$CODACY_GOSEC_VERSION" -o /tmp/codacy-gosec chmod +x /tmp/codacy-gosec cd - /tmp/bin/gosec -no-fail -fmt json -log /tmp/log.txt ./... > /tmp/gosec-out.json /tmp/codacy-gosec < /tmp/gosec-out.json > /tmp/codacy-out.json - if [ ${{ inputs.upload }} = true ]; then + if [ "${{ inputs.upload }}" == "true" ]; then curl -XPOST -L -H "$CURL_CODACY_AUTH_AUTHENTICATION" \ -H "Content-type: application/json" --data-binary @/tmp/codacy-out.json \ "${CODACY_BASE_URL_OR_DEFAULT}/2.0/$ORGANIZATION_PROVIDER/$OWNER_NAME/$REPOSITORY_NAME/commit/$COMMIT_SHA/issuesRemoteResults" @@ -138,7 +146,11 @@ runs: else echo "Skipping GoSec" fi - + - name: set-up go + if: ${{ inputs.run-staticcheck == 'true' }} + uses: actions/setup-go@v3 + with: + go-version: 1.20.2 - name: "Run StaticCheck" shell: bash run: | @@ -146,22 +158,16 @@ runs: if [ "${{ inputs.run-staticcheck }}" == "true" ]; then cd /tmp - curl -fsSL https://api.github.com/repos/dominikh/go-tools/releases/latest \ - | grep -E "browser_download_url.*staticcheck_linux_amd64.tar.gz\"$" \ - | cut -d '"' -f 4 \ - | xargs -L 1 curl -fsSL -o /tmp/staticcheck_linux_amd64.tar.gz - tar -xvf /tmp/staticcheck_linux_amd64.tar.gz staticcheck/staticcheck - chmod +x ./staticcheck/staticcheck - curl -fsSL https://api.github.com/repos/codacy/codacy-staticcheck/releases/latest \ - | grep "browser_download_url" | grep -v "browser_download_url.*jar" \ - | cut -d '"' -f 4 \ - | xargs -L 1 curl -fsSL -o /tmp/codacy-staticcheck + go install honnef.co/go/tools/cmd/staticcheck@2023.1.6 + chmod +x /home/runner/go/bin/staticcheck + CODACY_STATICCHECK_VERSION=$(curl -SL "https://artifacts.codacy.com/bin/codacy-staticcheck/latest" -o-) + curl -fsSL "https://artifacts.codacy.com/bin/codacy-staticcheck/$CODACY_STATICCHECK_VERSION/codacy-staticcheck-$CODACY_STATICCHECK_VERSION" -o /tmp/codacy-staticcheck chmod +x /tmp/codacy-staticcheck cd - - find . -type f -name go.mod -exec bash -c 'cd $(dirname $1); cp $1 $1.codacy.bak; PKGS=$(go list ./...); /tmp/staticcheck/staticcheck -f json $PKGS; mv $1.codacy.bak $1' _ {} \; > /tmp/staticcheck-out.json + find . -type f -name go.mod -exec bash -c 'cd $(dirname $1); cp $1 $1.codacy.bak; PKGS=$(go list ./...); /home/runner/go/bin/staticcheck -f json $PKGS; mv $1.codacy.bak $1' _ {} \; > /tmp/staticcheck-out.json /tmp/codacy-staticcheck < /tmp/staticcheck-out.json > /tmp/codacy-out.json - if [ ${{ inputs.upload }} = true ]; then + if [ "${{ inputs.upload }}" == "true" ]; then curl -XPOST -L -H "$CURL_CODACY_AUTH_AUTHENTICATION" \ -H "Content-type: application/json" --data-binary @/tmp/codacy-out.json \ "${CODACY_BASE_URL_OR_DEFAULT}/2.0/$ORGANIZATION_PROVIDER/$OWNER_NAME/$REPOSITORY_NAME/commit/$COMMIT_SHA/issuesRemoteResults" @@ -179,15 +185,13 @@ runs: if [ -n "${{ inputs.clang-tidy-output }}" ]; then cd /tmp - curl -fsSL https://api.github.com/repos/codacy/codacy-clang-tidy/releases/latest \ - | grep "browser_download_url" | grep -v "browser_download_url.*jar" \ - | cut -d '"' -f 4 \ - | xargs -L 1 curl -fsSL -o /tmp/codacy-clang-tidy + CODACY_CLANG_TIDY_VERSION=$(curl -SL "https://artifacts.codacy.com/bin/codacy-clang-tidy/latest" -o-) + curl -fsSL "https://artifacts.codacy.com/bin/codacy-clang-tidy/$CODACY_CLANG_TIDY_VERSION/codacy-clang-tidy-linux-$CODACY_CLANG_TIDY_VERSION" -o /tmp/codacy-clang-tidy chmod +x /tmp/codacy-clang-tidy cd - /tmp/codacy-clang-tidy < "${{ inputs.clang-tidy-output }}" > /tmp/codacy-out.json - if [ ${{ inputs.upload }} = true ]; then + if [ "${{ inputs.upload }}" == "true" ]; then curl -XPOST -L -H "$CURL_CODACY_AUTH_AUTHENTICATION" \ -H "Content-type: application/json" --data-binary @/tmp/codacy-out.json \ "${CODACY_BASE_URL_OR_DEFAULT}/2.0/$ORGANIZATION_PROVIDER/$OWNER_NAME/$REPOSITORY_NAME/commit/$COMMIT_SHA/issuesRemoteResults" @@ -205,15 +209,13 @@ runs: if [ -n "${{ inputs.faux-pas-output }}" ]; then cd /tmp - curl -fsSL https://api.github.com/repos/codacy/codacy-faux-pas/releases/latest \ - | grep "browser_download_url" | grep -v "browser_download_url.*jar" \ - | cut -d '"' -f 4 \ - | xargs -L 1 curl -fsSL -o /tmp/codacy-faux-pas + CODACY_FAUX_PAS_VERSION=$(curl -SL "https://artifacts.codacy.com/bin/codacy-faux-pas/latest" -o-) + curl -fsSL "https://artifacts.codacy.com/bin/codacy-faux-pas/$CODACY_FAUX_PAS_VERSION/codacy-faux-pas-$CODACY_FAUX_PAS_VERSION" -o /tmp/codacy-faux-pas chmod +x /tmp/codacy-faux-pas cd - /tmp/codacy-faux-pas < "${{ inputs.faux-pas-output }}" > /tmp/codacy-out.json - if [ ${{ inputs.upload }} = true ]; then + if [ "${{ inputs.upload }}" == "true" ]; then curl -XPOST -L -H "$CURL_CODACY_AUTH_AUTHENTICATION" \ -H "Content-type: application/json" --data-binary @/tmp/codacy-out.json \ "${CODACY_BASE_URL_OR_DEFAULT}/2.0/$ORGANIZATION_PROVIDER/$OWNER_NAME/$REPOSITORY_NAME/commit/$COMMIT_SHA/issuesRemoteResults" @@ -226,7 +228,7 @@ runs: - name: "Set Codacy CLI version" shell: bash - run: echo "CODACY_ANALYSIS_CLI_VERSION=7.6.1" >> $GITHUB_ENV + run: echo "CODACY_ANALYSIS_CLI_VERSION=7.9.10" >> $GITHUB_ENV - name: "Set script path environment variable" shell: bash run: echo "CLI_SCRIPT_PATH=${{ github.action_path }}/codacy-analysis-cli.sh" >> $GITHUB_ENV @@ -235,7 +237,7 @@ runs: run: wget -O - https://raw.githubusercontent.com/codacy/codacy-analysis-cli/${{ env.CODACY_ANALYSIS_CLI_VERSION }}/bin/codacy-analysis-cli.sh > ${{ env.CLI_SCRIPT_PATH }} - name: "Change Codacy CLI script permissions" shell: bash - run: chmod +x ${{ env.CLI_SCRIPT_PATH }} + run: chmod +x "${{ env.CLI_SCRIPT_PATH }}" - name: "Run Codacy CLI" shell: bash run: | @@ -244,7 +246,7 @@ runs: analyze \ --skip-commit-uuid-validation \ --commit-uuid $COMMIT_SHA \ - $(if [ "${{ inputs.verbose }}" = "true" ]; then echo "--verbose"; fi) \ + $(if [ "${{ inputs.verbose }}" == "true" ]; then echo "--verbose"; fi) \ $(if [ -n "${{ inputs.project-token }}" ]; then echo "--project-token ${{ inputs.project-token }}"; fi) \ $(if [ -n "${{ inputs.api-token }}" ]; then echo "--api-token ${{ inputs.api-token }} --username $OWNER_NAME --project $REPOSITORY_NAME --provider $ORGANIZATION_PROVIDER"; fi) \ $(if [ -n "${{ inputs.codacy-api-base-url }}" ]; then echo "--codacy-api-base-url ${{ inputs.codacy-api-base-url }}"; fi) \ @@ -252,16 +254,18 @@ runs: $(if [ -n "${{ inputs.output }}" ]; then echo "--output ${{ inputs.output }}"; fi) \ $(if [ -n "${{ inputs.directory }}" ]; then echo "--directory ${{ inputs.directory }}"; fi) \ $(if [ -n "${{ inputs.parallel }}" ]; then echo "--parallel ${{ inputs.parallel }}"; fi) \ + $(if [ -n "${{ inputs.max-tool-memory }}" ]; then echo "--max-tool-memory ${{ inputs.max-tool-memory }}"; fi) \ $(if [ -n "${{ inputs.max-allowed-issues }}" ]; then echo "--max-allowed-issues ${{ inputs.max-allowed-issues }}"; fi) \ $(if [ -n "${{ inputs.tool }}" ]; then echo "--tool ${{ inputs.tool }}"; fi) \ $(if [ -n "${{ inputs.tool-timeout }}" ]; then echo "--tool-timeout ${{ inputs.tool-timeout }}"; fi) \ - $(if [ "${{ inputs.skip-uncommitted-files-check }}" = "true" ]; then echo "--skip-uncommitted-files-check"; fi) \ - $(if [ "${{ inputs.upload }}" = "true" ]; then echo "--upload"; fi) \ + $(if [ "${{ inputs.skip-uncommitted-files-check }}" == "true" ]; then echo "--skip-uncommitted-files-check"; fi) \ + $(if [ "${{ inputs.upload }}" == "true" ]; then echo "--upload"; fi) \ $(if [ -n "${{ inputs.upload-batch-size }}" ]; then echo "--upload-batch-size ${{ inputs.upload-batch-size }}"; fi) \ - $(if [ "${{ inputs.fail-if-incomplete }}" = "true" ]; then echo "--fail-if-incomplete"; fi) \ - $(if [ "${{ inputs.allow-network }}" = "true" ]; then echo "--allow-network"; fi) \ - $(if [ "${{ inputs.force-file-permissions }}" = "true" ]; then echo "--force-file-permissions"; fi) \ - $(if [ "${{ inputs.gh-code-scanning-compat }}" = "true" ]; then echo "--gh-code-scanning-compat"; fi) + $(if [ "${{ inputs.fail-if-incomplete }}" == "true" ]; then echo "--fail-if-incomplete"; fi) \ + $(if [ "${{ inputs.allow-network }}" == "true" ]; then echo "--allow-network"; fi) \ + $(if [ "${{ inputs.force-file-permissions }}" == "true" ]; then echo "--force-file-permissions"; fi) \ + $(if [ "${{ inputs.gh-code-scanning-compat }}" == "true" ]; then echo "--gh-code-scanning-compat"; fi) \ + $(if [ -n "${{ inputs.registry-address }}" ]; then echo "--registry-address ${{ inputs.registry-address }}"; fi) else echo "Skipping docker tools" fi @@ -269,7 +273,7 @@ runs: - name: "Let Codacy know it can start processing the analysis results" shell: bash run: | - if [ ${{ inputs.upload }} = true ]; then + if [ "${{ inputs.upload }}" == "true" ]; then echo "Uploading results for $ORGANIZATION_PROVIDER/$OWNER_NAME/$REPOSITORY_NAME commit $COMMIT_SHA" curl -XPOST -L -H "$CURL_CODACY_AUTH_AUTHENTICATION" \ -H "Content-type: application/json" \ diff --git a/images/codacy-logo.svg b/images/codacy-logo.svg index c185792..fe0a90d 100644 --- a/images/codacy-logo.svg +++ b/images/codacy-logo.svg @@ -1,32 +1 @@ - - - -codacy-logo - - - - - - - - - - - - - - - - - - - - - + \ No newline at end of file