Skip to content
SpotBugs

Merge PR #141 #123

Sign in to view logs

Merge PR #141

Merge PR #141 #123

Workflow file for this run

.github/workflows/spotbugs-scan.yml at f29d8e1
name: "SpotBugs"
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: "25 16 * * 0"
jobs:
analyze:
name: SpotBugs Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["java"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
- name: Build with Gradle
run: ./gradlew spotbugsRelease spotbugsMain
- name: Fix SARIF
run: >-
for module in \
"android" \
"AndroidDemo" \
"core" \
"fido" \
"management" \
"oath" \
"openpgp" \
"piv" \
"support" \
"testing" \
"yubiotp";
do
SARIF="./build/spotbugs/spotbugs-$module.sarif"
jq '.runs |= map( if .taxonomies == [null] then .taxonomies = [] else . end)' < $SARIF |
jq ".runs[].results[].locations[].physicalLocation.artifactLocation.uri |= \"$module/src/main/java/\" + ." |
jq ".runs[].results[].locations[].physicalLocation.artifactLocation.uriBaseId |= \"%SRC_ROOT%\" " |
jq '.runs[].tool.driver.rules |= map( . += { fullDescription: { text: .shortDescription.text } } )' |
jq '.runs[].tool.driver.rules |= map( . += { name: ("SpotBugs_" + .id | ascii_downcase | sub("(^|_)(?<x>[a-z])";"\(.x|ascii_upcase)";"g")) } )' |
jq '.runs[].tool.driver.rules |= map( . += { help: { text: .helpUri } } )' |
jq 'del(.runs[].originalUriBaseIds)' |
jq -c '.' > $SARIF.json
mv $SARIF.json $SARIF
done
- name: upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: build/spotbugs/
category: spotbugs-analysis