-
Notifications
You must be signed in to change notification settings - Fork 132
Add a starter workflow for ansible-lint #98
Comments
@ssbarnea we work with GitHub on Sarif ecosystem and help static analysis tools to onboard to GitHub starter workflow. The PRs (https://github.com/actions/starter-workflows/pulls/yongyan-gh) we created for other tools. I am happy to help to create the starter workflow for ansible-lint. The starter workflow requires the tool to upload the scan/analysis results in Sarif format to generate code scanning alerts in GitHub. I have added the native Sarif output support to the ansible-lint through this PR ansible/ansible-lint#2062 We need a way to tell the ansible-lint-action to generate the Sarif output. I saw recently change in ansible-lint-action #97 removed the args. Can we add an parameter e.g. "format" to the action? |
I am bit inclined to avoid extra parameters as they would create extra maintenance but in this case it might make sense. Do you know that the tool is producing github annotations when run under GHA, it activates this based on presence of environment variables, so nobody needs to configure it to activate annotations. I wonder if a similar approach could be done for sarif, so we avoid adding options. If not suitable, make a pull request to add format and make the default match linter option, which is The problem with this is that once we add an argument, we are forced to pass it args, even when the user does not define it in the action. That would override in-repo configuration. I guess that now you see why adding options might prevent users from using their own configuration. I will release a new version of the linter with sarif format feature soon, followed by the update co Just let me know what else I can do to help. |
@ssbarnea thanks for explaining your concern and the advise of using environment variables. I will propose a change in ansible-lint to generate SARIF output if run the lint action in a workflow, and env variable # If SARIF env variable is set in Github workflow/action
# generate SARIF output and stop generating other outputs.
if os.getenv("GITHUB_ACTIONS") == "true" and os.getenv("GITHUB_WORKFLOW") and \
os.getenv("GITHUB_SARIF"):
formatter = formatters.SarifFormatter(self.options.cwd, True)
console.print(
formatter.format_result(matches), markup=False, highlight=False
)
return So user can get SARIF output by setting env variable in the workflow e.g.: jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run ansible-lint
uses: ansible-community/ansible-lint-action@main
# optional:
# with:
# path: "playbooks/" # <-- only one value is allowed
env:
GITHUB_SARIF: "ansiblelint_results.sarif" Please let me know what do you think? Next question is how the ansible-lint-action generate a file based on env variable? I usually see an |
See https://github.com/actions/starter-workflows/
The text was updated successfully, but these errors were encountered: