Control severity of sarif reports

[VictoriousRaptor]

In wiki I see that user can configure specific events like unrecognized-spelling as warning, but I can't find any example or hint to apply it.

[jsoref]

The default is:

check-spelling/action.yml

Lines 210 to 213 in d7cd297

	warnings:
	description: 'List of events that are warnings (items that are neither warnings nor notices will result in an :x:)'
	required: false
	default: bad-regex,binary-file,deprecated-feature,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration

If you wanted to include unrecognized-spelling, you could use:

with:
  warnings: unrecognized-spelling,bad-regex,binary-file,deprecated-feature,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration 

[jsoref]

I've made the following changes:

1. Added a page documenting the feature
2. Updated the v0.0.20 release notes and wiki entry
3. Added a link from Event descriptions

[jsoref]

Please let me know if this covers what you're looking for / if you have any problems.

[VictoriousRaptor]

Thank you for your reply! Now I can treat unrecognized spellings as warning in action log. But is there a way to treat it as warning in Security tab of my repo?

[jsoref]

Oh, interesting, you're using Sarif? Not currently, how much control do you want/need? I could allow you to specify a replacement Sarif template... Or I could provide a thing similar to the warnings flag, or I could try to apply the values from warnings into the Sarif template.

One concern I have w/ letting you replace the file entirely is that when you upgrade, you'd lose whatever new items it defines. warnings behaves a little differently in that it will only override things you know about and everything else you effectively inherit.

(I'd love to get feedback on your experience of using Sarif, it's a new feature and I don't think many people have deployed it yet.)

[jsoref]

I've also added warnings to https://github.com/check-spelling/check-spelling/wiki/Configuration#warnings. I'll need to spend some time reviewing the full list to see if I've missed anything else...

[jsoref]

Thinking about the Sarif side a bit, I think what I'll do is let you write a sarif.json file, and if there is one, I'll merge its contents into the sarif.json file I have, probably using code similar to:
https://gist.github.com/theimpostor/79d4d37876aa990edd2ebc0e1d9391b5

That's pretty workable, since prerelease handles the sarif.json using JSON::PP:

check-spelling/generate-sarif.pl

Line 38 in 07584a3

my $sarif_template_file = "$ENV{spellchecker}/sarif.json";

I suspect I'll look into this the next time I look at the Sarif handling (probably in a week or two).

[VictoriousRaptor]

I've temporaily disabled sarif since it's spamming the repo's security tab. Please inform me when it's polished better.

how much control do you want/need?

My request is to treat events defined as warning in the yml file as warning in sarif too. Or the security tab is full of error alerts.

Thank you for creating this amazing repo!

[jsoref]

I've implemented a version of this in: d5a7faa.
You can try using @prerelease.

Just drop in a file, something like https://raw.githubusercontent.com/check-spelling/check-spelling/prerelease/t/sarif.json into .github/actions/spelling/sarif.json (assuming you're using .github/actions/spelling), its content will be merged with the general https://raw.githubusercontent.com/check-spelling/check-spelling/prerelease/sarif.json file, things you define should override things in the base file. (The version field is set by check-spelling after this, so you won't be able to set it, and similarly the results are filled in after merging your override.)

I'd love to get some feedback before this ships.

[jsoref]

https://github.com/check-spelling/check-spelling/releases/tag/v0.0.22 is now available