-
-
Notifications
You must be signed in to change notification settings - Fork 777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrate SARIF report with Github code scanning #3359
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3359 +/- ##
=========================================
Coverage 80.27% 80.27%
Complexity 2717 2717
=========================================
Files 445 445
Lines 8238 8245 +7
Branches 1563 1565 +2
=========================================
+ Hits 6613 6619 +6
Misses 785 785
- Partials 840 841 +1
Continue to review full report at Codecov.
|
@@ -17,3 +17,5 @@ txt:./build/detekt-report.txt | |||
sarif:./build/detekt-report.sarif | |||
-p | |||
./build/detekt-formatting.jar | |||
-bp | |||
. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like a good default value for the cli, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am assuming either
- When passing
-bp
without arguments, use the user.dir as the base path - When not passing
-bp
, change the default behavior to output relative paths
I like 2, but not sure if it will be too breaking.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Adding an option in the detekt config file to specify the behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking that if you don't set -bp
the working dir is used by default. This way all the reports will use relative paths. I think that all of them should, those files should be sharables so it have little sense to have a full path. (Again this is out of scope of the PR but just ideas about how we could improve this new feature)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think it is a good idea to open an issue to document all things to follow up? This PR is one of the working stream.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#3360 was created to track the follow-up issues. There are many good suggestions like this so I think we need at least a single place to document them.
detekt-report-sarif/src/main/kotlin/io/github/detekt/report/sarif/SarifOutputReport.kt
Outdated
Show resolved
Hide resolved
@@ -17,3 +17,5 @@ txt:./build/detekt-report.txt | |||
sarif:./build/detekt-report.sarif | |||
-p | |||
./build/detekt-formatting.jar | |||
-bp | |||
. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking that if you don't set -bp
the working dir is used by default. This way all the reports will use relative paths. I think that all of them should, those files should be sharables so it have little sense to have a full path. (Again this is out of scope of the PR but just ideas about how we could improve this new feature)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👏
I don't quite understand the following comment. Could you please elaborate?
|
Running detekt with enabled type resolution on detekt yields compiler warnings:
Running detekt with enabled type resolution will generate one file per source set(I need to correct my original PR summary), hence we need to upload multiple SARIF output to Github, which has not been battled-tested and is not on the official documentation yet. Therefore, the github workflow I added in this PR uploads the SARIF output from detekt with disabled type resolution. |
Thank you for the remark! I understand the current limitations. |
* Integrate SARIF report with Github Actions * Simplify workflow setup * Set OriginalUriBaseIds in output report
This should wrap up basic support for #3045. This PR integrates SARIF output with Github code scanning by adding a new GitHub workflow using detekt without type resolution.
%SRCROOT%
as uriBaseId. In SARIF support for coding scanning,%SRCROOT%
was used as an example, which seems to be the only way that works with Github Action. If we pass the base path based on the local directory, like"uriBaseId": "/Users/chaozhang/detekt"
, it will not be consumed by Github.CodeSmell
defines its own message. It will fallback to issue description if no message is specified, which is exactly the case in the manual test.Follow up
Test
See the PR on my own fork of detekt, you can find GitHub codescanning like the following: