This is a GitHub action which scans Haskell code using HLint and uploads its suggested improvements to GitHub code scanning.

A minimal example for setting up code scanning with HLint:

name: Scan code with HLint
on: [push, pull_request]

jobs:
  hlint:
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload results to GitHub code scanning.
      security-events: write
    steps:
      - uses: actions/checkout@v3
      - uses: haskell-actions/hlint-scan@v1

The action needs write permission for security-events to upload the analysis results to GitHub.

If you would like to use this as a status check which would prevent pull requests from being merged until an issue is resolved, you can adjust the alert severity for which code scanning will trigger a failed check.

None of the inputs are required. You only need to set them if the defaults do not work for your situation.

Path to the hlint binary.

Path of file or directory that HLint will be told to scan. Multiple paths can be specified, delimited by whitespace.

Path for HLint configuration file.

Category distinguishing multiple analyses at the same commit.

The ID of the uploaded SARIF file.

When scanning code with HLint on pushes, issues will show up in the "Code scanning" dashboard in the "Security" section:

When scanning code with HLint in a pull request, issues with the change will be reported in the pull request:

Be nice; see CODE_OF_CONDUCT.md for details.

See SECURITY.md for details.

See CONTRIBUTING.md for details.

Apache 2.0; see LICENSE for details.

This project is not an official Google project. It is not supported by Google, and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.