Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create annotations from sarif report #12

Merged
merged 8 commits into from
Dec 10, 2021
Merged

Create annotations from sarif report #12

merged 8 commits into from
Dec 10, 2021

Conversation

adangel
Copy link
Member

@adangel adangel commented Dec 1, 2021
edited
Loading

@adangel adangel added this to the next milestone Dec 1, 2021
@adangel
Copy link
Member Author

adangel commented Dec 1, 2021
edited
Loading

The simple way doesn't seem to work correctly:

  • Java sample:
    grafik

  • Apex sample:
    grafik

The annotations are created, but there is no link to the actual file and position.

@adangel
Copy link
Member Author

adangel commented Dec 1, 2021

Maybe we need to create a check, as described in https://tgrall.github.io/blog/2021/11/07/how-to-write-a-github-action-annotation-api

API Docs: https://docs.github.com/en/rest/reference/checks

We could create a check with status "in_progress" and after PMD finished, we can update the check and add the annotations.

@rody
Copy link

rody commented Dec 2, 2021

@adangel I've created recently a few github actions for PMD:

  • pmd-annotations-github-action This one creates annotations from a PMD report in JSON format (it should be quite easy to adapt it for the SARIF format). The annotations are visible in the source code and in the PR files.
  • pmd-review-github-action This one creates a PR review from the PMD report. The interesting thing is that it reports only the violations on the lines of code which have changed in the PR (it's quite useful on a big project where PMD was introduced late).

I've created a demo app to demonstrate those actions: pmd-github-action-demo, feel free to raise PRs and play with it.
You can also see my action to run PMD itself: pmd-github-action.

Feel free to pick up anything you want and make it part of the PMD project.

@adangel
Copy link
Member Author

adangel commented Dec 2, 2021
edited
Loading

@rody Thanks for the tipps and suggestions.

The annotations are visible in the source code and in the PR files.

now I know where to look. I always looked at the build summary page - and there the annotations are listed but without telling on which file they are.
So it seems to be working already:
grafik

(Note: there are two annotations, one from the push workflow and the other from the pull request workflow)

pmd-review-github-action This one creates a PR review from the PMD report.

That's an interesting approach to create PR review comments automatically. I'll have to think about this, whether this should be an optional feature.
Note: In order to create comments, you need a github token with write access. If the PR is created on a forked repository, the default token only ever has read access and can't create comments as far as I know. Maybe there is a "real" github app needed.

it reports only the violations on the lines of code which have changed in the PR

Yeah, that's basically #6 .

@adangel
Improve annotations text
52fa6ec 
Also output violations as info logging during build
@adangel
Consider endLine as well
dd9baf8
@adangel adangel mentioned this pull request Dec 2, 2021
Open
@adangel adangel marked this pull request as ready for review December 2, 2021 11:59
@adangel adangel self-assigned this Dec 10, 2021
@adangel adangel merged commit b9debba into main Dec 10, 2021
@adangel adangel deleted the features/annotation branch December 10, 2021 10:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@adangel adangel

Labels
None yet
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.

Create inline annotations for found violations
2 participants
@adangel @rody