-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create GitHub Action for Rust-Clippy #8122
Comments
Like this? |
Yes this integrates the linter into Actions CI, but the goal of this ticket
and the linked ticket would be to enhance it slightly so that it can send
off SARIF to GitHub. Rather than just triggering the scan we could trigger
the scan and send the results to the GH UI as an alert.
…On Tue, Dec 14, 2021 at 3:15 AM Matthias Krüger ***@***.***> wrote:
Like this?
https://github.com/actions-rs/clippy-check
—
Reply to this email directly, view it on GitHub
<#8122 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALPN2CISTU2YLL6BDWP2BTUQ4RLXANCNFSM5J65AB6Q>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
Jose Palafox
Technical Partnerships and Engineering @ GitHub
***@***.***
503.877.2403
|
So the Clippy repo itself won't implement a GitHub action. I also don't see why such an action would be necessary. You can just add - name: Run Clippy
run: cargo clippy -Dwarnings as a step for your workflow will fail, if there is Clippy output. IIUC, what you're missing is output in SARIF format? Clippy is able to output JSON with I'm not familiar with the SARIF format, so I don't know if the JSON output complies with this format, but if you need that specific format, you'd have to raise this issue with rustc directly, since all the error IO Clippy does is shared with rustc. |
Thank you for the information. I think what we can do is see if we can just make an intermediary action to munge the existing output into SARIF and upload it, then support does not need to be added to rustc. @michaelcfanning and @yongyan-gh does this approach make sense? Basically we use the existing action to run the linter, a second action to munge, and then a third to upload and string all of those into a workflow file for the starter-workflows page? Does Clippy have a SVG logo we can use and a short description (140 char) the maintainers would prefer for us to put in the UI? |
We don't have a logo right now. As for a text, just use the first sentence (and more, if you want) from the README:
|
@josepalafox pls confirm my understanding based on your proposal:
@flip1995 can you pls share the documentation of clippy JSON output? |
Yes. Ideally it lives in the Clippy project somewhere if y'all are open to accepting the PR, @flip1995 & @matthiaskrgr ? |
The JSON output is handled by rustc. You can find the official documentation here: https://doc.rust-lang.org/rustc/json.html |
FWIW, there's the
I don't see why this should live in the Clippy repo. I don't think any maintainer has experience working with or on SARIF, so this would put a maintenance burden on us that we would like to avoid. |
Hi @flip1995, thanks for the information, I tried to install clippy-sarif and get SARIF result in a test Github worflow but installation failed due to below error. I opened an issue psastras/sarif-rs#104 in sarif-rs, is it the right place to report the issue?
|
@yongyan-gh I found out that the current version rustc and clap doesn't work. I created a PR which I fixed this, its still in review |
@GeekMasher thank you for taking care of the build issue. |
@yongyan-gh The latest version should have a fix now |
Description
If adding Sarif Support as outlined in #8121
Write GitHub Action and integration as described here.
Result is a GH action that can trigger Rust-Clippy scans during CI and then upload the results to the Code Scanning interface via trivial one click install from the GH UI. GitHub provides actions minutes for free to all users, and code scanning is available on OSS projects for free. Will help drive adoption of tool for GH hosted Rust OSS projects.
@michaelcfanning and @yongyan-gh
Version
No response
Additional Labels
No response
The text was updated successfully, but these errors were encountered: