diff options
| -rw-r--r-- | .github/scripts/process_detekt_sarif.sh | 7 | ||||
| -rw-r--r-- | .github/workflows/build.yml | 18 | ||||
| -rw-r--r-- | .github/workflows/detekt.yml | 133 | ||||
| -rw-r--r-- | .github/workflows/detekt_beta.yml | 26 |
4 files changed, 163 insertions, 21 deletions
diff --git a/.github/scripts/process_detekt_sarif.sh b/.github/scripts/process_detekt_sarif.sh index 4d4f2af93..8f11860dd 100644 --- a/.github/scripts/process_detekt_sarif.sh +++ b/.github/scripts/process_detekt_sarif.sh @@ -1,7 +1,7 @@ #!/bin/bash # This script processes the Detekt SARIF file and outputs results in a format -# suitable for annotation in CI/CD systems. +# suitable for annotation in CI/CD systems, with the file paths fixed. SARIF_FILE="$1" @@ -11,11 +11,12 @@ if [ ! -f "$SARIF_FILE" ]; then exit 1 fi -# Define jq command to parse SARIF file +# Define jq command to parse SARIF file and fix the file path read -r -d '' jq_command <<'EOF' .runs[].results[] | { - "full_path": .locations[].physicalLocation.artifactLocation.uri | sub("file://$(pwd)/"; ""), + # Adjust the path to remove the runner workspace prefix + "full_path": (.locations[].physicalLocation.artifactLocation.uri | sub("file://.*/SkyHanni/"; "")), "file_name": (.locations[].physicalLocation.artifactLocation.uri | split("/") | last), "l": .locations[].physicalLocation, "level": .level, diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 45d4ecaa9..27d7a56c8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,24 +36,6 @@ jobs: with: name: "Test Results" path: versions/1.8.9/build/reports/tests/test/ - detekt: - name: Run detekt - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - uses: ./.github/actions/setup-normal-workspace - # detektMain is a LOT slower than detekt, but it does type analysis - - name: Run detekt main (w/typing analysis) - run: | - ./gradlew detektMain --stacktrace - - name: Annotate detekt failures - if: ${{ !cancelled() }} - run: | - chmod +x .github/scripts/process_detekt_sarif.sh - ./.github/scripts/process_detekt_sarif.sh versions/1.8.9/build/reports/detekt/main.sarif - preprocess: runs-on: ubuntu-latest diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml new file mode 100644 index 000000000..8816657fa --- /dev/null +++ b/.github/workflows/detekt.yml @@ -0,0 +1,133 @@ +name: Detekt + +on: + pull_request_target: + branches: + - "*" + workflow_dispatch: + +permissions: + contents: read + pull-requests: write + +jobs: + detekt: + name: Run detekt + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout PR code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - uses: ./.github/actions/setup-normal-workspace + - name: Run detekt main (w/ typing analysis) + run: | + ./gradlew detektMain --stacktrace + - name: Annotate detekt failures + if: ${{ !cancelled() }} + run: | + chmod +x .github/scripts/process_detekt_sarif.sh + ./.github/scripts/process_detekt_sarif.sh versions/1.8.9/build/reports/detekt/main.sarif + - name: Upload SARIF file as artifact + if: always() + uses: actions/upload-artifact@v4 + with: + name: detekt-sarif-report + path: versions/1.8.9/build/reports/detekt/main.sarif + + detekt_comment: + name: Comment detekt failures on PR + runs-on: ubuntu-latest + needs: detekt + if: ${{ failure() }} + permissions: + pull-requests: write + steps: + - name: Checkout base repo code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - name: Download SARIF file + uses: actions/download-artifact@v4 + with: + name: detekt-sarif-report + path: . + - name: Process detekt SARIF and create comment + shell: bash + env: + PR_SHA: ${{ github.event.pull_request.head.sha }} + GITHUB_REPOSITORY: ${{ github.repository }} + run: | + set -e # Exit on errors + set -x # Print each command for debugging + + # Ensure the SARIF file exists in the project root + if [ ! -f main.sarif ]; then + echo "SARIF file not found!" + exit 1 + fi + + chmod +x .github/scripts/process_detekt_sarif.sh + + # Process the SARIF file + ./.github/scripts/process_detekt_sarif.sh main.sarif > detekt_output.txt + + # Check if the detekt_output.txt file was created + if [ ! -s detekt_output.txt ]; then + echo "detekt_output.txt is empty or missing!" + exit 1 + fi + + DETEKT_OUTPUT=$(cat detekt_output.txt) + + COMMENT="### One or more Detekt Failures were detected:\n\n" + + while read -r line; do + echo "Processing line: $line" + + # Extract the full file path and line number using regex + FILE_PATH=$(echo "$line" | grep -oP '(?<=file=)[^,]+') + LINE_NUMBER=$(echo "$line" | grep -oP '(?<=line=)\d+') + + # Check if extraction worked + if [ -z "$FILE_PATH" ] || [ -z "$LINE_NUMBER" ]; then + echo "Failed to extract file path or line number from: $line" + continue + fi + + echo "Original file path: $FILE_PATH, Line number: $LINE_NUMBER" + + # Remove everything before 'src/' in the file path (if it exists) + CLEANED_FILE_PATH=$(echo "$FILE_PATH" | sed 's/.*\(src\/.*\)/\1/') + echo "Cleaned file path: $CLEANED_FILE_PATH" + + # Extract just the file name from the file path + FILE_NAME=$(basename "$CLEANED_FILE_PATH") + echo "File name: $FILE_NAME" + + # Clean up the line to remove everything between '::' and '::' (inclusive) + CLEAN_MESSAGE=$(echo "$line" | sed 's/::.*:://g') + echo "Clean message: $CLEAN_MESSAGE" + + # Append the comment with the cleaned-up message, using PR_SHA + COMMENT+="- [ ] [$FILE_NAME#L$LINE_NUMBER](https://github.com/${GITHUB_REPOSITORY}/blob/${PR_SHA}/$CLEANED_FILE_PATH#L$LINE_NUMBER): $CLEAN_MESSAGE\n" + done <<< "$DETEKT_OUTPUT" + + echo -e "$COMMENT" > detekt_comment.txt + - name: Add comment to PR + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const fs = require('fs'); + const commentBody = fs.readFileSync('detekt_comment.txt', 'utf8'); + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: commentBody + }) diff --git a/.github/workflows/detekt_beta.yml b/.github/workflows/detekt_beta.yml new file mode 100644 index 000000000..f019ae841 --- /dev/null +++ b/.github/workflows/detekt_beta.yml @@ -0,0 +1,26 @@ +name: Run detekt on push + +on: + push: + branches: + - "beta" + paths-ignore: + - ".gitignore" +jobs: + detekt: + name: Run detekt + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout PR code + uses: actions/checkout@v4 + - uses: ./.github/actions/setup-normal-workspace + - name: Run detekt main (w/ typing analysis) + run: | + ./gradlew detektMain --stacktrace + - name: Annotate detekt failures + if: ${{ !cancelled() }} + run: | + chmod +x .github/scripts/process_detekt_sarif.sh + ./.github/scripts/process_detekt_sarif.sh versions/1.8.9/build/reports/detekt/main.sarif |