Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v5.0.2 #64

Merged
merged 21 commits into from Mar 25, 2022
Merged

v5.0.2 #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
1866156
:fire: Integrate Qodana CLI
tiulpin Feb 3, 2022
02eb565
:memo: Update action configuration and README
tiulpin Feb 4, 2022
388da2d
:sparkles: Update to the latest CLI (0.7.4)
tiulpin Feb 10, 2022
78558ef
:memo: Specify CLI parameters link
tiulpin Feb 11, 2022
322856c
:memo: Specify github-token option
tiulpin Feb 11, 2022
612757b
:fire: Merge Qodana Azure Pipelines extension
tiulpin Feb 14, 2022
a3ee6d4
:memo: Update READMEs – specify CLI args link
tiulpin Feb 14, 2022
0ec78a1
:green_heart: Fix Space Automation installation
tiulpin Feb 14, 2022
9a8454a
:zap: Improve bundling: switch from ncc to esbuild and set up bundler…
tiulpin Feb 14, 2022
57c773d
:bricks: Fix Azure extension build command
tiulpin Feb 14, 2022
2cc5f0d
:children_crossing: Handle the deprecated parameters in the action
tiulpin Feb 15, 2022
167ef32
:sparkles: Update to the latest CLI (0.8.0)
tiulpin Feb 19, 2022
66f1c0e
:bricks: Update vsts jobs
tiulpin Feb 20, 2022
efb9b61
:bricks: Enable ESLint in qodana.yaml
tiulpin Feb 20, 2022
9f3c579
:bricks: Update GitHub workflows
tiulpin Feb 20, 2022
1ea14a0
:arrow_up: Bump GitHub workflows dependencies
tiulpin Mar 25, 2022
99e9eed
:memo: Update Azure DevOps extension docs
tiulpin Mar 25, 2022
bc69638
:arrow_up: Bump JS dependencies
tiulpin Mar 25, 2022
61e90a0
:bricks: Set up bootstrap in qodana.yaml
tiulpin Mar 25, 2022
e155eee
:bricks: Sync package.json versions
tiulpin Mar 25, 2022
568f86c
:bug: Fix 'expected signal to be an instanceof AbortSignal' with esbuild
tiulpin Mar 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
64 changes: 64 additions & 0 deletions .github/workflows/actions.yml
View file
Open in desktop
@@ -0,0 +1,64 @@
name: 'actions-build-test'
on: # rebuild any PRs and main branch changes
pull_request:
push:
branches:
- main
- 'releases/*'

jobs:
check-dist:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set Node.js 12.x
uses: actions/setup-node@v2.5.1
with:
node-version: 12.x
- name: Install dependencies
run: cd scan && npm ci && cd ../common && npm ci
- name: Rebuild the dist/ directory
run: cd scan && npm run build && npm run package
- name: Compare the expected and actual dist/ directories
run: |
if [ "$(git diff --ignore-space-at-eol scan/dist/ | wc -l)" -gt "0" ]; then
echo "Detected uncommitted changes after build. See status below:"
git diff
exit 1
fi
id: diff
# If index.js was different from expected, upload the expected version as an artifact
- uses: actions/upload-artifact@v2
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with:
name: dist
path: scan/dist/

build: # make sure build/ci work properly
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
steps:
- uses: actions/checkout@v3
- run: |
cd scan
npm install
npm test

test-ubuntu: # make sure the action works on a clean machine without building
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./
with:
args: --linter,jetbrains/qodana-js

# Not possible at the moment for GitHub-hosted Windows agents: https://github.com/JetBrains/qodana-action/pull/31#issue-812728409
# test-windows:
# runs-on: windows-latest
# steps:
# - uses: actions/checkout@v3
# - uses: ./
# with:
# linter: jetbrains/qodana-js
51 changes: 0 additions & 51 deletions .github/workflows/check-dist.yml
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions .github/workflows/code_scanning.yml
View file
Open in desktop

This file was deleted.

36 changes: 0 additions & 36 deletions .github/workflows/test.yml
View file
Open in desktop

This file was deleted.

45 changes: 45 additions & 0 deletions .github/workflows/vsts.yml
View file
Open in desktop
@@ -0,0 +1,45 @@
name: vsts-build-test
on:
pull_request: null
push:
branches:
- main
- releases/*
jobs:
build:
runs-on: '${{ matrix.os }}'
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
- windows-latest
steps:
- uses: actions/checkout@v3
- run: cd common && npm ci && cd ../vsts && npm install && npm run build
check-dist:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set Node.js 12.x
uses: actions/setup-node@v2.5.1
with:
node-version: 12.x
- name: Install dependencies
run: cd vsts && npm ci && cd ../common && npm ci
- name: Rebuild the QodanaScan/ directory
run: cd vsts && npm run build && npm run package
- name: Compare the expected and actual QodanaScan/ directories
run: >
if [ "$(git diff --ignore-space-at-eol vsts/QodanaScan/ | wc -l)" -gt
"0" ]; then
echo "Detected uncommitted changes after build. See status below:"
git diff
exit 1
fi
id: diff
- uses: actions/upload-artifact@v2
if: '${{ failure() && steps.diff.conclusion == ''failure'' }}'
with:
name: dist
path: vsts/QodanaScan/
8 changes: 6 additions & 2 deletions .gitignore
View file
Open in desktop
@@ -1,5 +1,7 @@
# Dependency directory
node_modules
**/node_modules
**/lib
.idea
# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
Expand Down Expand Up @@ -95,5 +97,7 @@ typings/
Thumbs.db

# Ignore built ts files
__tests__/runner/*
lib/**/*
scan/__tests__/runner/*
lib/**/*

vsts/QodanaScan/.taskkey
62 changes: 22 additions & 40 deletions README.md
View file
Open in desktop
Expand Up @@ -5,10 +5,7 @@
[![Twitter Follow](https://img.shields.io/twitter/follow/Qodana?style=social&logo=twitter)][jb:twitter]

**Qodana** is a code quality monitoring tool that identifies and suggests fixes for bugs, security vulnerabilities,
duplications, and imperfections. Using this GitHub Action, run Qodana with your GitHub workflow to scan your Java,
Kotlin, PHP, Python, JavaScript, TypeScript projects (
and [other supported technologies by Qodana](https://www.jetbrains.com/help/qodana/supported-technologies.html)).

duplications, and imperfections.
**Table of Contents**

<!-- toc -->
Expand All @@ -21,6 +18,8 @@ and [other supported technologies by Qodana](https://www.jetbrains.com/help/qoda

<!-- tocstop -->

> 💡 This README is about Qodana Scan GitHub action. To learn more about Qodana for Azure Pipelines, please visit [./vsts/README.md](./vsts/README.md).

## Usage

### Basic configuration
Expand All @@ -41,16 +40,13 @@ jobs:
qodana:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: 'Qodana Scan'
uses: JetBrains/qodana-action@v4.2.2
with:
linter: jetbrains/qodana-<linter>
uses: JetBrains/qodana-action@experimental
```

Using this workflow, Qodana will run on the main branch, release branches, and on the pull requests coming to your
repository. Inspection results will be available in the GitHub UI. The `jetbrains/qodana-<linter>` option specifies a
[Qodana linter](linters.md).
repository.

We recommend that you have a separate workflow file for Qodana
because [different jobs run in parallel](https://help.github.com/en/actions/getting-started-with-github-actions/core-concepts-for-github-actions#job)
Expand Down Expand Up @@ -102,8 +98,6 @@ Instead of `main`, you can specify your branch here.
9. Search for the `Qodana` status check, then check it.
10. Click **Create**.

<anchor name="github-actions-quality-gate-baseline"/>

### Quality gate and baseline

You can combine the [quality gate](quality-gate.xml) and [baseline](qodana-baseline.xml) features to manage your
Expand All @@ -114,8 +108,8 @@ Follow these steps to establish a baseline for your project:
1. Run Qodana [locally](docker-images.md) over your project:

```shell
docker run --rm -v <source-directory>/:/data/project/ \
-p 8080:8080 jetbrains/qodana-<linter> --show-report
cd <source-directory>
qodana scan --show-report
```

2. Open your report at `http://localhost:8080/`, [add detected problems](ui-overview.md#Technical+debt) to the baseline,
Expand All @@ -126,7 +120,7 @@ docker run --rm -v <source-directory>/:/data/project/ \
4. Append this line to the Qodana Scan action configuration in the `code_quality.yml` file:

```yaml
baseline-path: qodana.sarif.json;
baseline-path: qodana.sarif.json
```

If you want to update the baseline, you need to repeat these steps once again.
Expand Down Expand Up @@ -176,31 +170,19 @@ To do it, follow these steps:

## Configuration

| Name | Description | Default Value |
|----------------------------|------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|
| `linter` | [Official Qodana Docker image](https://www.jetbrains.com/help/qodana/docker-images.html). Required. | `jetbrains/qodana-jvm-community:latest` |
| `project-dir` | The project's root directory to be analyzed. Optional | `${{ github.workspace }}` |
| `results-dir` | Directory to store the analysis results. Optional. | `${{ runner.temp }}/qodana/results` |
| `cache-dir` | Directory to store Qodana caches. Optional. | `${{ runner.temp }}/qodana/caches` |
| `idea-config-dir` | IntelliJ IDEA configuration directory. Optional. | - |
| `gradle-settings-path` | Provide path to gradle.properties file. An example: "/your/custom/path/gradle.properties". Optional. | - |
| `additional-volumes` | Mount additional volumes to Docker container. Multiline input variable: specify multiple values with newlines. Optional. | - |
| `additional-env-variables` | Pass additional environment variables to docker container. Multiline input variable: specify multiple values with newlines. Optional. | - |
| `fail-threshold` | Set the number of problems that will serve as a quality gate. If this number is reached, the pipeline run is terminated. Optional. | - |
| `inspected-dir` | Directory to be inspected. If not specified, the whole project is inspected by default. Optional. | - |
| `baseline-path` | Run in baseline mode. Provide the path to an existing SARIF report to be used in the baseline state calculation. Optional. | - |
| `baseline-include-absent` | Include the results from the baseline absent in the current Qodana run in the output report. Optional. | `false` |
| `changes` | Inspect uncommitted changes and report new problems. Optional. | `false` |
| `script` | Override the default docker scenario. Optional. | - |
| `profile-name` | Name of a profile defined in the project. Optional. | - |
| `profile-path` | Absolute path to the profile file. Optional. | - |
| `token` | Qodana Cloud token, if specified, the report will be sent to Qodana Cloud. Optional. | - |
| `upload-result` | Upload Qodana results as an artifact to the job. Optional. | `true` |
| `artifact-name` | Specify Qodana results artifact name, used for results uploading. Optional. | `Qodana report` |
| `use-caches` | Utilize GitHub caches for Qodana runs. Optional. | `true` |
| `additional-cache-hash` | Allows customizing the generated cache hash. Optional. | `${{ github.sha }}` |
| `use-annotations` | Use annotation to mark the results in the GitHub user interface. Optional. | `true` |
| `github-token` | GitHub token to be used for uploading results. Optional. | `${{ github.token }}` |
Most likely you won't need other options than `args`: all other options can be useful if you are configuring multiple Qodana Scan jobs in one workflow.

| Name | Description | Default Value |
|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------|
| `args` | Additional [Qodana CLI `scan` command](https://github.com/jetbrains/qodana-cli#scan) arguments, split the arguments with commas (`,`), e.g. `-i,frontend,--print-problems`. Optional. | - |
| `results-dir` | Directory to store the analysis results. Optional. | `${{ runner.temp }}/qodana/results` |
| `upload-result` | Upload Qodana results as an artifact to the job. Optional. | `true` |
| `artifact-name` | Specify Qodana results artifact name, used for results uploading. Optional. | `qodana-report` |
| `cache-dir` | Directory to store Qodana cache. Optional. | `${{ runner.temp }}/qodana/caches` |
| `use-caches` | Utilize GitHub caches for Qodana runs. Optional. | `true` |
| `additional-cache-hash` | Allows customizing the generated cache hash. Optional. | `${{ github.sha }}` |
| `use-annotations` | Use annotation to mark the results in the GitHub user interface. Optional. | `true` |
| `github-token` | GitHub token to be used for uploading results. Optional. | `${{ github.token }}` |

## Issue Tracker

Expand Down