sfdx-scan-pull-request

Runs sfdx-scanner on a pull request or individual commit and generates in-line comments with the findings.

Inputs

`category`

Categor(ies) of rules to run.

`engine`

Engine(s) to run.

`eslint-env`

JSON-formatted string, overrides ESLint's default environment variables.

`eslintconfig`

Location of eslintrc config to customize eslint engine.

`pmdconfig`

Location of PMD rule reference XML file to customize rule selection

`severity-threshold`

Throws an error when violations of specific severity (or more severe) are detected.

`strictly-enforced-rules`

A JSON string which contains the rules which will be strictly enforced regardless of their priority. Enforced rules are identified by their engine, category, and rule name.

`target`

Optionally provide this to scan a whole directory instead of just the diff. If the action is run on a push, target will be respected; because GitHub does not allow the uploading of comments during a PR run for a file that hasn't been changed on the latest commit for that PR, this option is ignored when running for a pull request (in favor of just scanning the diff, as it would if this option wasn't supplied).

`tsconfig`

Location of tsconfig.json file

Example usage

name: Static Analysis
on:
  pull_request:
    types: [opened, reopened, synchronize]
  workflow_dispatch:
jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Install SFDX CLI and Scanner
        run: |
          npm install sfdx-cli -g
          sfdx plugins:install @salesforce/sfdx-scanner

      - name: Run SFDX Scanner - Report findings as comments
        uses: mitchspano/sfdx-scan-pull-request@v0.1.8
        with:
          pmdconfig: ruleset.xml
          severity-threshold: 4
          strictly-enforced-rules: '[{ "engine": "pmd", "category": "Performance", "rule": "AvoidDebugStatements" }]'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Note the global installation of the SFDX cli - alternatively, you can use:

- name: Install SFDX CLI and Scanner
  run: |
    npm install sfdx-cli
    npx sfdx plugins:install @salesforce/sfdx-scanner

for that step.

Included Dependencies

This package includes the following version of the required dependencies:

npm package	included version
@actions/core	1.9.0
@actions/github	5.0.3
@octokit/action	4.0.4
parse-diff	0.9.0

Making Modifications

To make modifications to this project, be sure to run the following command before raising a pull request:

npm run build

This will use ncc to bundle the contents of the project and node_modules into the dist folder.

For more information regarding the inclusion of these static versioned dependencies and the necessity of the build command, check out this documentation

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
.github/workflows		.github/workflows
dist		dist
images		images
src		src
tests		tests
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml
example-env.env		example-env.env
jest.config.json		jest.config.json
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

License

mattisdada/sfdx-scan-pull-request

Folders and files

Latest commit

History

Repository files navigation

sfdx-scan-pull-request

Inputs

category

engine

eslint-env

eslintconfig

pmdconfig

severity-threshold

strictly-enforced-rules

target

tsconfig

Example usage

Included Dependencies

Making Modifications

About

Resources