.github/workflows/dart_analyze.yaml

name: Dart Analyzer to SARIF
on: [push]
jobs:
  dart-analyzer:
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    runs-on: ubuntu-latest
    name: Dart Analyzer to SARIF
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - uses: dart-lang/setup-dart@v1
        with:
          sdk: beta
      - name: Dart Analyze
        run: dart analyze > dart_analyze.txt || true
      - name: Dart Analyze to SARIF
        uses: advanced-security/dart-analyzer-sarif@main
        with:
          input: dart_analyze.txt
          output: dart_analyze.sarif
      - name: Upload SARIF to DeepSource
        run: |
          # Install the CLI
          curl https://deepsource.io/cli | sh
          # Send the report to DeepSource
          ./bin/deepsource report --analyzer dart-analyze --analyzer-type community --value-file ./dart_analyze.sarif
        
        env:
          DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}