diff --git a/.devcontainer.json b/.devcontainer.json deleted file mode 100644 index 5f5ac50..0000000 --- a/.devcontainer.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "extensions": ["timonwong.shellcheck"] -} diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..05b6793 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,7 @@ +{ + "customizations": { + "vscode": { + "extensions": ["timonwong.shellcheck"] + } + } +} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7390d1a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +pmd-bin** +pmd-dist** \ No newline at end of file diff --git a/pmd-analyser.sh b/pmd-analyser.sh index 7585e24..437f571 100755 --- a/pmd-analyser.sh +++ b/pmd-analyser.sh @@ -1,19 +1,32 @@ #!/bin/bash - # shellcheck shell=bash # Check whether to use latest version of PMD if [ "$PMD_VERSION" == 'latest' ]; then + DOWNLOAD_URL="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.assets[] | select(.name | contains("bin")) | .browser_download_url')" + PMD_FILENAME="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.assets[] | select(.name | contains("bin")) | .name')" LATEST_TAG="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.tag_name')" PMD_VERSION="${LATEST_TAG#"pmd_releases/"}" +else + DOWNLOAD_URL="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/tags/pmd_releases%2F"${PMD_VERSION}" | jq --raw-output '.assets[] | select(.name | contains("bin")) | .browser_download_url')" + PMD_FILENAME="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/tags/pmd_releases%2F"${PMD_VERSION}" | jq --raw-output '.assets[] | select(.name | contains("bin")) | .name')" + LATEST_TAG="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/tags/pmd_releases%2F"${PMD_VERSION}" | jq --raw-output '.tag_name')" + PMD_VERSION="${LATEST_TAG#"pmd_releases/"}" fi # Download PMD -wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F"${PMD_VERSION}"/pmd-bin-"${PMD_VERSION}".zip -unzip pmd-bin-"${PMD_VERSION}".zip +wget "${DOWNLOAD_URL}" +unzip "${PMD_FILENAME}" + # Now either run the full analysis or files changed based on the settings defined if [ "$ANALYSE_ALL_CODE" == 'true' ]; then - pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -d "$FILE_PATH" -R "$RULES_PATH" --fail-on-violation false -f sarif > pmd-raw-output.sarif + # Need to have a more future proof way once PMD 7 is stable, but for now we can just check if the version contains a 7 + if [[ "$PMD_VERSION" == *7* ]]; then + PATH=$PATH:pmd-bin-"${PMD_VERSION}"/bin/ + pmd check -d "$FILE_PATH" -R "$RULES_PATH" --fail-on-violation false -f sarif > pmd-raw-output.sarif + else + pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -d "$FILE_PATH" -R "$RULES_PATH" --fail-on-violation false -f sarif > pmd-raw-output.sarif + fi else if [ "$ACTION_EVENT_NAME" == 'pull_request' ]; then # Now to determine whether to get the files changed from a git diff or using the files changed in a GitHub Pull Request @@ -28,19 +41,25 @@ else git diff --name-only --diff-filter=d "$CURRENT_CODE".."$CHANGED_CODE" | paste -s -d "," >> diff-file.csv fi # Run the analysis - pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -filelist diff-file.csv -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif + # Need to have a more future proof way once PMD 7 is stable, but for now we can just check if the version contains a 7 + if [[ "$PMD_VERSION" == *7* ]]; then + PATH=$PATH:pmd-bin-"${PMD_VERSION}"/bin/ + pmd check -filelist diff-file.csv -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif + else + pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -filelist diff-file.csv -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif + fi fi # Loop through each rule and see if an error should be thrown -echo "::set-output name=error-found::false" +echo "error-found=false" >> "$GITHUB_OUTPUT" while read -r rule; do RULE="$(echo "$rule" | jq --raw-output '.id')" if [[ "$RULE" && "$ERROR_RULES" == *"$RULE"* ]]; then - echo "::set-output name=error-found::true" + echo "error-found=true" >> "$GITHUB_OUTPUT" break fi -done <<< "$(cat pmd-raw-output.sarif | jq --compact-output '.runs[] .tool .driver .rules[]')" +done <<< "$(jq --compact-output '.runs[] .tool .driver .rules[]' < pmd-raw-output.sarif)" # Set the correct file location for the report -cat pmd-raw-output.sarif | jq --arg workspace "$WORKSPACE" '(.runs[] .results[] .locations[] .physicalLocation .artifactLocation .uri) |= ltrimstr($workspace)' > pmd-file-locations-output.sarif +jq --arg workspace "$WORKSPACE" '(.runs[] .results[] .locations[] .physicalLocation .artifactLocation .uri) |= ltrimstr($workspace)' < pmd-raw-output.sarif > pmd-file-locations-output.sarif # Set the rule level configurations for whether they are notes or errors -cat pmd-file-locations-output.sarif | jq --arg errors "$ERROR_RULES" '((.runs[] .tool .driver .rules[]) | select(.id==($errors | split(",")[]))) += {"defaultConfiguration": {"level": "error"}}' > pmd-errors-output.sarif -cat pmd-errors-output.sarif | jq --arg notes "$NOTE_RULES" '((.runs[] .tool .driver .rules[]) | select(.id==($notes | split(",")[]))) += {"defaultConfiguration": {"level": "note"}}' > pmd-output.sarif \ No newline at end of file +jq --arg errors "$ERROR_RULES" '((.runs[] .tool .driver .rules[]) | select(.id==($errors | split(",")[]))) += {"defaultConfiguration": {"level": "error"}}' < pmd-file-locations-output.sarif > pmd-errors-output.sarif +jq --arg notes "$NOTE_RULES" '((.runs[] .tool .driver .rules[]) | select(.id==($notes | split(",")[]))) += {"defaultConfiguration": {"level": "note"}}' < pmd-errors-output.sarif > pmd-output.sarif \ No newline at end of file