From 8b9a97b529715e141425ad7942a2fbbc1e0f98e0 Mon Sep 17 00:00:00 2001 From: Clint Chester Date: Sat, 14 Aug 2021 03:55:56 +0000 Subject: [PATCH 1/2] Diff behaviour changed on push events It now checks the commits between the before and after of a push, not the branches. --- action.yml | 17 +++++++++-------- pmd-analyser.sh | 15 ++++++++++----- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/action.yml b/action.yml index 09d78c2..0fb3d06 100644 --- a/action.yml +++ b/action.yml @@ -38,14 +38,14 @@ outputs: runs: using: "composite" steps: - - id: branches + - id: code run: | if [ ${{ github.event_name }} == 'pull_request' ]; then - echo "::set-output name=target::${{ github.base_ref }}" - echo "::set-output name=source::${{ github.head_ref }}" + echo "::set-output name=current_code::${{ github.base_ref }}" + echo "::set-output name=changed_code::${{ github.head_ref }}" else - echo "::set-output name=target::${{ github.event.repository.default_branch }}" - echo "::set-output name=source::${{ github.ref }}" + echo "::set-output name=current_code::${{ github.event.before }}" + echo "::set-output name=changed_code::${{ github.event.after }}" fi shell: bash - id: pmd-analysis @@ -56,12 +56,13 @@ runs: FILE_PATH: ${{ inputs.file-path }} RULES_PATH: ${{ inputs.rules-path }} ANALYSE_ALL_CODE: ${{ inputs.analyse-all-code }} - TARGET_BRANCH: ${{ steps.branches.outputs.target }} - SOURCE_BRANCH: ${{ steps.branches.outputs.source }} + CURRENT_CODE: ${{ steps.code.outputs.current_code }} + CHANGED_CODE: ${{ steps.code.outputs.changed_code }} ERROR_RULES: ${{ inputs.error-rules }} NOTE_RULES: ${{ inputs.note-rules }} REPO_NAME: ${{ github.event.repository.full_name }} PR_NUMBER: ${{ github.event.number }} AUTH_TOKEN: ${{ inputs.auth-token }} FILE_DIFF_TYPE: ${{ inputs.file-diff-type }} - WORKSPACE: ${{ github.workspace }}/ \ No newline at end of file + WORKSPACE: ${{ github.workspace }}/ + ACTION_EVENT_NAME: ${{ github.event_name }} \ No newline at end of file diff --git a/pmd-analyser.sh b/pmd-analyser.sh index 87175ef..1ad9979 100755 --- a/pmd-analyser.sh +++ b/pmd-analyser.sh @@ -7,12 +7,17 @@ unzip pmd-bin-"${PMD_VERSION}".zip if [ "$ANALYSE_ALL_CODE" == 'true' ]; then pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -d "$FILE_PATH" -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif else - # Now to determine whether to get the files changed from a git diff or using the files changed in a GitHub Pull Request - # Both options will generate a CSV file first with the files changed - if [ "$FILE_DIFF_TYPE" == 'git' ]; then - git diff --name-only --diff-filter=d origin/"$TARGET_BRANCH"..origin/"${SOURCE_BRANCH#"refs/heads/"}" | paste -s -d "," >> diff-file.csv + if [ "$ACTION_EVENT_NAME" == 'pull_request' ]; then + # Now to determine whether to get the files changed from a git diff or using the files changed in a GitHub Pull Request + # Both options will generate a CSV file first with the files changed + if [ "$FILE_DIFF_TYPE" == 'git' ]; then + git diff --name-only --diff-filter=d origin/"$CURRENT_CODE"..origin/"${CHANGED_CODE#"refs/heads/"}" | paste -s -d "," >> diff-file.csv + else + curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${AUTH_TOKEN}" https://api.github.com/repos/"$REPO_NAME"/pulls/"$PR_NUMBER"/files | jq --raw-output '.[] .filename' | paste -s -d "," >> diff-file.csv + fi else - curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${AUTH_TOKEN}" https://api.github.com/repos/"$REPO_NAME"/pulls/"$PR_NUMBER"/files | jq --raw-output '.[] .filename' | paste -s -d "," >> diff-file.csv + # Irrespective of the file type diff selected on a push event, we will always do a git diff (as we can't get that from the GitHub API) + git diff --name-only --diff-filter=d "$CURRENT_CODE".."$CHANGED_CODE" | paste -s -d "," >> diff-file.csv fi # Run the analysis pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -filelist diff-file.csv -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif From cd6fc3b25e86396a87ddd0e9f5c98a7e8cefb69d Mon Sep 17 00:00:00 2001 From: Clint Chester Date: Sat, 14 Aug 2021 04:39:58 +0000 Subject: [PATCH 2/2] Resolves #3 --- README.md | 14 ++++++++++---- action.yml | 4 ++-- pmd-analyser.sh | 6 ++++++ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 573c975..cecda02 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,18 @@ Features of this action include: - Set the severity level you want rules reported at. Levels include error, warning and note (default level is warning). - Run PMD Analyser on the files changed. File comparison can be done either based on a git diff or based on the files changed specified on the GitHub pull request. +Note that when you are running this action and making use of the SARIF uploader in the example below, if you are looking to get pull request comments then you will need to run the analyser on push events for the target branch that pull requests are targetting. + ## Example GitHub Action Workflow File ``` name: PMD Static Code Analysis on: pull_request: + branches: + - main push: + branches: + - main jobs: pmd-analyser-check: @@ -32,7 +38,7 @@ jobs: id: pmd-analysis uses: synergy-au/pmd-analyser-action@v2 with: - pmd-version: '6.34.0' + pmd-version: 'latest' file-path: './src' rules-path: './pmd-ruleset.xml' error-rules: 'AvoidDirectAccessTriggerMap,AvoidDmlStatementsInLoops,AvoidHardcodingId' @@ -90,10 +96,10 @@ If you wish to define rules that log as a note, enter each rule name separated w ### pmd-version -The version of PMD you would like to run. +The version of PMD you would like to run. You can either specify latest to always get the newest version, or you can specify a version number like 6.37.0. -- required: true -- default: '6.33.0' +- required: false +- default: 'latest' ### rules-path diff --git a/action.yml b/action.yml index 0fb3d06..5a7e601 100644 --- a/action.yml +++ b/action.yml @@ -25,9 +25,9 @@ inputs: description: 'If you wish to define rules that log as a note, enter each rule name separated with a comma and no spaces. Note that if a note is identified the run will not fail. e.g. ClassNamingConventions,GuardLogStatement' required: false pmd-version: - description: 'The version of PMD you would like to run.' + description: 'The version of PMD you would like to run. You can either specify latest to always get the newest version, or you can specify a version number like 6.37.0' required: false - default: '6.34.0' + default: 'latest' rules-path: description: 'The ruleset file you want to use. PMD uses xml configuration files, called rulesets, which specify which rules to execute on your sources. You can also run a single rule by referencing it using its category and name (more details here). For example, you can check for unnecessary modifiers on Java sources with -R category/java/codestyle.xml/UnnecessaryModifier.' required: true diff --git a/pmd-analyser.sh b/pmd-analyser.sh index 1ad9979..4b0ba89 100755 --- a/pmd-analyser.sh +++ b/pmd-analyser.sh @@ -1,5 +1,11 @@ # shellcheck shell=sh +# Check whether to use latest version of PMD +if [ "$PMD_VERSION" == 'latest' ]; then + LATEST_TAG="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.tag_name')" + PMD_VERSION="${LATEST_TAG#"pmd_releases/"}" +fi + # Download PMD wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F"${PMD_VERSION}"/pmd-bin-"${PMD_VERSION}".zip unzip pmd-bin-"${PMD_VERSION}".zip