This repository is archived. There are 2 main reasons for that.
You can transform the violation reports to SARIF:
npx violations-command-line -sarif sarif-report.json \
-v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
-v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
-v "PMD" "." ".*pmd/main\.xml$" "PMD" \
-v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"And upload Sarif to Github. I do this with Github action:
steps:
- name: Do analysis
shell: bash
run: |
echo do your analysis here
- name: Transorm static code analysis to SARIF
if: ${{ (success() || failure()) }}
run: |
npx violations-command-line -sarif sarif-report.json \
-v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
-v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
-v "PMD" "." ".*pmd/main\.xml$" "PMD" \
-v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"
- uses: github/codeql-action/upload-sarif@v2
if: ${{ (success() || failure()) }}
with:
sarif_file: sarif-report.jsonMy setup is here: https://github.com/tomasbjerre/.github/tree/master
The library uses org.eclipse.mylyn.github:org.eclipse.egit.github.core and it is no longer maintained. Problem is it gives an error:
INFO Asking GitHubCommentsProvider to create comment with all single file comments.
SEVERE Validation Failed (422): Error with 'data' field in IssueComment resource
org.eclipse.egit.github.core.client.RequestException: Validation Failed (422): Error with 'data' field in IssueComment resource
at org.eclipse.egit.github.core.client.GitHubClient.createException(GitHubClient.java:552)
at org.eclipse.egit.github.core.client.GitHubClient.sendJson(GitHubClient.java:643)
at org.eclipse.egit.github.core.client.GitHubClient.post(GitHubClient.java:757)
at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:813)
at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:785)
at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:770)
at shadow.se.bjurr.violations.comments.github.lib.GitHubCommentsProvider.createComment(GitHubCommentsProvider.java:87)
at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createCommentWithAllSingleFileComments(CommentsCreator.java:122)
at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:78)
at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:40)
at shadow.se.bjurr.violations.comments.github.lib.ViolationCommentsToGitHubApi.toPullRequest(ViolationCommentsToGitHubApi.java:165)
at se.bjurr.violations.main.Runner.main(Runner.java:266)
at se.bjurr.violations.main.Main.main(Main.java:6)
This can probably be fixed by switching to com.spotify:github-client, there is a branch where I started fiddling with that feature/spotify.
This is a library that adds violation comments from static code analysis to GitHub.
It uses Violation Comments Lib and supports the same formats as Violations Lib.
Very easy to use with a nice builder pattern
violationsToGitHubApi() //
.withViolations(".*/findbugs/.*\\.xml$", FINDBUGS, rootFolder) //
.withViolations(".*/checkstyle/.*\\.xml$", CHECKSTYLE, rootFolder) //
.withUsername("username") // This is Optional!
.withPassword("password") // This is Optional!
.usingOAuth2Token("token") // This is Optional!
.withRepositoryOwner("repositoryOwner")
.withRepositoryName("repositoryName")
.withPullRequestId("pullRequestId")
.toPullRequest();
Authentication can be done by supplying username/password or OAuth2Token in the builder.
This software can be used:
- With a Gradle plugin.
- With a Maven plugin.
- With a Jenkins plugin.
- From Command Line.
You may also checkout this blog post that explains how to set it up with Travis.
To set this up in Travis, you will need to create a GitHub OAuth2 token.
curl -u 'yourgithubuser' -d '{"note":"Violation comments"}' https://api.github.com/authorizations
The token needs to be encrypted before added to your .travis.yml.
sudo apt-get install ruby-dev
gem install travis
travis encrypt export GITHUB_OAUTH2TOKEN=YOUR TOKEN HERE
Now add it to .travis.yml like this.
sudo: false
language: java
env:
- secure: "YOUR ENCRYPTED TOKEN HERE"
jdk:
- oraclejdk7
script:
- ./gradlew build violationCommentsToGitHub -DGITHUB_PULLREQUESTID=$TRAVIS_PULL_REQUEST -DGITHUB_OAUTH2TOKEN=$GITHUB_OAUTH2TOKEN -i --stacktrace
notifications:
email: false
Here I used Gradle plugin but you can do the same thing with Maven plugin.
To build the code, have a look at .travis.yml.
To do a release you need to do ./gradlew release and release the artifact from staging. More information here.