forked from oss-review-toolkit/ort
-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (127 loc) · 4.32 KB
/
static-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Static Analysis
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
GRADLE_OPTS: -Dorg.gradle.daemon=false
jobs:
commit-lint:
runs-on: ubuntu-24.04
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Check Commit Messages
uses: wagoid/commitlint-github-action@3d28780bbf0365e29b144e272b2121204d5be5f3 # v6
with:
configFile: .commitlintrc.yml
code-base-checks:
runs-on: ubuntu-24.04
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4
- name: Check copyrights, license headers, and .gitattributes
run: ./gradlew checkCopyrightsInNoticeFile checkLicenseHeaders checkGitAttributes
completions:
runs-on: ubuntu-24.04
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4
with:
distribution: temurin
java-version: 21
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4
- name: Generate completions
run: |
./scripts/generate_completion_scripts.sh
- name: Check if completions are up-to-date
run: |
if git diff --exit-code; then
echo "Completions are up-to-date."
else
echo "Completions are not up-to-date."
echo "Please always run the script below when changing CLI commands:"
echo "./scripts/generate_completion_scripts.sh"
exit 1
fi
detekt-issues:
runs-on: ubuntu-24.04
permissions:
# Needed for SARIF scanning upload.
security-events: write
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4
- name: Check for Detekt Issues
run: ./gradlew detektAll
- name: Upload SARIF File
uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3
if: always() # Upload even if the previous step failed.
with:
sarif_file: build/reports/detekt/merged.sarif
markdown-links:
runs-on: ubuntu-24.04
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Check Links
uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1
with:
base-branch: main
check-modified-files-only: yes
max-depth: 2
use-quiet-mode: yes
markdownlint:
runs-on: ubuntu-24.04
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Setup Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
- name: Check for Markdown issues
run: |
npm install -g [email protected]
npx markdownlint-cli2
qodana-scan:
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-24.04
permissions:
# Needed for SARIF scanning upload.
security-events: write
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Qodana Scan
uses: JetBrains/qodana-action@31d6f3309b31c566758e1314a3d9ef0dff75ecbd # v2024.2.6
with:
post-pr-comment: false
use-caches: false
- name: Upload Code Scanning Results
uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3
with:
sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
reuse-tool:
runs-on: ubuntu-24.04
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Check REUSE Compliance
run: |
pipx install reuse
reuse lint