Awesome

Violation Comments to GitHub Lib

This repository is archived. There are 2 main reasons for that.

Github supports SARIF

You can transform the violation reports to SARIF:

npx violations-command-line -sarif sarif-report.json \
  -v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
  -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
  -v "PMD" "." ".*pmd/main\.xml$" "PMD" \
  -v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"

And upload Sarif to Github. I do this with Github action:

steps:
  - name: Do analysis
    shell: bash
    run: |
      echo do your analysis here
  - name: Transorm static code analysis to SARIF
    if: ${{ (success() || failure()) }}
    run: |
      npx violations-command-line -sarif sarif-report.json \
      -v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
      -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
      -v "PMD" "." ".*pmd/main\.xml$" "PMD" \
      -v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"
  - uses: github/codeql-action/upload-sarif@v2
    if: ${{ (success() || failure()) }}
    with:
      sarif_file: sarif-report.json

My setup is here: https://github.com/tomasbjerre/.github/tree/master

org.eclipse.egit.github.core not maintained and not working

The library uses org.eclipse.mylyn.github:org.eclipse.egit.github.core and it is no longer maintained. Problem is it gives an error:

INFO Asking GitHubCommentsProvider to create comment with all single file comments.
SEVERE Validation Failed (422): Error with 'data' field in IssueComment resource
org.eclipse.egit.github.core.client.RequestException: Validation Failed (422): Error with 'data' field in IssueComment resource
	at org.eclipse.egit.github.core.client.GitHubClient.createException(GitHubClient.java:552)
	at org.eclipse.egit.github.core.client.GitHubClient.sendJson(GitHubClient.java:643)
	at org.eclipse.egit.github.core.client.GitHubClient.post(GitHubClient.java:757)
	at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:813)
	at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:785)
	at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:770)
	at shadow.se.bjurr.violations.comments.github.lib.GitHubCommentsProvider.createComment(GitHubCommentsProvider.java:87)
	at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createCommentWithAllSingleFileComments(CommentsCreator.java:122)
	at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:78)
	at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:40)
	at shadow.se.bjurr.violations.comments.github.lib.ViolationCommentsToGitHubApi.toPullRequest(ViolationCommentsToGitHubApi.java:165)
	at se.bjurr.violations.main.Runner.main(Runner.java:266)
	at se.bjurr.violations.main.Main.main(Main.java:6)

This can probably be fixed by switching to com.spotify:github-client, there is a branch where I started fiddling with that feature/spotify.

This is a library that adds violation comments from static code analysis to GitHub.

It uses Violation Comments Lib and supports the same formats as Violations Lib.

Very easy to use with a nice builder pattern

  violationsToGitHubApi() //
    .withViolations(".*/findbugs/.*\\.xml$", FINDBUGS, rootFolder) //
    .withViolations(".*/checkstyle/.*\\.xml$", CHECKSTYLE, rootFolder) //
    .withUsername("username") // This is Optional!
    .withPassword("password") // This is Optional!
    .usingOAuth2Token("token") // This is Optional!
    .withRepositoryOwner("repositoryOwner")
    .withRepositoryName("repositoryName")
    .withPullRequestId("pullRequestId")
    .toPullRequest();

Authentication can be done by supplying username/password or OAuth2Token in the builder.

Usage

This software can be used:

• With a Gradle plugin.
• With a Maven plugin.
• With a Jenkins plugin.
• From Command Line.

You may also checkout this blog post that explains how to set it up with Travis.

Travis

To set this up in Travis, you will need to create a GitHub OAuth2 token.

curl -u 'yourgithubuser' -d '{"note":"Violation comments"}' https://api.github.com/authorizations

The token needs to be encrypted before added to your .travis.yml.

sudo apt-get install ruby-dev
gem install travis
travis encrypt export GITHUB_OAUTH2TOKEN=YOUR TOKEN HERE

Now add it to .travis.yml like this.

sudo: false  
language: java  
env:  
  - secure: "YOUR ENCRYPTED TOKEN HERE"
jdk:  
  - oraclejdk7
script:  
  - ./gradlew build violationCommentsToGitHub -DGITHUB_PULLREQUESTID=$TRAVIS_PULL_REQUEST -DGITHUB_OAUTH2TOKEN=$GITHUB_OAUTH2TOKEN -i --stacktrace
notifications:  
  email: false

Here I used Gradle plugin but you can do the same thing with Maven plugin.

Developer instructions

To build the code, have a look at .travis.yml.

To do a release you need to do ./gradlew release and release the artifact from staging. More information here.