Awesome
Violation Comments to GitHub Lib
This repository is archived. There are 2 main reasons for that.
Github supports SARIF
You can transform the violation reports to SARIF:
npx violations-command-line -sarif sarif-report.json \
-v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
-v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
-v "PMD" "." ".*pmd/main\.xml$" "PMD" \
-v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"
And upload Sarif to Github. I do this with Github action:
steps:
- name: Do analysis
shell: bash
run: |
echo do your analysis here
- name: Transorm static code analysis to SARIF
if: ${{ (success() || failure()) }}
run: |
npx violations-command-line -sarif sarif-report.json \
-v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
-v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
-v "PMD" "." ".*pmd/main\.xml$" "PMD" \
-v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"
- uses: github/codeql-action/upload-sarif@v2
if: ${{ (success() || failure()) }}
with:
sarif_file: sarif-report.json
My setup is here: https://github.com/tomasbjerre/.github/tree/master
org.eclipse.egit.github.core not maintained and not working
The library uses org.eclipse.mylyn.github:org.eclipse.egit.github.core
and it is no longer maintained. Problem is it gives an error:
INFO Asking GitHubCommentsProvider to create comment with all single file comments.
SEVERE Validation Failed (422): Error with 'data' field in IssueComment resource
org.eclipse.egit.github.core.client.RequestException: Validation Failed (422): Error with 'data' field in IssueComment resource
at org.eclipse.egit.github.core.client.GitHubClient.createException(GitHubClient.java:552)
at org.eclipse.egit.github.core.client.GitHubClient.sendJson(GitHubClient.java:643)
at org.eclipse.egit.github.core.client.GitHubClient.post(GitHubClient.java:757)
at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:813)
at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:785)
at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:770)
at shadow.se.bjurr.violations.comments.github.lib.GitHubCommentsProvider.createComment(GitHubCommentsProvider.java:87)
at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createCommentWithAllSingleFileComments(CommentsCreator.java:122)
at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:78)
at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:40)
at shadow.se.bjurr.violations.comments.github.lib.ViolationCommentsToGitHubApi.toPullRequest(ViolationCommentsToGitHubApi.java:165)
at se.bjurr.violations.main.Runner.main(Runner.java:266)
at se.bjurr.violations.main.Main.main(Main.java:6)
This can probably be fixed by switching to com.spotify:github-client
, there is a branch where I started fiddling with that feature/spotify
.
This is a library that adds violation comments from static code analysis to GitHub.
It uses Violation Comments Lib and supports the same formats as Violations Lib.
Very easy to use with a nice builder pattern
violationsToGitHubApi() //
.withViolations(".*/findbugs/.*\\.xml$", FINDBUGS, rootFolder) //
.withViolations(".*/checkstyle/.*\\.xml$", CHECKSTYLE, rootFolder) //
.withUsername("username") // This is Optional!
.withPassword("password") // This is Optional!
.usingOAuth2Token("token") // This is Optional!
.withRepositoryOwner("repositoryOwner")
.withRepositoryName("repositoryName")
.withPullRequestId("pullRequestId")
.toPullRequest();
Authentication can be done by supplying username/password or OAuth2Token in the builder.
Usage
This software can be used:
- With a Gradle plugin.
- With a Maven plugin.
- With a Jenkins plugin.
- From Command Line.
You may also checkout this blog post that explains how to set it up with Travis.
Travis
To set this up in Travis, you will need to create a GitHub OAuth2 token.
curl -u 'yourgithubuser' -d '{"note":"Violation comments"}' https://api.github.com/authorizations
The token needs to be encrypted before added to your .travis.yml
.
sudo apt-get install ruby-dev
gem install travis
travis encrypt export GITHUB_OAUTH2TOKEN=YOUR TOKEN HERE
Now add it to .travis.yml
like this.
sudo: false
language: java
env:
- secure: "YOUR ENCRYPTED TOKEN HERE"
jdk:
- oraclejdk7
script:
- ./gradlew build violationCommentsToGitHub -DGITHUB_PULLREQUESTID=$TRAVIS_PULL_REQUEST -DGITHUB_OAUTH2TOKEN=$GITHUB_OAUTH2TOKEN -i --stacktrace
notifications:
email: false
Here I used Gradle plugin but you can do the same thing with Maven plugin.
Developer instructions
To build the code, have a look at .travis.yml
.
To do a release you need to do ./gradlew release
and release the artifact from staging. More information here.