External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
246f7c4e32680cc8906b682cd483ff5c82c1784a
du_setup/.github/workflows/codacy.yml
buildplan aba29a900e Refactor Codacy workflow
2025-10-20 10:54:11 +01:00

104 lines
3.7 KiB
YAML
Raw Blame History

# Codacy Security Scan (revised: replaced docker action with codacy-cli-v2 install+analyze)
# - Uses codacy-cli-v2 installer to run analyze when the docker image pre-pull succeeds
# Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '44 7 * * 0'
permissions:
contents: read
jobs:
codacy-security-scan:
name: Codacy Security Scan
runs-on: ubuntu-latest
env:
CLI_VERSION: "4.0.0"
CODACY_CLI_V2_VERSION: ""
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
MAX_PULL_RETRIES: 6
PULL_RETRY_BASE: 5
permissions:
contents: read
security-events: write
actions: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check for non-UTF-8 files
run: |
find . -type f -exec file --mime {} + | grep -v 'charset=utf-8' || true
- name: Pre-pull Codacy CLI Docker image
run: |
set -euo pipefail
IMAGE="codacy/codacy-analysis-cli:${CLI_VERSION}"
echo "CODACY_DOCKER_OK=false" >> $GITHUB_ENV
for i in $(seq 1 $MAX_PULL_RETRIES); do
echo "Attempt $i to pull $IMAGE"
if docker pull "$IMAGE"; then
echo "Successfully pulled $IMAGE"
echo "CODACY_DOCKER_OK=true" >> $GITHUB_ENV
break
fi
if [ "$i" -lt "$MAX_PULL_RETRIES" ]; then
sleep_time=$(( PULL_RETRY_BASE * 2 ** (i - 1) + RANDOM % 5 + 1 ))
echo "Retrying in $sleep_time seconds..."
sleep "$sleep_time"
else
echo "Failed to pull $IMAGE after $i attempts."
fi
done
- name: Run Codacy CLI v2 (Install and Analyze)
if: env.CODACY_DOCKER_OK == 'true'
run: |
set -euo pipefail
echo "Installing codacy-cli-v2"
curl -Ls https://raw.githubusercontent.com/codacy/codacy-cli-v2/main/codacy-cli.sh | bash
echo "Verifying installation directory"
ls -alh $HOME/.codacy/bin || { echo "Installation directory does not exist"; exit 1; }
echo "Adding codacy-cli to PATH"
export PATH="$HOME/.codacy/bin:$PATH"
echo "Verifying codacy-cli command"
which codacy-cli || { echo "codacy-cli not found in PATH"; exit 1; }
echo "Running codacy-cli analyze"
codacy-cli analyze --format sarif --output results.sarif \
--project-token "${CODACY_PROJECT_TOKEN}" --gh-code-scanning-compat --verbose || true
- name: Run Codacy Analysis CLI (Fallback)
if: env.CODACY_DOCKER_OK != 'true'
run: |
set -euo pipefail
echo "Fallback to GitHub Releases API"
RELEASE_URL="https://api.github.com/repos/codacy/codacy-analysis-cli/releases/tags/${CLI_VERSION}"
RELEASE=$(curl -sS "$RELEASE_URL")
ASSET_URL=$(echo "$RELEASE" | jq -r '.assets[] | select(.name | test(".*\\.zip$")) | .browser_download_url')
if [ -z "$ASSET_URL" ]; then
echo "::error::No suitable asset found"
exit 1
fi
curl -L -o codacy-cli.zip "$ASSET_URL"
unzip codacy-cli.zip
./codacy-analysis-cli analyze --format sarif --output results.sarif \
--project-token "${CODACY_PROJECT_TOKEN}" --gh-code-scanning-compat --verbose || true
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
Reference in New Issue View Git Blame Copy Permalink