External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
93e36fcb541c0fbd3af76b7efbd0b11685245a6d
du_setup/.github/workflows/codacy.yml
Workflow config file is invalid. Please check your config file: yaml: line 75: mapping values are not allowed in this context
buildplan 92115f6386 Improve Codacy Security Scan workflow 
Enhanced Codacy workflow with Docker image pull retries and fallback mechanism for CLI execution.
2025-10-20 09:37:33 +01:00

108 lines
4.1 KiB
YAML
Raw Blame History

# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '44 7 * * 0'
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check for non-UTF-8 files
run: |
find . -type f -exec file --mime {} + | grep -v 'charset=utf-8' || true
- name: Pre-pull Codacy CLI Docker image (with retries)
run: |
IMAGE=codacy/codacy-analysis-cli:4.0.0
MAX_RETRIES=3
RETRY_DELAY=30
echo "CODACY_DOCKER_OK=false" >> $GITHUB_ENV
for i in $(seq 1 $MAX_RETRIES); do
echo "Attempt $i to pull $IMAGE"
if docker pull "$IMAGE"; then
echo "Successfully pulled $IMAGE"
echo "CODACY_DOCKER_OK=true" >> $GITHUB_ENV
break
else
echo "Failed to pull $IMAGE (attempt $i)."
if [ "$i" -lt "$MAX_RETRIES" ]; then
echo "Retrying in ${RETRY_DELAY}s..."
sleep $RETRY_DELAY
fi
fi
done
if [ "$CODACY_DOCKER_OK" != "true" ]; then
echo "::warning::Could not pull $IMAGE after $MAX_RETRIES attempts. Fallback will run."
fi
- name: Run Codacy Analysis CLI (docker)
if: env.CODACY_DOCKER_OK == 'true'
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
- name: Run Codacy Analysis CLI (fallback: download binary)
if: env.CODACY_DOCKER_OK != 'true'
run: |
set -euo pipefail
CLI_VERSION=4.0.0
ARCHIVE="codacy-analysis-cli-${CLI_VERSION}.zip"
RELEASE_URL="https://github.com/codacy/codacy-analysis-cli/releases/download/${CLI_VERSION}/${ARCHIVE}"
echo "Downloading Codacy Analysis CLI ${CLI_VERSION} from ${RELEASE_URL}"
curl -fSL "$RELEASE_URL" -o "$ARCHIVE" || { echo "::error::Failed to download ${RELEASE_URL}"; exit 1; }
unzip -q "$ARCHIVE"
# After unzip, try to find an executable or jar. Adjust commands below if the artifact differs.
if [ -x "./codacy-analysis-cli" ]; then
CMD="./codacy-analysis-cli"
elif ls codacy-analysis-cli-* 2>/dev/null | grep -q '\.jar$'; then
JAR="$(ls codacy-analysis-cli-*.jar | head -n1)"
CMD="java -jar ${JAR}"
else
echo "::error::Could not find the codacy CLI executable or jar after extracting ${ARCHIVE}"
exit 1
fi
echo "Running Codacy CLI fallback via: $CMD"
# Run with same arguments as the action
$CMD analyze --format sarif --output results.sarif \
$( [ -n "${{ secrets.CODACY_PROJECT_TOKEN }}" ] && echo "--project-token ${{ secrets.CODACY_PROJECT_TOKEN }}" || echo "" ) \
--gh-code-scanning-compat --verbose || true
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
Reference in New Issue View Git Blame Copy Permalink