diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 00b681e..4e61e5d 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -1,53 +1,34 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow performs a static analysis of your Kotlin source code using -# Detekt. -# -# Scans are triggered: -# 1. On every push to default and protected branches -# 2. On every Pull Request targeting the default branch -# 3. On a weekly schedule -# 4. Manually, on demand, via the "workflow_dispatch" event -# -# The workflow should work with no modifications, but you might like to use a -# later version of the Detekt CLI by modifying the $DETEKT_RELEASE_TAG -# environment variable. name: Scan with Detekt on: - # Triggers the workflow on push or pull request events but only for default and protected branches push: branches: [ "main" ] pull_request: branches: [ "main" ] schedule: - - cron: '29 16 * * 3' - - # Allows you to run this workflow manually from the Actions tab + - cron: '38 15 * * 4' workflow_dispatch: env: - # Release tag associated with version of Detekt to be installed - # SARIF support (required for this workflow) was introduced in Detekt v1.15.0 - DETEKT_RELEASE_TAG: v1.15.0 + DETEKT_RELEASE_TAG: v1.20.0 # Detekt의 최신 릴리스 태그로 업데이트 -# A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: - # This workflow contains a single job called "scan" scan: name: Scan - # The type of runner that the job will run on runs-on: ubuntu-latest - # Steps represent a sequence of tasks that will be executed as part of the job steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v4 - # Gets the download URL associated with the $DETEKT_RELEASE_TAG + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + + - name: Install dependencies + run: ./gradlew dependencies + - name: Get Detekt download URL id: detekt_info env: @@ -68,9 +49,9 @@ jobs: } } } - ' 1> gh_response.json + ' > gh_response.json - DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json) + DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.tagCommit.oid' gh_response.json) if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then echo "Release tag doesn't match expected commit SHA" exit 1 @@ -79,40 +60,24 @@ jobs: DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json) echo "download_url=$DETEKT_DOWNLOAD_URL" >> $GITHUB_OUTPUT - # Sets up the detekt cli - name: Setup Detekt run: | - dest=$( mktemp -d ) - curl --request GET \ - --url ${{ steps.detekt_info.outputs.download_url }} \ - --silent \ - --location \ - --output $dest/detekt + dest=$(mktemp -d) + curl --request GET --url ${{ steps.detekt_info.outputs.download_url }} --silent --location --output $dest/detekt chmod a+x $dest/detekt echo $dest >> $GITHUB_PATH - # Performs static analysis using Detekt - name: Run Detekt continue-on-error: true run: | detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json - # Modifies the SARIF output produced by Detekt so that absolute URIs are relative - # This is so we can easily map results onto their source files - # This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA - name: Make artifact location URIs relative continue-on-error: true run: | - echo "$( - jq \ - --arg github_workspace ${{ github.workspace }} \ - '. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \ - ${{ github.workspace }}/detekt.sarif.json - )" > ${{ github.workspace }}/detekt.sarif.json + jq --arg github_workspace ${{ github.workspace }} '. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' ${{ github.workspace }}/detekt.sarif.json > ${{ github.workspace }}/detekt.sarif.json - # Uploads results to GitHub repository using the upload-sarif action - uses: github/codeql-action/upload-sarif@v2 with: - # Path to SARIF file relative to the root of the repository sarif_file: ${{ github.workspace }}/detekt.sarif.json checkout_path: ${{ github.workspace }}