Checks: Detekt #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Checks: Detekt" | |
| on: | |
| ## Manual dispatch | |
| workflow_dispatch: {} | |
| ## Sub-workflow call | |
| workflow_call: {} | |
| ## Scheduled Checks | |
| schedule: | |
| - cron: '29 21 * * 0' | |
| permissions: | |
| contents: read | |
| env: | |
| DETEKT_RELEASE_TAG: v1.23.3 | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| check-detekt: | |
| name: "Checks: Detekt" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: "Setup: Harden Runner" | |
| uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.azul.com:443 | |
| api.github.com:443 | |
| cdn.azul.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| - name: "Setup: Checkout" | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: "Setup: JDK ${{ inputs.java_version || vars.JVM_VERSION }}" | |
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
| with: | |
| java-version: ${{ inputs.java_version || vars.JVM_VERSION }} | |
| distribution: ${{ inputs.jvm || vars.JVM_VARIANT || 'zulu' }} | |
| - name: "Setup: Detekt" | |
| run: | | |
| dest=$( mktemp -d ) | |
| curl --request GET \ | |
| --url https://github.com/detekt/detekt/releases/download/v1.23.3/detekt-cli-1.23.3-all.jar \ | |
| --silent \ | |
| --location \ | |
| --output $dest/detekt-all.jar | |
| echo '#!/usr/bin/env bash' > $dest/detekt | |
| echo "java -jar $dest/detekt-all.jar \"\$@\"" >> $dest/detekt | |
| chmod a+x $dest/detekt | |
| echo $dest >> $GITHUB_PATH | |
| - name: "Checks: Detekt" | |
| continue-on-error: true | |
| run: | | |
| detekt --input ${{ github.workspace }} --config ./.github/detekt.yml --report sarif:${{ github.workspace }}/detekt.sarif.json | |
| # Modifies the SARIF output produced by Detekt so that absolute URIs are relative | |
| # This is so we can easily map results onto their source files | |
| # This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA | |
| - name: "Fixup: Relativize SARIF" | |
| continue-on-error: true | |
| run: | | |
| echo "$( | |
| jq \ | |
| --arg github_workspace ${{ github.workspace }} \ | |
| '. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \ | |
| ${{ github.workspace }}/detekt.sarif.json | |
| )" > ${{ github.workspace }}/detekt.sarif.json | |
| # Uploads results to GitHub repository using the upload-sarif action | |
| - name: "Report: Upload SARIF" | |
| uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 | |
| with: | |
| # Path to SARIF file relative to the root of the repository | |
| sarif_file: ${{ github.workspace }}/detekt.sarif.json | |
| checkout_path: ${{ github.workspace }} |