Make Mix compilation produce report that is machine-readable.
Currently supported formats:
- SARIF used by GitHub Code Scanning
- CodeClimate used by GitLab Code Quality
Add it to list of your dependencies:
def deps do
[
{:mix_machine, "~> 0.1.0"}
]
endAnd now you can use:
$ mix compile.machine
That will produce report.json with SARIF format.
Current behaviour can be controlled by few flags:
--format <format>(-f) - output format, currently supported values aresarifandcode_climate, defaults tosarif.--output <path>(-o) - output file, defaults toreport.json.--pretty- pretty print output.
In addition to CLI flags these options can be set in project/0 function in
mix.exs in :machine keyword list (it has lower precedence than CLI flags):
:format- atom:sarifor:code_climatethat describes default format.:output- default filename to produce output.:pretty- boolean flag whether the output should be pretty printed.:root- relative path to root directory, defaults to current working directory. It can be useful in situations when you have multirepo where the Elixir application isn't mounted at root of the repository.
def project do
[
# …
machine: [
format: :code_climate,
output: "codeclimate.json",
pretty: true,
root: ".."
]
]
In your github .yml file, after you download Elixir deps, compile your project
with mix mix_machine.compile.
- name: Compile Deps
run: mix deps.compile
- name: Compile Project
run: mix compile.machineNote: This must come before any other lines that would inadvertently compile
your code such as mix test!
Note: the mix deps.compile in a separate step is not required but it can be
helpful to separate any compilation warnings in your project from any
compilation warnings in your deps.
Then later in the .yml file add this to upload your Sarif file to your GitHub repository:
- name: Upload Sarif
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: report.jsonSee LICENSE.