Skip to content
Scan with Detekt

Update Gradle Wrapper from 8.10.1 to 8.10.2 #352

Sign in to view logs

Update Gradle Wrapper from 8.10.1 to 8.10.2

Update Gradle Wrapper from 8.10.1 to 8.10.2 #352

Workflow file for this run

.github/workflows/analyze-with-detekt.yml at 143a02a
# This workflow performs a static analysis of your Kotlin source code using
# Detekt.
#
# Scans are triggered:
# 1. On every push to default and protected branches
# 2. On every Pull Request targeting the default branch
# 3. On a weekly schedule
# 4. Manually, on demand, via the "workflow_dispatch" event
#
# The workflow should work with no modifications, but you might like to use a
# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
# environment variable.
name: Scan with Detekt
on:
# Triggers the workflow on push or pull request events but only for default and protected branches
push:
branches: [ main ]
paths-ignore:
- '.github/**'
- 'sample-code/**'
- 'webpack.config.d/**'
- 'raw/**'
pull_request:
branches: [ main ]
schedule:
- cron: '36 5 * * 6'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
# Release tag associated with version of Detekt to be installed
# SARIF support (required for this workflow) was introduced in Detekt v1.15.0
DETEKT_RELEASE_TAG: "1.22.0"
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "scan"
scan:
name: Scan
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
- name: Get Detekt download URL
id: detekt_info
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
ASSET_NAME=detekt-cli-$(echo $DETEKT_RELEASE_TAG)-all.jar
DETEKT_DOWNLOAD_URL=$( gh api graphql --field tagName=v$DETEKT_RELEASE_TAG --field assetName=$ASSET_NAME --raw-field query='
query getReleaseAssetDownloadUrl($tagName: String!, $assetName: String!) {
repository(name: "detekt", owner: "detekt") {
release(tagName: $tagName) {
releaseAssets(name: $assetName , first: 1) {
nodes {
downloadUrl
}
}
}
}
}
' | \
jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' )
echo "download_url=$DETEKT_DOWNLOAD_URL" >> $GITHUB_OUTPUT
# Sets up the detekt cli
- name: Setup Detekt
id: detekt_download
run: |
dest=$( mktemp -d )
curl --request GET \
--url ${{ steps.detekt_info.outputs.download_url }} \
--silent \
--location \
--output $dest/detekt.jar
# chmod a+x $dest/detekt
echo $dest >> $GITHUB_PATH
echo "detekt_jar_path=$dest/detekt.jar" >> $GITHUB_OUTPUT
# Performs static analysis using Detekt
- name: Run Detekt
continue-on-error: true
run: |
java -Xmx512m -jar ${{ steps.detekt_download.outputs.detekt_jar_path }} --config ${{ github.workspace }}/.config/detekt.yml --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
# Modifies the SARIF output produced by Detekt so that absolute URIs are relative
# This is so we can easily map results onto their source files
# This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
- name: Make artifact location URIs relative
continue-on-error: true
run: |
echo "$(
jq \
--arg github_workspace ${{ github.workspace }} \
'. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
${{ github.workspace }}/detekt.sarif.json
)" > ${{ github.workspace }}/detekt.sarif.json
# Uploads results to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/detekt.sarif.json
checkout_path: ${{ github.workspace }}