From f10e125a5f14cef16fc22beaa7631aea4b28ce9f Mon Sep 17 00:00:00 2001 From: Nik Clayton Date: Tue, 29 Oct 2024 17:17:12 +0100 Subject: [PATCH] ci: Upload SARIF files with lint results (#1060) Perform the lint check as normal, saving the exit code and ignoring any error exit codes. Then upload the lint results as SARIF files for display in GitHub. Then exit with whatever exit code lint returned, to ensure that a lint failure causes the CI job to fail too. --- .github/workflows/ci.yml | 35 +++++++++++++++---- .../kotlin/AndroidLintConventionPlugin.kt | 4 +-- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aabd5b552..b1bbb82d5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,8 +68,8 @@ jobs: strategy: matrix: color: ["orange"] - store: ["fdroid", "github", "google"] - type: ["debug", "release"] + store: [ "Fdroid", "Github", "Google" ] + type: [ "Debug", "Release" ] name: Android Lint runs-on: ubuntu-latest @@ -81,16 +81,37 @@ jobs: with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} + # Run lint. Ignore a failing exit code, but save it for later. - name: Regular lint ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} - run: ./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} + id: runlint + run: | + set +e + ./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} + echo "exitcode=$?" >> $GITHUB_OUTPUT + + - name: Merge SARIF files + run: | + jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }' */*/build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif */build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif > merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + category: ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} + sarif_file: merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif + + # Exit with whatever exit code the original lint run exited with, to + # ensure this job fails if lint fails, *but* the lint reports are still + # uploaded. + - name: Fail if lint failed + run: exit ${{ steps.runlint.outputs.exitcode }} # Android tests are per variant test: strategy: matrix: color: ["orange"] - store: ["fdroid", "github", "google"] - type: ["debug", "release"] + store: [ "Fdroid", "Github", "Google" ] + type: [ "Debug", "Release" ] name: Android Test runs-on: ubuntu-latest @@ -110,8 +131,8 @@ jobs: strategy: matrix: color: ["orange"] - store: ["fdroid", "github", "google"] - type: ["debug", "release"] + store: [ "Fdroid", "Github", "Google" ] + type: [ "Debug", "Release" ] name: Android Assemble runs-on: ubuntu-latest diff --git a/build-logic/convention/src/main/kotlin/AndroidLintConventionPlugin.kt b/build-logic/convention/src/main/kotlin/AndroidLintConventionPlugin.kt index 9b72e6b59..658626834 100644 --- a/build-logic/convention/src/main/kotlin/AndroidLintConventionPlugin.kt +++ b/build-logic/convention/src/main/kotlin/AndroidLintConventionPlugin.kt @@ -15,14 +15,13 @@ * see . */ - import com.android.build.api.dsl.ApplicationExtension import com.android.build.api.dsl.LibraryExtension import com.android.build.api.dsl.Lint +import java.io.File import org.gradle.api.Plugin import org.gradle.api.Project import org.gradle.kotlin.dsl.configure -import java.io.File class AndroidLintConventionPlugin : Plugin { override fun apply(target: Project) { @@ -46,4 +45,5 @@ class AndroidLintConventionPlugin : Plugin { private fun Lint.configure(project: Project) { lintConfig = File(project.findProject(":app")?.projectDir, "lint.xml") baseline = File("lint-baseline.xml") + sarifReport = true }