ci: Upload SARIF files with lint results (#1060)

Perform the lint check as normal, saving the exit code and ignoring any error exit codes. Then upload the lint results as SARIF files for display in GitHub. Then exit with whatever exit code lint returned, to ensure that a lint failure causes the CI job to fail too.
2024-10-29 17:17:12 +01:00 · 2024-10-29 17:17:12 +01:00 · f10e125a5f
parent 04d98ae616
commit f10e125a5f
2 changed files with 30 additions and 9 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -68,8 +68,8 @@ jobs:
    strategy:
      matrix:
        color: ["orange"]
-        store: ["fdroid", "github", "google"]
+        store: [ "Fdroid", "Github", "Google" ]
-        type: ["debug", "release"]
+        type: [ "Debug", "Release" ]
    name: Android Lint
    runs-on: ubuntu-latest
@ -81,16 +81,37 @@ jobs:
        with:
          gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
      # Run lint. Ignore a failing exit code, but save it for later.
      - name: Regular lint ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
-        run: ./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
+        id: runlint
        run: |
          set +e
          ./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
          echo "exitcode=$?" >> $GITHUB_OUTPUT
      - name: Merge SARIF files
        run: |
          jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }'  */*/build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif */build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif > merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v3
        with:
          category: ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
          sarif_file: merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
      # Exit with whatever exit code the original lint run exited with, to
      # ensure this job fails if lint fails, *but* the lint reports are still
      # uploaded.
      - name: Fail if lint failed
        run: exit ${{ steps.runlint.outputs.exitcode }}
  # Android tests are per variant
  test:
    strategy:
      matrix:
        color: ["orange"]
-        store: ["fdroid", "github", "google"]
+        store: [ "Fdroid", "Github", "Google" ]
-        type: ["debug", "release"]
+        type: [ "Debug", "Release" ]
    name: Android Test
    runs-on: ubuntu-latest
@ -110,8 +131,8 @@ jobs:
    strategy:
      matrix:
        color: ["orange"]
-        store: ["fdroid", "github", "google"]
+        store: [ "Fdroid", "Github", "Google" ]
-        type: ["debug", "release"]
+        type: [ "Debug", "Release" ]
    name: Android Assemble
    runs-on: ubuntu-latest
--- a/build-logic/convention/src/main/kotlin/AndroidLintConventionPlugin.kt
+++ b/build-logic/convention/src/main/kotlin/AndroidLintConventionPlugin.kt
@ -15,14 +15,13 @@
 * see <http://www.gnu.org/licenses>.
 */
 import com.android.build.api.dsl.ApplicationExtension
 import com.android.build.api.dsl.LibraryExtension
 import com.android.build.api.dsl.Lint
 import java.io.File
 import org.gradle.api.Plugin
 import org.gradle.api.Project
 import org.gradle.kotlin.dsl.configure
 import java.io.File
 class AndroidLintConventionPlugin : Plugin<Project> {
    override fun apply(target: Project) {
@ -46,4 +45,5 @@ class AndroidLintConventionPlugin : Plugin<Project> {
 private fun Lint.configure(project: Project) {
    lintConfig = File(project.findProject(":app")?.projectDir, "lint.xml")
    baseline = File("lint-baseline.xml")
    sarifReport = true
 }