Runs sfdx-scanner on a pull request and generates in-line comments with the findings.
Categor(ies) of rules to run.
Engine(s) to run.
JSON-formatted string, overrides ESLint's default environment variables.
Location of eslintrc config to customize eslint engine.
Location of PMD rule reference XML file to customize rule selection
Throws an error when violations of specific severity (or more severe) are detected.
A JSON string which contains the rules which will be strictly enforced regardless of their priority. Enforced rules are identified by their engine, category, and rule name.
Location of tsconfig.json file
name: Static Analysis
on:
pull_request:
types: [opened, reopened, synchronize]
workflow_dispatch:
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install SFDX CLI and Scanner
run: |
npm install sfdx-cli
node_modules/sfdx-cli/bin/run plugins:install @salesforce/sfdx-scanner
- name: Run SFDX Scanner - Report findings as comments
uses: mitchspano/sfdx-scan-pull-request@v0.1.7
with:
pmdconfig: ruleset.xml
severity-threshold: 4
strictly-enforced-rules: '[{ "engine": "pmd", "category": "Performance", "rule": "AvoidDebugStatements" }]'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
This package includes the following version of the required dependencies:
| npm package | included version |
|---|---|
| @actions/core | 1.9.0 |
| @actions/github | 5.0.3 |
| @octokit/action | 4.0.4 |
| parse-diff | 0.9.0 |
| recursive-copy | 2.0.14 |
| sfdx-cli | 7.161.0 |
For more information regarding the inclusion of these static versioned dependencies, see here