Giters

tomasbjerre / violation-comments-to-github-lib

A library for commenting GitHub with violations from static code analyzer reports.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Violation Comments to GitHub Lib Build Status Maven Central Bintray

This repository is archived. There are 2 main reasons for that.

Github supports SARIF

You can transform the violation reports to SARIF:

npx violations-command-line -sarif sarif-report.json \
  -v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
  -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
  -v "PMD" "." ".*pmd/main\.xml$" "PMD" \
  -v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"

And upload Sarif to Github. I do this with Github action:

steps:
  - name: Do analysis
    shell: bash
    run: |
      echo do your analysis here
  - name: Transorm static code analysis to SARIF
    if: ${{ (success() || failure()) }}
    run: |
      npx violations-command-line -sarif sarif-report.json \
      -v "FINDBUGS" "." ".*spotbugs/main\.xml$" "Spotbugs" \
      -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
      -v "PMD" "." ".*pmd/main\.xml$" "PMD" \
      -v "JUNIT" "." ".*test/TEST-.*\.xml$" "JUNIT"
  - uses: github/codeql-action/upload-sarif@v2
    if: ${{ (success() || failure()) }}
    with:
      sarif_file: sarif-report.json

My setup is here: https://github.com/tomasbjerre/.github/tree/master

org.eclipse.egit.github.core not maintained and not working

The library uses org.eclipse.mylyn.github:org.eclipse.egit.github.core and it is no longer maintained. Problem is it gives an error:

INFO Asking GitHubCommentsProvider to create comment with all single file comments.
SEVERE Validation Failed (422): Error with 'data' field in IssueComment resource
org.eclipse.egit.github.core.client.RequestException: Validation Failed (422): Error with 'data' field in IssueComment resource
	at org.eclipse.egit.github.core.client.GitHubClient.createException(GitHubClient.java:552)
	at org.eclipse.egit.github.core.client.GitHubClient.sendJson(GitHubClient.java:643)
	at org.eclipse.egit.github.core.client.GitHubClient.post(GitHubClient.java:757)
	at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:813)
	at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:785)
	at org.eclipse.egit.github.core.service.IssueService.createComment(IssueService.java:770)
	at shadow.se.bjurr.violations.comments.github.lib.GitHubCommentsProvider.createComment(GitHubCommentsProvider.java:87)
	at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createCommentWithAllSingleFileComments(CommentsCreator.java:122)
	at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:78)
	at shadow.se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:40)
	at shadow.se.bjurr.violations.comments.github.lib.ViolationCommentsToGitHubApi.toPullRequest(ViolationCommentsToGitHubApi.java:165)
	at se.bjurr.violations.main.Runner.main(Runner.java:266)
	at se.bjurr.violations.main.Main.main(Main.java:6)

This can probably be fixed by switching to com.spotify:github-client, there is a branch where I started fiddling with that feature/spotify.

This is a library that adds violation comments from static code analysis to GitHub.

It uses Violation Comments Lib and supports the same formats as Violations Lib.

Very easy to use with a nice builder pattern

  violationsToGitHubApi() //
    .withViolations(".*/findbugs/.*\\.xml$", FINDBUGS, rootFolder) //
    .withViolations(".*/checkstyle/.*\\.xml$", CHECKSTYLE, rootFolder) //
    .withUsername("username") // This is Optional!
    .withPassword("password") // This is Optional!
    .usingOAuth2Token("token") // This is Optional!
    .withRepositoryOwner("repositoryOwner")
    .withRepositoryName("repositoryName")
    .withPullRequestId("pullRequestId")
    .toPullRequest();

Authentication can be done by supplying username/password or OAuth2Token in the builder.

Usage

This software can be used:

You may also checkout this blog post that explains how to set it up with Travis.

Travis

To set this up in Travis, you will need to create a GitHub OAuth2 token.

curl -u 'yourgithubuser' -d '{"note":"Violation comments"}' https://api.github.com/authorizations

The token needs to be encrypted before added to your .travis.yml.

sudo apt-get install ruby-dev
gem install travis
travis encrypt export GITHUB_OAUTH2TOKEN=YOUR TOKEN HERE

Now add it to .travis.yml like this.

sudo: false  
language: java  
env:  
  - secure: "YOUR ENCRYPTED TOKEN HERE"
jdk:  
  - oraclejdk7
script:  
  - ./gradlew build violationCommentsToGitHub -DGITHUB_PULLREQUESTID=$TRAVIS_PULL_REQUEST -DGITHUB_OAUTH2TOKEN=$GITHUB_OAUTH2TOKEN -i --stacktrace
notifications:  
  email: false

Here I used Gradle plugin but you can do the same thing with Maven plugin.

Developer instructions

To build the code, have a look at .travis.yml.

To do a release you need to do ./gradlew release and release the artifact from staging. More information here.

About

A library for commenting GitHub with violations from static code analyzer reports.

License:Apache License 2.0

Languages

Language:Java 100.0%