-
Notifications
You must be signed in to change notification settings - Fork 0
255 lines (231 loc) · 10.2 KB
/
Copy pathcodacy.yml
File metadata and controls
255 lines (231 loc) · 10.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
name: Codacy Security Scan
on:
push:
branches: [ main, 2022-12, 2022-09, 2022-06 ]
pull_request:
branches: [ main, 2022-12, 2022-09, 2022-06 ]
paths:
- '**.java'
- '**/pom.xml'
- '.codacy.yml'
- 'ruleset.xml'
- '.github/workflows/codacy.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
codacy-java-tools:
name: Codacy Java Tools
runs-on: ubuntu-latest
timeout-minutes: 55
continue-on-error: true
permissions:
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
# TODO: Re-enable pmd once the MalformedInputException in Codacy PMD/SARIF is fixed
# Temporarily disable pmd due to MalformedInputException in Codacy SARIF generation
tool: [ spotbugs, checkstyle ]
env:
LC_ALL: C.UTF-8
LANG: C.UTF-8
JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
steps:
- name: Set up Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
with:
maven-version: 3.9.9
- name: Checkout code
uses: actions/checkout@v6
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
cache: maven
- name: Cache Maven dependencies
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Build (no tests)
run: mvn -B -DskipTests package
# Normalize all source files to UTF-8 to prevent encoding issues in SARIF generation
# Explicitly exclude binary JAR files and testresources directory to prevent MalformedInputException
- name: Normalize source files to UTF-8 (in-place)
run: |
set -euo pipefail
sudo apt-get update -y
sudo apt-get install -y uchardet libxml2-utils
changes=0
errors=0
# Helper function to clean invalid UTF-8 sequences
clean_utf8() {
local file=$1
if iconv -f utf-8 -t utf-8 -c "$file" -o "$file.tmp" 2>/dev/null; then
mv "$file.tmp" "$file"
return 0
else
rm -f "$file.tmp"
return 1
fi
}
# Process Java, XML, properties, and other text files
# IMPORTANT: Exclude testresources/ directory which contains binary JAR files
while IFS= read -r -d '' f; do
# Skip if file doesn't exist or is not readable
[ -r "$f" ] || continue
charset=$(uchardet "$f" 2>/dev/null | tr '[:upper:]' '[:lower:]')
if [ -z "$charset" ]; then
echo "Warning: uchardet could not detect encoding for $f, attempting UTF-8 validation"
# Try to clean as UTF-8 anyway for files < 1MB
filesize=$(stat -f%z "$f" 2>/dev/null || stat -c%s "$f" 2>/dev/null || echo 0)
if [ "$filesize" -lt 1048576 ] && ! iconv -f utf-8 -t utf-8 "$f" > /dev/null 2>&1; then
echo "Cleaning invalid UTF-8 sequences in $f (unknown encoding)"
if clean_utf8 "$f"; then
changes=$((changes+1))
else
errors=$((errors+1))
fi
fi
continue
fi
# Only convert if not already UTF-8/ASCII
if [ "$charset" != "utf-8" ] && [ "$charset" != "ascii" ] && [ "$charset" != "binary" ]; then
echo "Converting $f ($charset -> utf-8)"
if iconv -f "$charset" -t utf-8 "$f" -o "$f.tmp" 2>/dev/null; then
mv "$f.tmp" "$f"
changes=$((changes+1))
else
rm -f "$f.tmp" # Clean up partially written file on conversion failure
echo "Warning: Failed to convert $f, trying to clean invalid UTF-8"
if clean_utf8 "$f"; then
changes=$((changes+1))
else
errors=$((errors+1))
fi
fi
elif [ "$charset" = "utf-8" ] || [ "$charset" = "ascii" ]; then
# Even if detected as UTF-8, validate and clean it (skip very large files > 1MB)
filesize=$(stat -c%s "$f" 2>/dev/null || echo 0)
# Check if file contains invalid UTF-8 sequences by comparing with cleaned version
if [ "$filesize" -lt 1048576 ] && ! diff -q "$f" <(iconv -f utf-8 -t utf-8 -c "$f" 2>/dev/null) > /dev/null 2>&1; then
echo "Cleaning invalid UTF-8 sequences in $f"
if clean_utf8 "$f"; then
changes=$((changes+1))
else
errors=$((errors+1))
fi
fi
fi
done < <(git ls-files -z '*.java' '*.xml' '*.properties' '*.txt' '*.md' | grep -zv '/testresources/')
echo "Converted/cleaned $changes files, $errors failures"
if [ "$errors" -gt 0 ]; then
echo "Error: Failed to process $errors files"
exit 1
fi
# Ensure PMD only analyzes Java source files and excludes binary JARs
# This prevents MalformedInputException during SARIF generation when PMD encounters binary files
- name: Verify PMD configuration
run: |
echo "PMD will use ruleset.xml and .codacy.yml for filtering"
echo "IMPORTANT: Binary JARs under sandbox_functional_converter_test/testresources/ must be excluded"
echo ""
if [ -f ruleset.xml ]; then
echo "✓ ruleset.xml found"
# Validate XML is well-formed
xml_check=$(xmllint --noout ruleset.xml 2>&1)
if [ $? -eq 0 ]; then
echo "✓ ruleset.xml is well-formed XML"
else
echo "⚠ ruleset.xml has XML syntax errors"
echo "$xml_check"
fi
echo ""
echo "Binary file exclusions from ruleset.xml:"
grep "exclude-pattern.*\\.jar" ruleset.xml || echo " WARNING: No JAR exclusions found!"
grep "exclude-pattern.*\\.class" ruleset.xml || true
echo ""
echo "Key directory exclusions from ruleset.xml:"
grep "exclude-pattern.*testresources" ruleset.xml || echo " WARNING: No testresources exclusions found!"
grep "exclude-pattern.*/.*/.*" ruleset.xml | head -8 || true
else
echo "⚠ ruleset.xml not found"
fi
echo ""
if [ -f .codacy.yml ]; then
echo "✓ .codacy.yml found"
echo "Included paths:"
grep -A 5 "include_paths:" .codacy.yml || true
echo ""
echo "Excluded paths (should include testresources and *.jar):"
grep -A 20 "exclude_paths:" .codacy.yml || true
echo ""
echo "PMD-specific exclusions:"
grep -A 10 "pmd:" .codacy.yml || true
fi
echo ""
echo "Java source files to be analyzed:"
java_count=$(find . -name "*.java" -path "*/src/*" -not -path "*/target/*" -not -path "*/bin/*" -not -path "*/testresources/*" | wc -l)
echo "Found $java_count Java files in src/ directories (excluding target/, bin/, and testresources/)"
echo ""
echo "JAR files that MUST be excluded from analysis:"
find . -name "*.jar" -path "*/testresources/*" || echo " (none found - good!)"
- name: Run Codacy Analysis CLI (${{ matrix.tool }})
uses: codacy/codacy-analysis-cli-action@v4
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
tool: ${{ matrix.tool }}
verbose: true
format: sarif
output: ${{ runner.temp }}/results-${{ matrix.tool }}.sarif
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
skip-uncommitted-files-check: true
tool-timeout: 1hour
# GitHub verlangt seit 2025-07 genau 1 run pro Upload/Kategorie
- name: Split SARIF into single-run files (${{ matrix.tool }})
shell: bash
env:
SARIF: ${{ runner.temp }}/results-${{ matrix.tool }}.sarif
OUTDIR: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}
run: |
set -euo pipefail
if [ ! -s "$SARIF" ]; then
echo "No SARIF produced for ${{ matrix.tool }} -> skip."
exit 0
fi
sudo apt-get update -y
sudo apt-get install -y jq
mkdir -p "$OUTDIR"
# safe default: 0 runs if field missing
runs=$(jq '.runs | length // 0' "$SARIF")
echo "Found $runs runs in $SARIF"
for ((i=0; i<runs; i++)); do
# korrektes Zugreifen auf das $schema-Feld und Extrahieren eines einzelnen runs
jq --argjson i "$i" '{ "$schema": .["$schema"], version: .version, runs: [ .runs[$i] ] }' "$SARIF" > "$OUTDIR/run-$i.sarif"
done
- name: Upload SARIF run 0 (${{ matrix.tool }})
if: ${{ hashFiles(format('{0}/sarif_split_{1}/run-0.sarif', runner.temp, matrix.tool)) != '' }}
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}/run-0.sarif
category: codacy-${{ matrix.tool }}-run-0
wait-for-processing: true
- name: Upload SARIF run 1 (${{ matrix.tool }})
if: ${{ hashFiles(format('{0}/sarif_split_{1}/run-1.sarif', runner.temp, matrix.tool)) != '' }}
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}/run-1.sarif
category: codacy-${{ matrix.tool }}-run-1
wait-for-processing: true
- name: Upload SARIF run 2 (${{ matrix.tool }})
if: ${{ hashFiles(format('{0}/sarif_split_{1}/run-2.sarif', runner.temp, matrix.tool)) != '' }}
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}/run-2.sarif
category: codacy-${{ matrix.tool }}-run-2
wait-for-processing: true