ort-mirror/.github/workflows/static-analysis.yml at 4ecc26f770d4dfeea02f9cfcfd1c51df25c43c88 · losmateusz1/ort-mirror · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Static Analysis

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

env:
  GRADLE_OPTS: -Dorg.gradle.daemon=false

jobs:
  commit-lint:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
        with:
          fetch-depth: 0
      - name: Check Commit Messages
        uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
        with:
          configFile: .commitlintrc.yml
  code-base-checks:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5
    - name: Check copyrights, license headers, and .gitattributes
      run: ./gradlew checkCopyrightsInNoticeFile checkLicenseHeaders checkGitAttributes
  completions:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
    - name: Setup Java
      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5
      with:
        distribution: temurin
        java-version: 21
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5
    - name: Generate completions
      run: |
        ./scripts/generate_completion_scripts.sh
    - name: Check if completions are up-to-date
      run: |
        if git diff --exit-code; then
          echo "Completions are up-to-date."
        else
          echo "Completions are not up-to-date."
          echo "Please always run the script below when changing CLI commands:"
          echo "./scripts/generate_completion_scripts.sh"
          exit 1
        fi
  detekt-issues:
    runs-on: ubuntu-24.04
    permissions:
      # Needed for SARIF scanning upload.
      security-events: write
    steps:
    - name: Checkout Repository
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5
    - name: Check for Detekt Issues
      run: ./gradlew detektAll
    - name: Upload SARIF File
      uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4
      if: always() # Upload even if the previous step failed.
      with:
        sarif_file: build/reports/detekt/merged.sarif
  markdown-links:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
    - name: Check Links
      uses: umbrelladocs/action-linkspector@652f85bc57bb1e7d4327260decc10aa68f7694c3 # v1
      with:
        fail_level: error
  markdownlint:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
        with:
          fetch-depth: 0
      - name: Setup Node
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
      - name: Check for Markdown issues
        run: |
          npm install -g markdownlint-rule-max-one-sentence-per-line@0.0.2
          npx markdownlint-cli2
  prettier-website:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
        with:
          node-version: 24
          cache: npm
          cache-dependency-path: website/package-lock.json
      - name: Install dependencies
        run: npm ci
        working-directory: website
      - name: Run Prettier
        run: npm run format:check
        working-directory: website
  qodana-scan:
    if: ${{ github.event_name == 'pull_request' }}
    runs-on: ubuntu-24.04
    permissions:
      # Needed for SARIF scanning upload.
      security-events: write
    steps:
    - name: Checkout Repository
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
      with:
        fetch-depth: 0
    - name: Qodana Scan
      uses: JetBrains/qodana-action@27de2a744479d1d731934eeaf79287575ebc5dd3 # v2025.2.1
      with:
        post-pr-comment: false
        use-caches: false
    - name: Upload Code Scanning Results
      uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4
      with:
        sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
  reuse-tool:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
    - name: Check REUSE Compliance
      uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6