feat: add Salesforce Code Analyzer (#1038)

pozil · web-flow · commit a8e2407e0bd8 · 2025-06-19T14:30:31.000+02:00
* feat: add Salesforce Code Analyzer

* fix: sfc project path in CI
diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml
@@ -61,9 +61,36 @@ jobs:
             - name: 'Code formatting verification with Prettier'
               run: npm run prettier:verify
 
-            # Lint LWC / Aura
-            - name: 'Lint Lightning Web Components / Aura Components'
-              run: npm run lint
+            # Install Salesforce CLI
+            - name: 'Install Salesforce CLI'
+              run: |
+                  npm install @salesforce/cli --location=global
+                  nodeInstallPath=$(npm config get prefix)
+                  echo "$nodeInstallPath/bin" >> $GITHUB_PATH
+                  cd "$nodeInstallPath/bin"
+                  ./sf --version
+
+            # Install Salesforce CLI Code Analyzer plugin
+            - name: 'Install Salesforce CLI Code Analyzer plugin'
+              run: sf plugins install code-analyzer
+
+            # Run Code Analyzer
+            - name: 'Run Code Analyzer'
+              id: run-code-analyzer
+              uses: forcedotcom/run-code-analyzer@v2
+              with:
+                  run-arguments: --workspace "force-app/**" --view detail --output-file "sca-results.csv" --config-file "code-analyzer.yml"
+                  results-artifact-name: code-analyzer-results
+
+            # Check for Code Analyzer critical or high severity violations
+            - name: 'Check for Code Analyzer critical or high severity violations'
+              if: |
+                  steps.run-code-analyzer.outputs.exit-code > 0 ||
+                  steps.run-code-analyzer.outputs.num-sev1-violations > 0 ||
+                  steps.run-code-analyzer.outputs.num-sev2-violations > 0
+              run: |
+                  echo One of more Code Analyzer critical or high severity violations found
+                  exit 1
 
             # LWC unit tests
             - name: 'Unit test Lightning Web Components'
@@ -122,20 +149,6 @@ jobs:
             - name: 'Checkout source code'
               uses: actions/checkout@v4
 
-            # Run PMD scan
-            - name: 'Run PMD scan'
-              uses: pmd/pmd-github-action@v2.0.0
-              id: pmd
-              with:
-                  version: '6.55.0'
-                  sourcePath: 'force-app'
-                  rulesets: 'ruleset.xml'
-
-            # Check for PMD violations
-            - name: 'Check for PMD violations'
-              if: steps.pmd.outputs.violations != 0
-              run: exit 1
-
             # Install Salesforce CLI
             - name: 'Install Salesforce CLI'
               run: |
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -44,9 +44,36 @@ jobs:
             - name: 'Code formatting verification with Prettier'
               run: npm run prettier:verify
 
-            # Lint LWC / Aura
-            - name: 'Lint Lightning Web Components / Aura Components'
-              run: npm run lint
+            # Install Salesforce CLI
+            - name: 'Install Salesforce CLI'
+              run: |
+                  npm install @salesforce/cli --location=global
+                  nodeInstallPath=$(npm config get prefix)
+                  echo "$nodeInstallPath/bin" >> $GITHUB_PATH
+                  cd "$nodeInstallPath/bin"
+                  ./sf --version
+
+            # Install Salesforce CLI Code Analyzer plugin
+            - name: 'Install Salesforce CLI Code Analyzer plugin'
+              run: sf plugins install code-analyzer
+
+            # Run Code Analyzer
+            - name: 'Run Code Analyzer'
+              id: run-code-analyzer
+              uses: forcedotcom/run-code-analyzer@v2
+              with:
+                  run-arguments: --workspace "force-app/**" --view detail --output-file "sca-results.csv" --config-file "code-analyzer.yml"
+                  results-artifact-name: code-analyzer-results
+
+            # Check for Code Analyzer critical or high severity violations
+            - name: 'Check for Code Analyzer critical or high severity violations'
+              if: |
+                  steps.run-code-analyzer.outputs.exit-code > 0 ||
+                  steps.run-code-analyzer.outputs.num-sev1-violations > 0 ||
+                  steps.run-code-analyzer.outputs.num-sev2-violations > 0
+              run: |
+                  echo One of more Code Analyzer critical or high severity violations found
+                  exit 1
 
             # LWC unit tests
             - name: 'Unit test Lightning Web Components'
@@ -68,20 +95,6 @@ jobs:
             - name: 'Checkout source code'
               uses: actions/checkout@v4
 
-            # Run PMD scan
-            - name: 'Run PMD scan'
-              uses: pmd/pmd-github-action@v2.0.0
-              id: pmd
-              with:
-                  version: '6.55.0'
-                  sourcePath: 'force-app'
-                  rulesets: 'ruleset.xml'
-
-            # Check for PMD violations
-            - name: 'Check for PMD violations'
-              if: steps.pmd.outputs.violations != 0
-              run: exit 1
-
             # Install Salesforce CLI
             - name: 'Install Salesforce CLI'
               run: |
diff --git a/.gitignore b/.gitignore
@@ -40,6 +40,10 @@ $RECYCLE.BIN/
 .vscode/*
 !.vscode/extensions.json
 
+# Salesforce Code Analyzer results
+sca-results.csv
+sfca_results.json
+
 # Local environment variables/config
 .env
 .config
diff --git a/code-analyzer.yml b/code-analyzer.yml
@@ -0,0 +1,8 @@
+engines:
+    flow:
+        disable_engine: true
+    eslint:
+        auto_discover_eslint_config: true
+        disable_javascript_base_config: true
+        disable_lwc_base_config: true
+        disable_typescript_base_config: true
