Skip to content

lcollins/spotbugs-github-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags
 
 

Repository files navigation

build-test

Credit

Adapted from https://github.com/jwgmeligmeyling/spotbugs-github-action to support Node 20.

SpotBugs GitHub Action

This action pushes results from SpotBugs (or FindBugs) as check run annotations. 🚀

The action can also be used for any other static analysis tools that produce reports in the SpotBugs XML format. The report itself must be generated in a former build step, for example a Maven build.

example

Input

path

Required. A file, directory or wildcard pattern that describes where to find the reports. Multiple files can be processed through a glob expression, for example: '**/spotbugsXml.xml'.

name

Optional. Name for the check run to create. Defaults to spotbugs.

title

Optional. Title for the check run to create. Defaults to SpotBugs Source Code Analyzer report.

token

Optional. GitHub API access token. Defaults to ${{ github.token }}, which is set by actions/checkout@v4 minimally.

fail-on-violation

Optional. Whether to fail the check if any violations are found. Defaults to false.

Example usage

name: Java CI

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
    - uses: actions/cache@v1
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-maven-
    - name: Build with Maven
      run: mvn -B verify spotbugs:spotbugs
    - uses: lcollins/[email protected]
      with:
        path: '**/spotbugsXml.xml'

And do not forget to enable XML output for the Maven plugin:

<build>
  <plugins>
    <plugin>
      <groupId>com.github.spotbugs</groupId>
      <artifactId>spotbugs-maven-plugin</artifactId>
      <version>4.0.0</version>
      <configuration>
        <xmlOutput>true</xmlOutput>
        <failOnError>false</failOnError>
      </configuration>
    </plugin>
  </plugins>
</build>

Please note that by default workflows on pull_request events checkout refs/pull/:prNumber/merge instead of the head of the pull request. Due to this, line numbers for the generated violations may not align with the actual line numbers to which they are displayed on the HEAD. As it is, there is not really a sensible way to run this action on the merge commit of the pull request, because the result would be posted to an unnamed workflow for an otherwise invisible commit. Even for pull_request events there is the possibility to checkout the pull request head instead. In order to do so, change your checkout action accordingly:

- uses: actions/checkout@v4
  with:
    ref: ${{ github.event.pull_request.head.sha }}

Other relevant actions

This is a Github Action in a series of other GitHub Actions. Similar actions include:

Contributing

Install the dependencies

$ npm install

Build the typescript and package it for distribution

$ npm run build && npm run package

Run the tests ✔️

$ npm test

 PASS  ./index.test.js
  ✓ throws invalid number (3ms)
  ✓ wait 500 ms (504ms)
  ✓ test runs (95ms)

...

About

Push SpotBugs results as check run annotations

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v3.1.0 Latest
Aug 23, 2024
+ 5 releases

Packages

No packages published

Languages

  • TypeScript 97.8%
  • JavaScript 2.2%