Skip to content

Latest commit

 

History

History
116 lines (71 loc) · 4.04 KB

README.md

File metadata and controls

116 lines (71 loc) · 4.04 KB

Code scanning with HLint

This is a GitHub action which scans Haskell code using HLint and uploads its suggested improvements to GitHub code scanning.

Usage

A minimal example for setting up code scanning with HLint:

name: Scan code with HLint
on: [push, pull_request]

jobs:
  hlint:
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload results to GitHub code scanning.
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - uses: haskell-actions/hlint-scan@v1

The action needs write permission for security-events to upload the analysis results to GitHub.

If you would like to use this as a status check which would prevent pull requests from being merged until an issue is resolved, you can adjust the alert severity for which code scanning will trigger a failed check.

Inputs

None of the inputs are required. You only need to set them if the defaults do not work for your situation.

binary

Path to the hlint binary.

path

Path of file or directory that HLint will be told to scan. Multiple paths can be specified, delimited by whitespace.

hints

Path for HLint configuration file.

category

Category distinguishing multiple analyses at the same commit.

Outputs

sarif-id

The ID of the uploaded SARIF file.

Examples

When scanning code with HLint on pushes, issues will show up in the "Code scanning" dashboard in the "Security" section:

In code scanning dashboard

When scanning code with HLint in a pull request, issues with the change will be reported in the pull request:

In pull request

Status

Build HLint Ormolu OpenSSF Scorecard OpenSSF Best Practices

Code of conduct

Be nice; see CODE_OF_CONDUCT.md for details.

Security policy

See SECURITY.md for details.

Contributing

See CONTRIBUTING.md for details.

License

Apache 2.0; see LICENSE for details.

Disclaimer

This project is not an official Google project. It is not supported by Google, and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.