-
Notifications
You must be signed in to change notification settings - Fork 5
/
pmd-analyser.sh
executable file
·65 lines (62 loc) · 4.62 KB
/
pmd-analyser.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
# shellcheck shell=bash
# Check whether to use latest version of PMD
if [ "$PMD_VERSION" == 'latest' ]; then
DOWNLOAD_URL="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.assets[] | select(.name | contains("bin")) | .browser_download_url')"
PMD_FILENAME="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.assets[] | select(.name | contains("bin")) | .name')"
LATEST_TAG="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/latest | jq --raw-output '.tag_name')"
PMD_VERSION="${LATEST_TAG#"pmd_releases/"}"
else
DOWNLOAD_URL="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/tags/pmd_releases%2F"${PMD_VERSION}" | jq --raw-output '.assets[] | select(.name | contains("bin")) | .browser_download_url')"
PMD_FILENAME="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/tags/pmd_releases%2F"${PMD_VERSION}" | jq --raw-output '.assets[] | select(.name | contains("bin")) | .name')"
LATEST_TAG="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/pmd/pmd/releases/tags/pmd_releases%2F"${PMD_VERSION}" | jq --raw-output '.tag_name')"
PMD_VERSION="${LATEST_TAG#"pmd_releases/"}"
fi
# Download PMD
wget "${DOWNLOAD_URL}"
unzip "${PMD_FILENAME}"
# Now either run the full analysis or files changed based on the settings defined
if [ "$ANALYSE_ALL_CODE" == 'true' ]; then
# Need to have a more future proof way once PMD 7 is stable, but for now we can just check if the version contains a 7
if [[ "$PMD_VERSION" == *7* ]]; then
PATH=$PATH:pmd-bin-"${PMD_VERSION}"/bin/
pmd check -d "$FILE_PATH" -R "$RULES_PATH" --fail-on-violation false -f sarif > pmd-raw-output.sarif
else
pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -d "$FILE_PATH" -R "$RULES_PATH" --fail-on-violation false -f sarif > pmd-raw-output.sarif
fi
else
if [ "$ACTION_EVENT_NAME" == 'pull_request' ]; then
# Now to determine whether to get the files changed from a git diff or using the files changed in a GitHub Pull Request
# Both options will generate a CSV file first with the files changed
if [ "$FILE_DIFF_TYPE" == 'git' ]; then
git diff --name-only --diff-filter=d origin/"$CURRENT_CODE"..origin/"${CHANGED_CODE#"refs/heads/"}" | paste -s -d "," >> diff-file.csv
else
curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${AUTH_TOKEN}" https://api.github.com/repos/"$REPO_NAME"/pulls/"$PR_NUMBER"/files | jq --raw-output '.[] .filename' | paste -s -d "," >> diff-file.csv
fi
else
# Irrespective of the file type diff selected on a push event, we will always do a git diff (as we can't get that from the GitHub API)
git diff --name-only --diff-filter=d "$CURRENT_CODE".."$CHANGED_CODE" | paste -s -d "," >> diff-file.csv
fi
# Run the analysis
# Need to have a more future proof way once PMD 7 is stable, but for now we can just check if the version contains a 7
if [[ "$PMD_VERSION" == *7* ]]; then
PATH=$PATH:pmd-bin-"${PMD_VERSION}"/bin/
pmd check -filelist diff-file.csv -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif
else
pmd-bin-"${PMD_VERSION}"/bin/run.sh pmd -filelist diff-file.csv -R "$RULES_PATH" -failOnViolation false -f sarif > pmd-raw-output.sarif
fi
fi
# Loop through each rule and see if an error should be thrown
echo "error-found=false" >> "$GITHUB_OUTPUT"
while read -r rule; do
RULE="$(echo "$rule" | jq --raw-output '.id')"
if [[ "$RULE" && "$ERROR_RULES" == *"$RULE"* ]]; then
echo "error-found=true" >> "$GITHUB_OUTPUT"
break
fi
done <<< "$(jq --compact-output '.runs[] .tool .driver .rules[]' < pmd-raw-output.sarif)"
# Set the correct file location for the report
jq --arg workspace "$WORKSPACE" '(.runs[] .results[] .locations[] .physicalLocation .artifactLocation .uri) |= ltrimstr($workspace)' < pmd-raw-output.sarif > pmd-file-locations-output.sarif
# Set the rule level configurations for whether they are notes or errors
jq --arg errors "$ERROR_RULES" '((.runs[] .tool .driver .rules[]) | select(.id==($errors | split(",")[]))) += {"defaultConfiguration": {"level": "error"}}' < pmd-file-locations-output.sarif > pmd-errors-output.sarif
jq --arg notes "$NOTE_RULES" '((.runs[] .tool .driver .rules[]) | select(.id==($notes | split(",")[]))) += {"defaultConfiguration": {"level": "note"}}' < pmd-errors-output.sarif > pmd-output.sarif