Skip to content

Commit ae8069b

Browse files
committed
Use robocop SARIF reports for GitHub Code Scanning integration
- Use --reports sarif for SARIF output (GitHub code scanning standard) - Upload SARIF via github/codeql-action/upload-sarif for inline annotations - Use --exit-zero so lint issues don't fail CI - Use --reports text_file for PR comment readable output - Add .sarif.json and robocop.txt to .gitignore
1 parent 847718a commit ae8069b

3 files changed

Lines changed: 47 additions & 16 deletions

File tree

.github/workflows/pr-feedback.yml

Lines changed: 31 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ on:
55

66
permissions:
77
pull-requests: write
8+
security-events: write
89

910
jobs:
1011
test-and-comment:
@@ -32,8 +33,17 @@ jobs:
3233
id: robocop
3334
continue-on-error: true
3435
run: |
35-
uv run robocop check tests/ resources/ 2>&1 | tee robocop-output.txt
36-
echo "exit_code=$?" >> $GITHUB_OUTPUT
36+
uv run robocop check \
37+
--reports sarif,text_file \
38+
--exit-zero \
39+
tests/ resources/
40+
41+
- name: Upload SARIF to GitHub
42+
if: always()
43+
uses: github/codeql-action/upload-sarif@v3
44+
with:
45+
sarif_file: .sarif.json
46+
category: robocop-pr
3747

3848
- name: Initialize Browser Library
3949
run: uv run rfbrowser init chromium
@@ -66,21 +76,28 @@ jobs:
6676
const testSummary = testLines.slice(-10).join('\n');
6777
6878
// Read robocop output
69-
let robocopOutput = '';
79+
let robocopOutput = 'No issues found.';
7080
try {
71-
robocopOutput = fs.readFileSync('robocop-output.txt', 'utf8').trim();
81+
robocopOutput = fs.readFileSync('robocop.txt', 'utf8').trim() || 'No issues found.';
7282
} catch (e) {
73-
robocopOutput = 'Could not read Robocop output.';
83+
robocopOutput = 'No issues found.';
7484
}
7585
7686
const testPassed = '${{ steps.tests.outcome }}' === 'success';
77-
const robocopPassed = '${{ steps.robocop.outcome }}' === 'success';
78-
7987
const testIcon = testPassed ? '✅' : '❌';
8088
const testStatus = testPassed ? 'All tests passed!' : 'Some tests failed.';
8189
82-
const robocopIcon = robocopPassed ? '✅' : '⚠️';
83-
const robocopStatus = robocopPassed ? 'No issues found.' : 'Issues found — see details below.';
90+
// Count robocop issues from SARIF
91+
let issueCount = 0;
92+
try {
93+
const sarif = JSON.parse(fs.readFileSync('.sarif.json', 'utf8'));
94+
issueCount = sarif.runs?.[0]?.results?.length || 0;
95+
} catch (e) {}
96+
97+
const robocopIcon = issueCount === 0 ? '✅' : '⚠️';
98+
const robocopStatus = issueCount === 0
99+
? 'No issues found.'
100+
: `${issueCount} issue(s) found — see Code Scanning tab for details.`;
84101
85102
const body = `## ${testIcon} Robot Framework Test Results
86103
@@ -125,9 +142,11 @@ jobs:
125142
name: pr-robot-results
126143
path: results/
127144

128-
- name: Upload Robocop report
145+
- name: Upload Robocop reports
129146
if: always()
130147
uses: actions/upload-artifact@v4
131148
with:
132-
name: pr-robocop-report
133-
path: robocop-output.txt
149+
name: pr-robocop-reports
150+
path: |
151+
.sarif.json
152+
robocop.txt

.github/workflows/robot-tests.yml

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55
push:
66
branches: [main]
77

8+
permissions:
9+
security-events: write
10+
811
jobs:
912
lint:
1013
runs-on: ubuntu-latest
@@ -21,14 +24,21 @@ jobs:
2124
run: uv sync --locked
2225

2326
- name: Run Robocop lint
24-
run: uv run robocop check tests/ resources/ 2>&1 | tee robocop-output.txt
27+
run: uv run robocop check --reports sarif --exit-zero tests/ resources/
28+
29+
- name: Upload SARIF to GitHub
30+
if: always()
31+
uses: github/codeql-action/upload-sarif@v3
32+
with:
33+
sarif_file: .sarif.json
34+
category: robocop
2535

26-
- name: Upload Robocop report
36+
- name: Upload Robocop SARIF artifact
2737
if: always()
2838
uses: actions/upload-artifact@v4
2939
with:
30-
name: robocop-report
31-
path: robocop-output.txt
40+
name: robocop-sarif
41+
path: .sarif.json
3242

3343
robot-tests:
3444
runs-on: ubuntu-latest

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,3 +28,5 @@ site/
2828
# Robocop
2929
robocop.json
3030
.robocop_cache/
31+
*.sarif.json
32+
robocop.txt

0 commit comments

Comments
 (0)