code-scanning-test/.github/workflows/codacy-cli.yml at 45d04473315e820b65228cb6366865cd86e68a5d · codacybeta/code-scanning-test · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with
# GitHub Advanced Security code scanning feature.  For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli/tree/master#github-action.
# For more information on Codacy analysis cli in general, see
# https://github.com/codacy/codacy-analysis-cli.

name: Codacy Security Scan

on: ["push"]

jobs:
  codacy-security-scan:
    name: Codacy Security Scan
    runs-on: ubuntu-latest
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
        uses: actions/checkout@v2

      # Execute Codacy Analysis CLI and generate a sarif output with the security issues identified during the analysis
      - name: Run codacy-analysis-cli
        uses: codacy/codacy-analysis-cli-action@99e77c7ff5967c5c16b57fe82ee40e10551ce4b5
        with:
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          verbose: true
          output: results.sarif
          format: sarif
          gh-code-scanning-compat: true
          # Force 0 exit code to allow sarif file generation
          # This will pass control about PR rejection to GitHub side
          max-allowed-issues: 2147483647

      # Upload the sarif file generated in the previous step
      - name: Upload sarif results file
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif