Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

Cannot output to SARIF file #163

Open
2 of 3 tasks
yongyan-gh opened this issue Jan 26, 2022 · 1 comment
Open
2 of 3 tasks

Cannot output to SARIF file #163

yongyan-gh opened this issue Jan 26, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@yongyan-gh
Copy link

Description

SARIF is the industry standard format for static analysis tool output. Github also adapts SARIF format if your Github workflow generates analysis results in SARIF and upload the file, you can see the results in Github security tab of your repo.

clippy itself does not export the results to SARIF, but there are rust crates can convert clippy's JSON output to SARIF file.
E.g. clippy-sarif @ https://github.com/psastras/sarif-rs

cargo clippy --message-format=json --all-features --message-format=json | clippy-sarif | tee results.sarif | sarif-fmt

I tried to pass in the same arguments to clippy-check action, but it failed to execute.
Please see the details below:

Workflow code

jobs:
  clippy_check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
      - run: rustup component add clippy
      - run: cargo install clippy-sarif sarif-fmt
      - uses: actions-rs/clippy-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          args: --all-features | clippy-sarif | tee results.sarif | sarif-fmt
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

Action output

Run actions-rs/clippy-check@v1
  with:
    token: ***
    args: --all-features | clippy-sarif | tee results.sarif | sarif-fmt
    use-cross: false
    name: clippy
Executing cargo clippy (JSON output)
  /home/runner/.cargo/bin/cargo clippy --message-format=json --all-features | clippy-sarif | tee results.sarif | sarif-fmt
  error: Found argument '|' which wasn't expected, or isn't valid in this context
  
  USAGE:
      cargo check --all-features --message-format <FMT>...
  
  For more information try --help
Clippy results: 0 ICE, 0 errors, 0 warnings, 0 notes, 0 help
Error: Clippy had exited with the 1 exit code

Expected behavior

Expecting the clippy command succeeded and generate a SARIF file named results.sarif.

Additional context

The way it generates SARIF output file uses command pipeline, which clippy-check arguments may not support.
I think either it supports command pipeline in arguments, or handle the pipeline in action itself, user can just enable SARIF output by specifying arguments.

Thanks!

@yongyan-gh yongyan-gh added the bug Something isn't working label Jan 26, 2022
@michaelmior
Copy link

This doesn't work because the args are passed as arguments to clippy, not to the shell. If you want to pipe the output somewhere, you're probably better off not using this action and just adding a step that calls clippy as a shell command.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working
Development

No branches or pull requests

2 participants