Skip to content

dotnet/code-analysis

Repository files navigation

dotnet/code-analysis

Code Analysis windows-latest

Overview

This action runs the .NET code quality ("CAxxxx") and code style analyzers("IDExxxx") that ship with the .NET SDK.

Inputs

Mandatory Inputs

Name Description
build-breaking Boolean value true or false indicating if code analysis violations should break the build.

Optional Inputs

Analysis Target(s)

Inputs to select the set of projects and/or solutions to analyze. By default, the solution at the root of the repo would be analyzed.

Name Description
solution Path to the solution to analyze.
solutions One or more ; separated paths to the solutions to analyze.
project Path to the project to analyze.
projects One or more ; separated paths to the projects to analyze.

Analysis Rules

Inputs to customize the buckets of analyzers that are executed, either based on category or for all categories. By default, we execute all the latest, minimum recommended analyzers for all categories.

Name Applicable To Default Description
all-categories All 'CAxxxx' and 'IDExxxx' rules latest-minimum Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
style 'IDExxxx' code-style rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
design 'CAxxxx' design rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
documentation 'CAxxxx' documentation rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
globalization 'CAxxxx' globalization rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
interoperability 'CAxxxx' interoperability and portability rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
maintainability 'CAxxxx' maintainability rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
naming 'CAxxxx' naming rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
performance 'CAxxxx' performance rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
reliability 'CAxxxx' reliability rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
security 'CAxxxx' security rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.
usage 'CAxxxx' usage rules Value for all-categories Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below.

AnalysisLevel values

The following table shows the available AnalysisLevel options.

Value Meaning
latest The latest code analyzers that have been released are used. This is the default.
preview The latest code analyzers are used, even if they are in preview.
5.0 The set of rules that was enabled for the .NET 5.0 release is used, even if newer rules are available.
5 The set of rules that was enabled for the .NET 5.0 release is used, even if newer rules are available.

AnalysisMode values

The following table shows the available AnalysisMode options.

Value Meaning
minimum Minimum or highly-recommended set of code analyzers are enabled. This is the default.
none or AllDisabledByDefault No code analyzers are enabled. This is the most conservative analysis mode.
default Default set of code analyzers are enabled.
recommended Recommended set of code analyzers are enabled.
all or AllEnabledByDefault All code analyzers are enabled. This is the most aggressive analysis mode.

Input Examples

  1. Enable all CAxxxx and IDExxxx rules for a single solution at repo root, such that code analysis violations break the build.

    - name: Run .NET Code Analysis
      uses: dotnet/code-analysis@v1
      id: code-analysis
      with:
        solution: MySolution.sln
        build-breaking: true
        all-categories: all
  2. Enable all 5.0 release CAxxxx security and performance rules, but only the recommended set for other rule categories for MyProject1.csproj and MyProject2.csproj, such that code analysis violations do not break the build.

    - name: Run .NET Code Analysis
      uses: dotnet/code-analysis@v1
      id: code-analysis
      with:
        projects: src\MyProject1.csproj;src\MyProject2.csproj
        build-breaking: false
        security: 5.0-all
        performance: 5.0-all
        all-categories: 5.0-recommended
  3. Enable highly-recommended IDExxxx code-style rules, and disable all the remaining rules for a single project, such that code analysis violations break the build.

    - name: Run .NET Code Analysis
      uses: dotnet/code-analysis@v1
      id: code-analysis
      with:
        project: src\MyProject1.csproj
        build-breaking: true
        style: minimum
        all-categories: none

Outputs

The action produces a JSON format error log file in SARIF format. This file can be uploaded via the github/codeql-action/upload-sarif action.

Usage

See action.yml

Basic

Run .NET code quality and code style analysis that ship with the .NET SDK.

steps:
- uses: actions/checkout@v2

# Run NuGet restore for each project/solution to analyze
- name: Run NuGet restore
  run: dotnet restore <%path_to_project_or_solution%>

# Run code analysis for all projects/solutions, such that code analysis violations break the build.
- name: Run .NET Code Analysis
  uses: dotnet/code-analysis@v1
  id: code-analysis
  with:
    build-breaking: true

Note: The Microsoft Code Analysis CLI is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the actions/setup-dotnet action.

- uses: actions/setup-dotnet@v1
  with:
    dotnet-version: '3.1.x'

Limitations

The .NET code analysis action is currently in beta and runs on the windows-latest queue, as well as Windows self hosted agents. ubuntu-latest support coming soon.

More Information

Please see the wiki tab for more information and the Frequently Asked Questions (FAQ) page.

Report Issues

Please file a GitHub issue in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the .NET code analysis action output.

License

The scripts and documentation in this project are released under the MIT License

Contributing

Contributions are welcome! See the Contributor's Guide.

This project has adopted the .NET Foundation Code of Conduct.