From faf588d3313292c385c8baaccebeed8aefa2cf43 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Thu, 21 Jan 2021 13:44:20 -0800 Subject: [PATCH 01/30] Initial sources --- .github/workflows/on-push-verification.yml | 18 ++--- .../sample-workflow-ubuntu-latest.yml | 20 ++---- .../sample-workflow-windows-latest.yml | 22 +++--- CONTRIBUTING.md | 4 +- README.md | 56 +++++----------- SECURITY.md | 39 ----------- action.yml | 67 ++++++++++++++++--- package-lock.json | 2 +- package.json | 4 +- 9 files changed, 97 insertions(+), 135 deletions(-) delete mode 100644 SECURITY.md diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 4cd4c83..813768c 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -1,14 +1,14 @@ # sample-workflow-windows-latest # docs are in the repo -name: OSSAR on-push-verification windows-latest +name: .NET Analyzers on-push-verification windows-latest on: push jobs: sample: name: Open Source Static Analysis Runner - # OSSAR runs on windows-latest. + # .NET Analyzers runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon runs-on: windows-latest @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@v2 # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. + # The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. # Remote agents already have a compatible version of dotnet installed and this step may be skipped. # For local agents, ensure dotnet version 3.1.201 or later is installed by including this action: @@ -26,13 +26,7 @@ jobs: # with: # dotnet-version: '3.1.x' - # Run open source static analysis tools - - name: Run OSSAR + # Run .NET Analyzers + - name: Run .NET Analyzers uses: ./ - id: ossar - - # Upload results to the Security tab - - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} + id: dotnet-analyzers diff --git a/.github/workflows/sample-workflow-ubuntu-latest.yml b/.github/workflows/sample-workflow-ubuntu-latest.yml index d4dd5ca..f63cfee 100644 --- a/.github/workflows/sample-workflow-ubuntu-latest.yml +++ b/.github/workflows/sample-workflow-ubuntu-latest.yml @@ -1,7 +1,7 @@ # sample-workflow-ubuntu-latest # docs are in the repo -name: OSSAR ubuntu-latest +name: .NET Analyzers ubuntu-latest on: push: branches: @@ -9,9 +9,9 @@ on: jobs: sample: - name: Open Source Static Analysis Runner + name: .NET Analyzers runner - # OSSAR runs on windows-latest. + # .NET Analyzers runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon runs-on: ubuntu-latest @@ -21,7 +21,7 @@ jobs: - uses: actions/checkout@v2 # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. + # The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: @@ -30,12 +30,6 @@ jobs: # dotnet-version: '3.1.x' # Run open source static analysis tools - - name: Run OSSAR - uses: github/ossar-action@v1 - id: ossar - - # Upload results to the Security tab - - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} + - name: Run .NET Analyzers + uses: github/dotnet-analyzers-action@v1 + id: dotnet-analyzers diff --git a/.github/workflows/sample-workflow-windows-latest.yml b/.github/workflows/sample-workflow-windows-latest.yml index 8034f2e..1a13cea 100644 --- a/.github/workflows/sample-workflow-windows-latest.yml +++ b/.github/workflows/sample-workflow-windows-latest.yml @@ -1,7 +1,7 @@ # sample-workflow-windows-latest # docs are in the repo -name: OSSAR windows-latest +name: .NET Analyzers windows-latest on: push: branches: @@ -9,9 +9,9 @@ on: jobs: sample: - name: Open Source Static Analysis Runner + name: .NET Analyzers runner - # OSSAR runs on windows-latest. + # .NET Analyzers runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon runs-on: windows-latest @@ -21,7 +21,7 @@ jobs: - uses: actions/checkout@v2 # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. + # The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: @@ -29,13 +29,7 @@ jobs: # with: # dotnet-version: '3.1.x' - # Run open source static analysis tools - - name: Run OSSAR - uses: github/ossar-action@v1 - id: ossar - - # Upload results to the Security tab - - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} + # Run .NET Analyzers + - name: Run .NET Analyzers + uses: github/dotnet-analyzers-action@v1 + id: dotnet-analyzers diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1d42395..78773ea 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,7 +1,7 @@ ## Contributing -[fork]: https://github.com/github/ossar-action/fork -[pr]: https://github.com/github/ossar-action/compare +[fork]: https://github.com/github/dotnet-analyzers-action/fork +[pr]: https://github.com/github/dotnet-analyzers-action/compare [code-of-conduct]: CODE_OF_CONDUCT.md Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. diff --git a/README.md b/README.md index 7f56e08..f3c9779 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,20 @@ -# github/ossar-action +# github/dotnet-analyzers-action -![OSSAR windows-latest](https://github.com/github/ossar-action/workflows/OSSAR%20windows-latest/badge.svg) -![OSSAR ubuntu-latest](https://github.com/github/ossar-action/workflows/OSSAR%20ubuntu-latest/badge.svg) +![.NET Analyzers windows-latest](https://github.com/github/dotnet-analyzers-action/workflows/.NET%20Analyzers%20windows-latest/badge.svg) +![.NET Analyzers ubuntu-latest](https://github.com/github/dotnet-analyzers-action/workflows/.NET%20Analyzers%20ubuntu-latest/badge.svg) -Run open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner). +Run [.NET code quality and code style analyzers](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) that ship with the .NET SDK. # Limitations -The OSSAR action is currently in beta and runs on the `windows-latest` queue, as well as Windows self hosted agents. `ubuntu-latest` support coming soon. +The .NET Analyzers action is currently in beta and runs on the `windows-latest` queue, as well as Windows self hosted agents. `ubuntu-latest` support coming soon. # Overview -This action runs the [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) for security analysis by: +This action runs the [Code Analysis CLI](https://aka.ms/mscadocs) for .NET code quality and code style analysis by: -* Installing the Microsoft Security Code Analysis CLI -* Installing the latest policy or referencing the local `policy/github.gdnpolicy` file -* Installing the latest open source tools -* Automatic or user-provided configuration of static analysis tools -* Execution of a full suite of static analysis tools +* Installing the Code Analysis CLI +* Execution of [.NET code quality and code style analyzers](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) that ship with the .NET SDK * Normalized processing of results into the SARIF format * Exports a single SARIF file which can be uploaded via the `github/codeql-action/upload-sarif` action @@ -27,21 +24,17 @@ See [action.yml](action.yml) ## Basic -Run OSSAR with the default policy and recommended tools. +Run [.NET code quality and code style analyzers](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) that ship with the .NET SDK. ```yaml steps: - uses: actions/checkout@v2 -- name: Run OSSAR - uses: github/ossar-action@v1 - id: ossar -- name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} +- name: Run .NET code quality and code style analyzers + uses: github/dotnet-analyzers-action@v1 + id: dotnet-analyzers ``` -**Note:** The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the [actions/setup-dotnet](https://github.com/actions/setup-dotnet) action. +**Note:** The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the [actions/setup-dotnet](https://github.com/actions/setup-dotnet) action. ``` - uses: actions/setup-dotnet@v1 @@ -49,32 +42,13 @@ steps: dotnet-version: '3.1.x' ``` -## Upload Results to the Security tab - -To upload results to the Security tab of your repo, run the `github/codeql-action/upload-sarif` action immediately after running OSSAR. OSSAR sets the action output variable `sarifFile` to the path of a single SARIF file that can be uploaded to this API. - -```yaml -- name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} -``` - -# Open Source Tools - -| Name | Language | -| --- | --- | -| [Bandit](https://github.com/PyCQA/bandit) | python | -| [BinSkim](https://github.com/Microsoft/binskim) | binary - Windows, ELF | -| [ESlint](https://github.com/eslint/eslint) | JavaScript | - # More Information -Please see the [wiki tab](https://github.com/github/ossar-action/wiki) for more information and the [Frequently Asked Questions (FAQ)](https://github.com/github/ossar-action/wiki/FAQ) page. +Please see the [wiki tab](https://github.com/github/dotnet-analyzers-action/wiki) for more information and the [Frequently Asked Questions (FAQ)](https://github.com/github/dotnet-analyzers-action/wiki/FAQ) page. # Report Issues -Please [file a GitHub issue](https://github.com/github/ossar-action/issues/new) in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the OSSAR's action output. +Please [file a GitHub issue](https://github.com/github/dotnet-analyzers-action/issues/new) in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the .NET Analyzers's action output. # License diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 2e8bed0..0000000 --- a/SECURITY.md +++ /dev/null @@ -1,39 +0,0 @@ - - -If you discover a security issue in this repo, please submit it through the [GitHub Security Bug Bounty](https://hackerone.com/github) - -Thanks for helping make GitHub Actions safe for everyone. - -## Security - -Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/). - -If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [definition](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security vulnerability, please report it to us as described below. - -## Reporting Security Issues - -**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center at [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155). - -You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). - -Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: - - * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) - * Full paths of source file(s) related to the manifestation of the issue - * The location of the affected source code (tag/branch/commit or direct URL) - * Any special configuration required to reproduce the issue - * Step-by-step instructions to reproduce the issue - * Proof-of-concept or exploit code (if possible) - * Impact of the issue, including how an attacker might exploit the issue - -This information will help us triage your report more quickly. - -## Preferred Languages - -We prefer all communications to be in English. - -## Policy - -Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). - - \ No newline at end of file diff --git a/action.yml b/action.yml index a91353d..f510b69 100644 --- a/action.yml +++ b/action.yml @@ -1,17 +1,62 @@ -name: 'ossar-action' -description: 'Run open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner)' +name: 'dotnet-analyzers-action' +description: 'Run .NET code quality and code style analyzers shipping with .NET SDK' author: 'GitHub' -branding: - icon: 'shield' - color: 'black' inputs: - config: - description: A file path to a .gdnconfig file. - policy: - description: The name of the well known policy to use. If empty, defaults to the policy/github.gdnpolicy file in the action repo. + analysis-level: # AnalysisLevel: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Default analysis level for all rules' + required: false + default: 'latest-minimum' + style: # AnalysisLevelStyle: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for code style rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/' + required: false + default: 'latest-minimum' + design: # AnalysisLevelDesign: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for sesign rules: https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/design-warnings' + required: false + default: 'latest-minimum' + documentation: # AnalysisLevelDocumentation: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for documentation rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/documentation-warnings' + required: false + default: 'latest-minimum' + globalization: # AnalysisLevelGlobalization: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for globalization rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/globalization-warnings' + required: false + default: 'latest-minimum' + performance: # AnalysisLevelPerformance: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for performance rules: https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/performance-warnings' + required: false + default: 'latest-minimum' + interoperability: # AnalysisLevelInteroperability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for portability and interoperability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/interoperability-warnings' + required: false + default: 'latest-minimum' + maintainability: # AnalysisLevelMaintainability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for maintainability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/maintainability-warnings' + required: false + default: 'latest-minimum' + naming: # AnalysisLevelNaming: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for naming rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/naming-warnings' + required: false + default: 'latest-minimum' + performance: # AnalysisLevelPerformance: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for performance rules: https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/performance-warnings' + required: false + default: 'latest-minimum' + reliability: # AnalysisLevelReliability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for reliability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/reliability-warnings' + required: false + default: 'latest-minimum' + security: # AnalysisLevelSecurity: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for security rules https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/security-warnings' + required: false + default: 'latest-minimum' + usage: # AnalysisLevelPerformance: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel + description: 'Overridden analysis level for usage rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/usage-warnings' + required: false + default: 'latest-minimum' outputs: sarifFile: - description: A file path to a SARIF results file. + description: A file path to a SARIF file with analysis results. runs: using: 'node12' - main: 'lib/action.js' \ No newline at end of file + main: 'index.js' \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index d5f6ac8..5bc2712 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "ossar-action", + "name": "dotnet-analyzers-action", "version": "1.1.0", "lockfileVersion": 1, "requires": true, diff --git a/package.json b/package.json index d6b70c0..c01bf07 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { - "name": "ossar-action", + "name": "dotnet-analyzers-action", "version": "1.1.0", - "description": "Node dependencies for the OSSAR Action.", + "description": "Node dependencies for the .NET Analyzers Action.", "scripts": { "test": "mocha" }, From 14379564058aa562ee5be8b7313595cacbfd8f14 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 08:33:37 -0800 Subject: [PATCH 02/30] Changes --- action.yml | 7 +- build.proj | 2 +- lib/action.js | 152 +++++++++++++++++++++++---- lib/msca-toolkit/msca-installer.js | 27 +++-- lib/msca-toolkit/msca-toolkit.js | 27 +++-- src/action.ts | 158 +++++++++++++++++++++++++---- 6 files changed, 315 insertions(+), 58 deletions(-) diff --git a/action.yml b/action.yml index f510b69..712a280 100644 --- a/action.yml +++ b/action.yml @@ -2,6 +2,9 @@ name: 'dotnet-analyzers-action' description: 'Run .NET code quality and code style analyzers shipping with .NET SDK' author: 'GitHub' inputs: + projects: + description: 'Semi-colon separated list of projects or solutions to analyze' + required: true analysis-level: # AnalysisLevel: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel description: 'Default analysis level for all rules' required: false @@ -22,10 +25,6 @@ inputs: description: 'Overridden analysis level for globalization rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/globalization-warnings' required: false default: 'latest-minimum' - performance: # AnalysisLevelPerformance: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel - description: 'Overridden analysis level for performance rules: https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/performance-warnings' - required: false - default: 'latest-minimum' interoperability: # AnalysisLevelInteroperability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel description: 'Overridden analysis level for portability and interoperability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/interoperability-warnings' required: false diff --git a/build.proj b/build.proj index b37725a..43aa763 100644 --- a/build.proj +++ b/build.proj @@ -9,7 +9,7 @@ false - 3.8 + 4.1 tsconfig.json $(MSBuildProjectDirectory)/$(TypeScriptConfigFileName) false diff --git a/lib/action.js b/lib/action.js index a380203..c384434 100644 --- a/lib/action.js +++ b/lib/action.js @@ -1,35 +1,145 @@ "use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; - if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k]; - result["default"] = mod; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); const msca_toolkit_1 = require("./msca-toolkit/msca-toolkit"); const path = __importStar(require("path")); +const fs = __importStar(require("fs")); +const os = __importStar(require("os")); let action = new msca_toolkit_1.MscaAction(); let args = []; -let config = core.getInput('config'); -if (!action.isNullOrWhiteSpace(config)) { - args.push('-c'); - args.push(config); -} -let policy = core.getInput('policy'); -if (action.isNullOrWhiteSpace(policy)) { - // Use the local policy file - const actionDirectory = path.resolve(__dirname); - core.debug(`actionDirectory = ${actionDirectory}`); - const policyFilePath = path.resolve(path.join(actionDirectory, '../', 'policy', 'github.gdnpolicy')); - core.debug(`policyFilePath = ${policyFilePath}`); - args.push('--policy-file-path'); - args.push(policyFilePath); -} -else { - // Use the defined policy - args.push('-p'); - args.push(policy); +let analysisArgs = ""; +let analysisLevel = core.getInput('analysis-level'); +if (!action.isNullOrWhiteSpace(analysisLevel)) { + analysisArgs += `/p:AnalysisLevel=${analysisLevel} `; } +let style = core.getInput('style'); +if (!action.isNullOrWhiteSpace(style)) { + analysisArgs += `/p:AnalysisLevelStyle=${style} `; +} +let design = core.getInput('design'); +if (!action.isNullOrWhiteSpace(design)) { + analysisArgs += `/p:AnalysisLevelDesign=${design} `; +} +let documentation = core.getInput('documentation'); +if (!action.isNullOrWhiteSpace(documentation)) { + analysisArgs += `/p:AnalysisLevelDocumentation=${documentation} `; +} +let globalization = core.getInput('globalization'); +if (!action.isNullOrWhiteSpace(globalization)) { + analysisArgs += `/p:AnalysisLevelGlobalization=${globalization} `; +} +let interoperability = core.getInput('interoperability'); +if (!action.isNullOrWhiteSpace(interoperability)) { + analysisArgs += `/p:AnalysisLevelInteroperability=${interoperability} `; +} +let maintainability = core.getInput('maintainability'); +if (!action.isNullOrWhiteSpace(maintainability)) { + analysisArgs += `/p:AnalysisLevelMaintainability=${maintainability} `; +} +let naming = core.getInput('naming'); +if (!action.isNullOrWhiteSpace(naming)) { + analysisArgs += `/p:AnalysisLevelNaming=${naming} `; +} +let performance = core.getInput('performance'); +if (!action.isNullOrWhiteSpace(performance)) { + analysisArgs += `/p:AnalysisLevelPerformance=${performance} `; +} +let reliability = core.getInput('reliability'); +if (!action.isNullOrWhiteSpace(reliability)) { + analysisArgs += `/p:AnalysisLevelReliability=${reliability} `; +} +let security = core.getInput('security'); +if (!action.isNullOrWhiteSpace(security)) { + analysisArgs += `/p:AnalysisLevelSecurity=${security} `; +} +let usage = core.getInput('usage'); +if (!action.isNullOrWhiteSpace(usage)) { + analysisArgs += `/p:AnalysisLevelUsage=${usage} `; +} +let projects = core.getInput('projects'); +if (action.isNullOrWhiteSpace(projects)) { + core.setFailed("'projects' must be non-empty"); +} +var buildCommandLines; +var first = true; +projects.split(";").forEach(function (project) { + if (!first) { + buildCommandLines += " ; "; + first = false; + } + buildCommandLines += `msbuild.exe ${analysisArgs}${project}`; +}); +var configContent = { + "fileVersion": "1.7.0.3", + "tools": [ + { + "fileVersion": "1.7.0.3", + "tool": { + "name": "RoslynAnalyzers", + "version": "1.7.0.3" + }, + "arguments": { + "CopyLogsOnly": false, + "SourcesDirectory": "$(Folders.SourceRepo)", + "MSBuildVersion": "16.0", + "CodeAnalysisAssemblyVersion": "3.8.0", + "SetupCommandlines": "\\\"$(VisualStudioInstallDirectory)\\Common7\\Tools\\VsMSBuildCmd.bat\\\"", + "BuildArchitecture": "amd64", + "BuildCommandlines": buildCommandLines, + "NetAnalyzersRootDirectory": "$(Packages.Microsoft.CodeAnalysis.NetAnalyzers)", + "CSharpCodeStyleAnalyzersRootDirectory": "$(Packages.Microsoft.CodeAnalysis.CSharp.CodeStyle)", + "FxCopAnalyzersRootDirectory": "", + "RulesetPath": "", + "SdlRulesetVersion": "", + "LoggerLevel": "Standard" + }, + "outputExtension": "sarif", + "successfulExitCodes": [ + 0 + ] + } + ] +}; +let data = JSON.stringify(configContent); +var gdnConfigFilePath = path.join(os.tmpdir(), 'roslynanalyzers.gdnconfig'); +try { + fs.writeFileSync(gdnConfigFilePath, data); +} +catch (err) { + throw Error(err); +} +args.push('-c'); +args.push(gdnConfigFilePath); +// Use the local policy file +const actionDirectory = path.resolve(__dirname); +core.debug(`actionDirectory = ${actionDirectory}`); +const policyFilePath = path.resolve(path.join(actionDirectory, '../', 'policy', 'github.gdnpolicy')); +core.debug(`policyFilePath = ${policyFilePath}`); +args.push('--policy-file-path'); +args.push(policyFilePath); action.run(args); +try { + fs.unlinkSync(gdnConfigFilePath); +} +catch (err) { + console.error(err); +} diff --git a/lib/msca-toolkit/msca-installer.js b/lib/msca-toolkit/msca-installer.js index cb17b34..c3a53fe 100644 --- a/lib/msca-toolkit/msca-installer.js +++ b/lib/msca-toolkit/msca-installer.js @@ -1,4 +1,23 @@ "use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -8,14 +27,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k]; - result["default"] = mod; - return result; -}; Object.defineProperty(exports, "__esModule", { value: true }); +exports.MscaInstaller = void 0; const fs = __importStar(require("fs")); const path = __importStar(require("path")); const process = __importStar(require("process")); diff --git a/lib/msca-toolkit/msca-toolkit.js b/lib/msca-toolkit/msca-toolkit.js index 3122f92..e3137b8 100644 --- a/lib/msca-toolkit/msca-toolkit.js +++ b/lib/msca-toolkit/msca-toolkit.js @@ -1,4 +1,23 @@ "use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -8,14 +27,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k]; - result["default"] = mod; - return result; -}; Object.defineProperty(exports, "__esModule", { value: true }); +exports.MscaAction = void 0; const path = __importStar(require("path")); const process = __importStar(require("process")); const core = __importStar(require("@actions/core")); diff --git a/src/action.ts b/src/action.ts index 3952203..ddac1fd 100644 --- a/src/action.ts +++ b/src/action.ts @@ -1,32 +1,154 @@ import * as core from '@actions/core'; import { MscaAction } from './msca-toolkit/msca-toolkit'; import * as path from 'path'; +import * as fs from 'fs'; +import * as os from 'os'; let action = new MscaAction(); let args: string[] = []; -let config = core.getInput('config'); -if (!action.isNullOrWhiteSpace(config)) { - args.push('-c'); - args.push(config); +let analysisArgs = "" + +let analysisLevel = core.getInput('analysis-level'); +if (!action.isNullOrWhiteSpace(analysisLevel)) { + analysisArgs += `/p:AnalysisLevel=${analysisLevel} `; +} + +let style = core.getInput('style'); +if (!action.isNullOrWhiteSpace(style)) { + analysisArgs += `/p:AnalysisLevelStyle=${style} `; +} + +let design = core.getInput('design'); +if (!action.isNullOrWhiteSpace(design)) { + analysisArgs += `/p:AnalysisLevelDesign=${design} `; +} + +let documentation = core.getInput('documentation'); +if (!action.isNullOrWhiteSpace(documentation)) { + analysisArgs += `/p:AnalysisLevelDocumentation=${documentation} `; +} + +let globalization = core.getInput('globalization'); +if (!action.isNullOrWhiteSpace(globalization)) { + analysisArgs += `/p:AnalysisLevelGlobalization=${globalization} `; +} + +let interoperability = core.getInput('interoperability'); +if (!action.isNullOrWhiteSpace(interoperability)) { + analysisArgs += `/p:AnalysisLevelInteroperability=${interoperability} `; +} + +let maintainability = core.getInput('maintainability'); +if (!action.isNullOrWhiteSpace(maintainability)) { + analysisArgs += `/p:AnalysisLevelMaintainability=${maintainability} `; +} + +let naming = core.getInput('naming'); +if (!action.isNullOrWhiteSpace(naming)) { + analysisArgs += `/p:AnalysisLevelNaming=${naming} `; +} + +let performance = core.getInput('performance'); +if (!action.isNullOrWhiteSpace(performance)) { + analysisArgs += `/p:AnalysisLevelPerformance=${performance} `; +} + +let reliability = core.getInput('reliability'); +if (!action.isNullOrWhiteSpace(reliability)) { + analysisArgs += `/p:AnalysisLevelReliability=${reliability} `; +} + +let security = core.getInput('security'); +if (!action.isNullOrWhiteSpace(security)) { + analysisArgs += `/p:AnalysisLevelSecurity=${security} `; +} + +let usage = core.getInput('usage'); +if (!action.isNullOrWhiteSpace(usage)) { + analysisArgs += `/p:AnalysisLevelUsage=${usage} `; +} + +let projects = core.getInput('projects'); +if (action.isNullOrWhiteSpace(projects)) { + core.setFailed("'projects' must be non-empty"); } -let policy = core.getInput('policy'); -if (action.isNullOrWhiteSpace(policy)) { - // Use the local policy file - const actionDirectory = path.resolve(__dirname); - core.debug(`actionDirectory = ${actionDirectory}`); +var buildCommandLines:string; +var first = true; +projects.split(";").forEach(function (project) { + if (!first) + { + buildCommandLines += " ; "; + first = false; + } + buildCommandLines +=`msbuild.exe ${analysisArgs}${project}`; +}); - const policyFilePath = path.resolve(path.join(actionDirectory, '../', 'policy', 'github.gdnpolicy')); - core.debug(`policyFilePath = ${policyFilePath}`); +var configContent = { + "fileVersion": "1.7.0.3", + "tools": [ + { + "fileVersion": "1.7.0.3", + "tool": { + "name": "RoslynAnalyzers", + "version": "1.7.0.3" + }, + "arguments": { + "CopyLogsOnly": false, + "SourcesDirectory": "$(Folders.SourceRepo)", + "MSBuildVersion": "16.0", + "CodeAnalysisAssemblyVersion": "3.8.0", + "SetupCommandlines": "\\\"$(VisualStudioInstallDirectory)\\Common7\\Tools\\VsMSBuildCmd.bat\\\"", + "BuildArchitecture": "amd64", + "BuildCommandlines": buildCommandLines, + "NetAnalyzersRootDirectory": "$(Packages.Microsoft.CodeAnalysis.NetAnalyzers)", + "CSharpCodeStyleAnalyzersRootDirectory": "$(Packages.Microsoft.CodeAnalysis.CSharp.CodeStyle)", + "FxCopAnalyzersRootDirectory": "", + "RulesetPath": "", + "SdlRulesetVersion": "", + "LoggerLevel": "Standard" + }, + "outputExtension": "sarif", + "successfulExitCodes": [ + 0 + ] + } + ] +}; - args.push('--policy-file-path'); - args.push(policyFilePath); -} else { - // Use the defined policy - args.push('-p'); - args.push(policy); +let data = JSON.stringify(configContent); +var gdnConfigFilePath = path.join(os.tmpdir(), 'roslynanalyzers.gdnconfig'); +try +{ + fs.writeFileSync(gdnConfigFilePath, data); +} +catch(err) +{ + throw Error(err); } -action.run(args); \ No newline at end of file +args.push('-c'); +args.push(gdnConfigFilePath); + +// Use the local policy file +const actionDirectory = path.resolve(__dirname); +core.debug(`actionDirectory = ${actionDirectory}`); + +const policyFilePath = path.resolve(path.join(actionDirectory, '../', 'policy', 'github.gdnpolicy')); +core.debug(`policyFilePath = ${policyFilePath}`); + +args.push('--policy-file-path'); +args.push(policyFilePath); + +action.run(args); + +try +{ + fs.unlinkSync(gdnConfigFilePath); +} +catch(err) +{ + console.error(err) +} \ No newline at end of file From 644010689cdf9fd5cdf54be437f2ddc7b3da404b Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:09:13 -0800 Subject: [PATCH 03/30] Changes --- .github/workflows/on-push-verification.yml | 2 ++ action.yml | 2 +- sample/ClassLibrary1.sln | 25 ++++++++++++++++++++++ sample/ClassLibrary1/Class1.cs | 12 +++++++++++ sample/ClassLibrary1/ClassLibrary1.csproj | 7 ++++++ sample/insecure.js | 2 -- sample/insecure.py | 24 --------------------- src/action.ts | 3 +++ 8 files changed, 50 insertions(+), 27 deletions(-) create mode 100644 sample/ClassLibrary1.sln create mode 100644 sample/ClassLibrary1/Class1.cs create mode 100644 sample/ClassLibrary1/ClassLibrary1.csproj delete mode 100644 sample/insecure.js delete mode 100644 sample/insecure.py diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 813768c..bad9b0f 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -30,3 +30,5 @@ jobs: - name: Run .NET Analyzers uses: ./ id: dotnet-analyzers + with: + projects: ./samples/ClassLibrary1.sln \ No newline at end of file diff --git a/action.yml b/action.yml index 712a280..a451aef 100644 --- a/action.yml +++ b/action.yml @@ -58,4 +58,4 @@ outputs: description: A file path to a SARIF file with analysis results. runs: using: 'node12' - main: 'index.js' \ No newline at end of file + main: 'lib/action.js' \ No newline at end of file diff --git a/sample/ClassLibrary1.sln b/sample/ClassLibrary1.sln new file mode 100644 index 0000000..52ed0ef --- /dev/null +++ b/sample/ClassLibrary1.sln @@ -0,0 +1,25 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.30911.218 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ClassLibrary1", "ClassLibrary1\ClassLibrary1.csproj", "{D93DCE72-417F-4F71-8BC5-03CDB1932B9D}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D93DCE72-417F-4F71-8BC5-03CDB1932B9D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {D93DCE72-417F-4F71-8BC5-03CDB1932B9D}.Debug|Any CPU.Build.0 = Debug|Any CPU + {D93DCE72-417F-4F71-8BC5-03CDB1932B9D}.Release|Any CPU.ActiveCfg = Release|Any CPU + {D93DCE72-417F-4F71-8BC5-03CDB1932B9D}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {F67E648A-4693-4494-8C38-B2735AC8DADE} + EndGlobalSection +EndGlobal diff --git a/sample/ClassLibrary1/Class1.cs b/sample/ClassLibrary1/Class1.cs new file mode 100644 index 0000000..409c76b --- /dev/null +++ b/sample/ClassLibrary1/Class1.cs @@ -0,0 +1,12 @@ +using System; + +namespace ClassLibrary1 +{ + public class Class1 + { + private int f; + void M() + { + } + } +} diff --git a/sample/ClassLibrary1/ClassLibrary1.csproj b/sample/ClassLibrary1/ClassLibrary1.csproj new file mode 100644 index 0000000..cb63190 --- /dev/null +++ b/sample/ClassLibrary1/ClassLibrary1.csproj @@ -0,0 +1,7 @@ + + + + netcoreapp3.1 + + + diff --git a/sample/insecure.js b/sample/insecure.js deleted file mode 100644 index 2172dfe..0000000 --- a/sample/insecure.js +++ /dev/null @@ -1,2 +0,0 @@ -let injection = "Hello, security vulnerabilities!"; -eval(`console.log(\"${injection}\");`); \ No newline at end of file diff --git a/sample/insecure.py b/sample/insecure.py deleted file mode 100644 index d43c0b3..0000000 --- a/sample/insecure.py +++ /dev/null @@ -1,24 +0,0 @@ -import hashlib -print("I am very insecure. Bandit thinks so too.") -#B110 -xs=[1,2,3,4,5,6,7,8] -try: - print(xs[7]) - print(xs[8]) -except: pass - -ys=[1, 2, None, None] -for y in ys: - try: - print(str(y+3)) #TypeErrors ahead - except: continue #not how to handle them - -#some imports -import telnetlib -import ftplib - -#B303 and B324 -s = b"I am a string" -print("MD5: " +hashlib.md5(s).hexdigest()) -print("SHA1: " +hashlib.sha1(s).hexdigest()) -print("SHA256: " +hashlib.sha256(s).hexdigest()) diff --git a/src/action.ts b/src/action.ts index ddac1fd..e7de40b 100644 --- a/src/action.ts +++ b/src/action.ts @@ -123,6 +123,9 @@ var gdnConfigFilePath = path.join(os.tmpdir(), 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); + console.log(data); + data = fs.readFileSync(gdnConfigFilePath, 'utf8'); + console.log(data); } catch(err) { From d31074a5cb6ab8298e4be77c2548d3e82cbf77a5 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:11:25 -0800 Subject: [PATCH 04/30] Update action.ts --- src/action.ts | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/action.ts b/src/action.ts index e7de40b..c664a5c 100644 --- a/src/action.ts +++ b/src/action.ts @@ -118,8 +118,11 @@ var configContent = { ] }; +const actionDirectory = path.resolve(__dirname); +core.debug(`actionDirectory = ${actionDirectory}`); + let data = JSON.stringify(configContent); -var gdnConfigFilePath = path.join(os.tmpdir(), 'roslynanalyzers.gdnconfig'); +var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); @@ -136,9 +139,6 @@ args.push('-c'); args.push(gdnConfigFilePath); // Use the local policy file -const actionDirectory = path.resolve(__dirname); -core.debug(`actionDirectory = ${actionDirectory}`); - const policyFilePath = path.resolve(path.join(actionDirectory, '../', 'policy', 'github.gdnpolicy')); core.debug(`policyFilePath = ${policyFilePath}`); @@ -147,6 +147,7 @@ args.push(policyFilePath); action.run(args); +/* try { fs.unlinkSync(gdnConfigFilePath); @@ -154,4 +155,5 @@ try catch(err) { console.error(err) -} \ No newline at end of file +} +/* From c172fe74985c79e674136417386456ff324cf142 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:16:52 -0800 Subject: [PATCH 05/30] Update action.ts --- src/action.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/action.ts b/src/action.ts index c664a5c..7e85014 100644 --- a/src/action.ts +++ b/src/action.ts @@ -126,9 +126,9 @@ var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); - console.log(data); + core.info(data); data = fs.readFileSync(gdnConfigFilePath, 'utf8'); - console.log(data); + core.info(data); } catch(err) { From 729f84a1480e7c2703e801e358247a7aa8236748 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:22:28 -0800 Subject: [PATCH 06/30] Update on-push-verification.yml --- .github/workflows/on-push-verification.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index bad9b0f..1fe34da 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -6,7 +6,7 @@ on: push jobs: sample: - name: Open Source Static Analysis Runner + name: .NET Analyzers runner # .NET Analyzers runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon @@ -31,4 +31,4 @@ jobs: uses: ./ id: dotnet-analyzers with: - projects: ./samples/ClassLibrary1.sln \ No newline at end of file + projects: ./samples/ClassLibrary1.sln From eaaa72f369817ebe6c4073ecd846b30630f2165d Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:24:21 -0800 Subject: [PATCH 07/30] Update action.ts --- src/action.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/action.ts b/src/action.ts index 7e85014..1dcbb29 100644 --- a/src/action.ts +++ b/src/action.ts @@ -156,4 +156,4 @@ catch(err) { console.error(err) } -/* +*/ From 7c1e8c4c1fc45435ad68f80cdfb0cf4199222123 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:29:42 -0800 Subject: [PATCH 08/30] Changes --- .github/workflows/on-push-verification.yml | 1 + src/action.ts | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 1fe34da..1aad6ae 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -32,3 +32,4 @@ jobs: id: dotnet-analyzers with: projects: ./samples/ClassLibrary1.sln + security: latest-recommended diff --git a/src/action.ts b/src/action.ts index 1dcbb29..c8883ab 100644 --- a/src/action.ts +++ b/src/action.ts @@ -4,8 +4,6 @@ import * as path from 'path'; import * as fs from 'fs'; import * as os from 'os'; -let action = new MscaAction(); - let args: string[] = []; let analysisArgs = "" @@ -145,6 +143,7 @@ core.debug(`policyFilePath = ${policyFilePath}`); args.push('--policy-file-path'); args.push(policyFilePath); +let action = new MscaAction(); action.run(args); /* From 17ffd859bc4a9342a22d1666f724257d8274290c Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 09:40:13 -0800 Subject: [PATCH 09/30] Fixes --- lib/action.js | 21 +++++++++++++-------- src/action.ts | 5 ++--- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/lib/action.js b/lib/action.js index c384434..b2a862d 100644 --- a/lib/action.js +++ b/lib/action.js @@ -23,9 +23,7 @@ const core = __importStar(require("@actions/core")); const msca_toolkit_1 = require("./msca-toolkit/msca-toolkit"); const path = __importStar(require("path")); const fs = __importStar(require("fs")); -const os = __importStar(require("os")); let action = new msca_toolkit_1.MscaAction(); -let args = []; let analysisArgs = ""; let analysisLevel = core.getInput('analysis-level'); if (!action.isNullOrWhiteSpace(analysisLevel)) { @@ -119,27 +117,34 @@ var configContent = { } ] }; +const actionDirectory = path.resolve(__dirname); +core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -var gdnConfigFilePath = path.join(os.tmpdir(), 'roslynanalyzers.gdnconfig'); +var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); + data = fs.readFileSync(gdnConfigFilePath, 'utf8'); + core.info(data); } catch (err) { throw Error(err); } +let args = []; args.push('-c'); args.push(gdnConfigFilePath); // Use the local policy file -const actionDirectory = path.resolve(__dirname); -core.debug(`actionDirectory = ${actionDirectory}`); const policyFilePath = path.resolve(path.join(actionDirectory, '../', 'policy', 'github.gdnpolicy')); core.debug(`policyFilePath = ${policyFilePath}`); args.push('--policy-file-path'); args.push(policyFilePath); action.run(args); -try { +/* +try +{ fs.unlinkSync(gdnConfigFilePath); } -catch (err) { - console.error(err); +catch(err) +{ + console.error(err) } +*/ diff --git a/src/action.ts b/src/action.ts index c8883ab..d17b749 100644 --- a/src/action.ts +++ b/src/action.ts @@ -4,7 +4,7 @@ import * as path from 'path'; import * as fs from 'fs'; import * as os from 'os'; -let args: string[] = []; +let action = new MscaAction(); let analysisArgs = "" @@ -124,7 +124,6 @@ var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); - core.info(data); data = fs.readFileSync(gdnConfigFilePath, 'utf8'); core.info(data); } @@ -133,6 +132,7 @@ catch(err) throw Error(err); } +let args: string[] = []; args.push('-c'); args.push(gdnConfigFilePath); @@ -143,7 +143,6 @@ core.debug(`policyFilePath = ${policyFilePath}`); args.push('--policy-file-path'); args.push(policyFilePath); -let action = new MscaAction(); action.run(args); /* From ae0510006dd9606863c742fc61bd7fdbb8d35501 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 10:04:42 -0800 Subject: [PATCH 10/30] Fixes --- src/action.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/action.ts b/src/action.ts index d17b749..7f0ac4d 100644 --- a/src/action.ts +++ b/src/action.ts @@ -73,7 +73,7 @@ if (action.isNullOrWhiteSpace(projects)) { core.setFailed("'projects' must be non-empty"); } -var buildCommandLines:string; +var buildCommandLines:string = ""; var first = true; projects.split(";").forEach(function (project) { if (!first) @@ -125,7 +125,7 @@ try { fs.writeFileSync(gdnConfigFilePath, data); data = fs.readFileSync(gdnConfigFilePath, 'utf8'); - core.info(data); + core.info(JSON.parse(data)); } catch(err) { From e2e7a99c9f820051a2fc5c089f8abcda587006b7 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 11:02:52 -0800 Subject: [PATCH 11/30] Fixes --- lib/action.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/action.js b/lib/action.js index b2a862d..67e77c7 100644 --- a/lib/action.js +++ b/lib/action.js @@ -77,7 +77,7 @@ let projects = core.getInput('projects'); if (action.isNullOrWhiteSpace(projects)) { core.setFailed("'projects' must be non-empty"); } -var buildCommandLines; +var buildCommandLines = ""; var first = true; projects.split(";").forEach(function (project) { if (!first) { @@ -124,7 +124,7 @@ var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); data = fs.readFileSync(gdnConfigFilePath, 'utf8'); - core.info(data); + core.info(JSON.parse(data)); } catch (err) { throw Error(err); From 8e809b30dbaa4a92b4dd30c0131981218b110730 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 14:38:03 -0800 Subject: [PATCH 12/30] Fixes --- lib/action.js | 14 ++++---------- src/action.ts | 7 ++----- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/lib/action.js b/lib/action.js index 67e77c7..f5a6e3d 100644 --- a/lib/action.js +++ b/lib/action.js @@ -120,11 +120,9 @@ var configContent = { const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +const gdnConfigFilePath = path.resolve(path.join(actionDirectory, 'roslynanalyzers.gdnconfig')); try { fs.writeFileSync(gdnConfigFilePath, data); - data = fs.readFileSync(gdnConfigFilePath, 'utf8'); - core.info(JSON.parse(data)); } catch (err) { throw Error(err); @@ -138,13 +136,9 @@ core.debug(`policyFilePath = ${policyFilePath}`); args.push('--policy-file-path'); args.push(policyFilePath); action.run(args); -/* -try -{ +try { fs.unlinkSync(gdnConfigFilePath); } -catch(err) -{ - console.error(err) +catch (err) { + console.error(err); } -*/ diff --git a/src/action.ts b/src/action.ts index 7f0ac4d..8ec536b 100644 --- a/src/action.ts +++ b/src/action.ts @@ -120,12 +120,10 @@ const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -var gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +const gdnConfigFilePath = path.resolve(path.join(actionDirectory, 'roslynanalyzers.gdnconfig')); try { fs.writeFileSync(gdnConfigFilePath, data); - data = fs.readFileSync(gdnConfigFilePath, 'utf8'); - core.info(JSON.parse(data)); } catch(err) { @@ -145,7 +143,7 @@ args.push(policyFilePath); action.run(args); -/* + try { fs.unlinkSync(gdnConfigFilePath); @@ -154,4 +152,3 @@ catch(err) { console.error(err) } -*/ From b4f4180b30f9751bbe5a54946b532ffea02f988e Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 14:48:45 -0800 Subject: [PATCH 13/30] Update on-push-verification.yml --- .github/workflows/on-push-verification.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 1aad6ae..1fe34da 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -32,4 +32,3 @@ jobs: id: dotnet-analyzers with: projects: ./samples/ClassLibrary1.sln - security: latest-recommended From f79a17bcd79682b95e1c09b5c37848018aab43ad Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 14:51:59 -0800 Subject: [PATCH 14/30] Update sample-workflow-windows-latest.yml --- .github/workflows/sample-workflow-windows-latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sample-workflow-windows-latest.yml b/.github/workflows/sample-workflow-windows-latest.yml index 1a13cea..c59ee16 100644 --- a/.github/workflows/sample-workflow-windows-latest.yml +++ b/.github/workflows/sample-workflow-windows-latest.yml @@ -5,7 +5,7 @@ name: .NET Analyzers windows-latest on: push: branches: - - master + - main jobs: sample: From 3d903e8f39edc8e781d53c7b295e82955e33b75c Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 14:52:18 -0800 Subject: [PATCH 15/30] Update sample-workflow-ubuntu-latest.yml --- .github/workflows/sample-workflow-ubuntu-latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sample-workflow-ubuntu-latest.yml b/.github/workflows/sample-workflow-ubuntu-latest.yml index f63cfee..a64d4b9 100644 --- a/.github/workflows/sample-workflow-ubuntu-latest.yml +++ b/.github/workflows/sample-workflow-ubuntu-latest.yml @@ -5,7 +5,7 @@ name: .NET Analyzers ubuntu-latest on: push: branches: - - master + - main jobs: sample: From abb3b286038e5517910f6e53efc3989ccea1fbc1 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 15:01:37 -0800 Subject: [PATCH 16/30] Fixes --- lib/action.js | 2 +- src/action.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/action.js b/lib/action.js index f5a6e3d..71a8316 100644 --- a/lib/action.js +++ b/lib/action.js @@ -120,7 +120,7 @@ var configContent = { const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -const gdnConfigFilePath = path.resolve(path.join(actionDirectory, 'roslynanalyzers.gdnconfig')); +const gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); } diff --git a/src/action.ts b/src/action.ts index 8ec536b..2c7b4a1 100644 --- a/src/action.ts +++ b/src/action.ts @@ -120,7 +120,7 @@ const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -const gdnConfigFilePath = path.resolve(path.join(actionDirectory, 'roslynanalyzers.gdnconfig')); +const gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); try { fs.writeFileSync(gdnConfigFilePath, data); From f18384b7bb696ecd936ec8147e9b1d0b0d9e5a2b Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 15:54:10 -0800 Subject: [PATCH 17/30] Sample --- sample/ClassLibrary1/Class1.cs | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/sample/ClassLibrary1/Class1.cs b/sample/ClassLibrary1/Class1.cs index 409c76b..f490603 100644 --- a/sample/ClassLibrary1/Class1.cs +++ b/sample/ClassLibrary1/Class1.cs @@ -1,12 +1,22 @@ using System; +using System.Security.Cryptography; +using System.Text; namespace ClassLibrary1 { public class Class1 { - private int f; - void M() + public void M() { + Console.WriteLine("Hello World!"); + + Console.WriteLine("Console App"); + MD5 md5 = MD5.Create(); + + string contents = "Super secure data."; + byte[] contentBytes = UTF8Encoding.UTF8.GetBytes(contents); + + byte[] hash = md5.ComputeHash(contentBytes); } } -} +} \ No newline at end of file From 5b5d04d8969ea37ab164cb1017a8c0799aae7fc2 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 16:28:34 -0800 Subject: [PATCH 18/30] Fixes --- lib/action.js | 4 +++- src/action.ts | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/action.js b/lib/action.js index 71a8316..9342310 100644 --- a/lib/action.js +++ b/lib/action.js @@ -120,7 +120,9 @@ var configContent = { const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -const gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +core.info(data); +let gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +core.debug(`gdnConfigFilePath = ${gdnConfigFilePath}`); try { fs.writeFileSync(gdnConfigFilePath, data); } diff --git a/src/action.ts b/src/action.ts index 2c7b4a1..28d53dd 100644 --- a/src/action.ts +++ b/src/action.ts @@ -120,7 +120,11 @@ const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -const gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +core.info(data); + +let gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +core.debug(`gdnConfigFilePath = ${gdnConfigFilePath}`); + try { fs.writeFileSync(gdnConfigFilePath, data); From 98647a5092a699f0a3aed6117f3e3515ec2b857b Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 16:37:12 -0800 Subject: [PATCH 19/30] Fixes --- lib/action.js | 5 +++-- src/action.ts | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/action.js b/lib/action.js index 9342310..c4920e6 100644 --- a/lib/action.js +++ b/lib/action.js @@ -120,11 +120,12 @@ var configContent = { const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -core.info(data); -let gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +let gdnConfigFilePath = path.join(actionDirectory, '../', 'roslynanalyzers.gdnconfig'); core.debug(`gdnConfigFilePath = ${gdnConfigFilePath}`); try { fs.writeFileSync(gdnConfigFilePath, data); + data = fs.readFileSync(gdnConfigFilePath, "utf"); + core.info(data); } catch (err) { throw Error(err); diff --git a/src/action.ts b/src/action.ts index 28d53dd..60ac9e1 100644 --- a/src/action.ts +++ b/src/action.ts @@ -120,14 +120,15 @@ const actionDirectory = path.resolve(__dirname); core.debug(`actionDirectory = ${actionDirectory}`); let data = JSON.stringify(configContent); -core.info(data); -let gdnConfigFilePath = path.join(actionDirectory, 'roslynanalyzers.gdnconfig'); +let gdnConfigFilePath = path.join(actionDirectory, '../', 'roslynanalyzers.gdnconfig'); core.debug(`gdnConfigFilePath = ${gdnConfigFilePath}`); try { fs.writeFileSync(gdnConfigFilePath, data); + data = fs.readFileSync(gdnConfigFilePath, "utf"); + core.info(data); } catch(err) { From b7cc458335413a7ada9f5bf4a02389f955241e3a Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 16:38:53 -0800 Subject: [PATCH 20/30] Fixes --- lib/action.js | 2 +- src/action.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/action.js b/lib/action.js index c4920e6..b76115a 100644 --- a/lib/action.js +++ b/lib/action.js @@ -124,7 +124,7 @@ let gdnConfigFilePath = path.join(actionDirectory, '../', 'roslynanalyzers.gdnco core.debug(`gdnConfigFilePath = ${gdnConfigFilePath}`); try { fs.writeFileSync(gdnConfigFilePath, data); - data = fs.readFileSync(gdnConfigFilePath, "utf"); + data = fs.readFileSync(gdnConfigFilePath, "utf8"); core.info(data); } catch (err) { diff --git a/src/action.ts b/src/action.ts index 60ac9e1..5d0b05e 100644 --- a/src/action.ts +++ b/src/action.ts @@ -127,7 +127,7 @@ core.debug(`gdnConfigFilePath = ${gdnConfigFilePath}`); try { fs.writeFileSync(gdnConfigFilePath, data); - data = fs.readFileSync(gdnConfigFilePath, "utf"); + data = fs.readFileSync(gdnConfigFilePath, "utf8"); core.info(data); } catch(err) From 4f3b7428ea292425f0fd3faf0cc09940b77c2944 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 16:40:41 -0800 Subject: [PATCH 21/30] Temp config --- roslynanalyzers.gdnconfig | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roslynanalyzers.gdnconfig diff --git a/roslynanalyzers.gdnconfig b/roslynanalyzers.gdnconfig new file mode 100644 index 0000000..e69de29 From 851930933fb24add330d59db325ca1b53b791c8e Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 22 Jan 2021 16:42:52 -0800 Subject: [PATCH 22/30] Fixes --- lib/action.js | 3 ++- roslynanalyzers.gdnconfig | 0 src/action.ts | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) delete mode 100644 roslynanalyzers.gdnconfig diff --git a/lib/action.js b/lib/action.js index b76115a..360d293 100644 --- a/lib/action.js +++ b/lib/action.js @@ -139,9 +139,10 @@ core.debug(`policyFilePath = ${policyFilePath}`); args.push('--policy-file-path'); args.push(policyFilePath); action.run(args); +/* try { fs.unlinkSync(gdnConfigFilePath); } catch (err) { console.error(err); -} +}*/ diff --git a/roslynanalyzers.gdnconfig b/roslynanalyzers.gdnconfig deleted file mode 100644 index e69de29..0000000 diff --git a/src/action.ts b/src/action.ts index 5d0b05e..0bbd2d4 100644 --- a/src/action.ts +++ b/src/action.ts @@ -148,7 +148,7 @@ args.push(policyFilePath); action.run(args); - +/* try { fs.unlinkSync(gdnConfigFilePath); @@ -157,3 +157,4 @@ catch(err) { console.error(err) } +*/ \ No newline at end of file From c2e5731ff0a1c25422114f2d8ebf8f20ce96e1bc Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Mon, 25 Jan 2021 09:46:36 -0800 Subject: [PATCH 23/30] Update src/action.ts --- src/action.ts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/action.ts b/src/action.ts index 0bbd2d4..28bdfc9 100644 --- a/src/action.ts +++ b/src/action.ts @@ -147,14 +147,3 @@ args.push('--policy-file-path'); args.push(policyFilePath); action.run(args); - -/* -try -{ - fs.unlinkSync(gdnConfigFilePath); -} -catch(err) -{ - console.error(err) -} -*/ \ No newline at end of file From a5b85366b73138468db02b295c4291f255db39f6 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 14:18:22 -0800 Subject: [PATCH 24/30] Update .github/workflows/on-push-verification.yml --- .github/workflows/on-push-verification.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 1fe34da..552c9e9 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -31,4 +31,4 @@ jobs: uses: ./ id: dotnet-analyzers with: - projects: ./samples/ClassLibrary1.sln + projects: /github/workspace/samples/ClassLibrary1.sln From aae06f9a2f6290e1f244957a3eb676e3b3030fff Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 15:22:02 -0800 Subject: [PATCH 25/30] Update .github/workflows/on-push-verification.yml --- .github/workflows/on-push-verification.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 552c9e9..f063447 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -31,4 +31,4 @@ jobs: uses: ./ id: dotnet-analyzers with: - projects: /github/workspace/samples/ClassLibrary1.sln + projects: .\samples\ClassLibrary1.sln From 3bce56814afd9e606d502e56ed307ffc82e521f9 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 16:06:08 -0800 Subject: [PATCH 26/30] Update .github/workflows/on-push-verification.yml --- .github/workflows/on-push-verification.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index f063447..09d6320 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -12,6 +12,11 @@ jobs: # ubuntu-latest and macos-latest supporting coming soon runs-on: windows-latest + # default working directory to the current directory + defaults: + run: + working-directory: . + steps: # Checkout your code repository to scan From 034fca2013296efdd7ef810cd7ccf00e67386e97 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 16:24:17 -0800 Subject: [PATCH 27/30] Try fix --- lib/action.js | 10 +++------- src/action.ts | 7 +++++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/action.js b/lib/action.js index 360d293..416d5c4 100644 --- a/lib/action.js +++ b/lib/action.js @@ -84,6 +84,9 @@ projects.split(";").forEach(function (project) { buildCommandLines += " ; "; first = false; } + if (!path.isAbsolute(project)) { + project = `$(Folders.SourceRepo)\\${project}`; + } buildCommandLines += `msbuild.exe ${analysisArgs}${project}`; }); var configContent = { @@ -139,10 +142,3 @@ core.debug(`policyFilePath = ${policyFilePath}`); args.push('--policy-file-path'); args.push(policyFilePath); action.run(args); -/* -try { - fs.unlinkSync(gdnConfigFilePath); -} -catch (err) { - console.error(err); -}*/ diff --git a/src/action.ts b/src/action.ts index 28bdfc9..8fe1a4c 100644 --- a/src/action.ts +++ b/src/action.ts @@ -81,6 +81,13 @@ projects.split(";").forEach(function (project) { buildCommandLines += " ; "; first = false; } + + if (!path.isAbsolute(project)) + { + project = `$(Folders.SourceRepo)\\${project}`; + + } + buildCommandLines +=`msbuild.exe ${analysisArgs}${project}`; }); From 8dfd6b53c868e2281e13785adc922e5275661f48 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 16:38:48 -0800 Subject: [PATCH 28/30] Update .github/workflows/on-push-verification.yml --- .github/workflows/on-push-verification.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 09d6320..75a395b 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -36,4 +36,4 @@ jobs: uses: ./ id: dotnet-analyzers with: - projects: .\samples\ClassLibrary1.sln + projects: samples\ClassLibrary1.sln From 540902a8e757df9c4fb17798151dae832a39c180 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 16:44:50 -0800 Subject: [PATCH 29/30] Update .github/workflows/on-push-verification.yml --- .github/workflows/on-push-verification.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 75a395b..510a17c 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -12,11 +12,6 @@ jobs: # ubuntu-latest and macos-latest supporting coming soon runs-on: windows-latest - # default working directory to the current directory - defaults: - run: - working-directory: . - steps: # Checkout your code repository to scan From 9cf7b9fcd390ca8930b9ebbb24db930f6bc26fad Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Fri, 5 Feb 2021 16:45:54 -0800 Subject: [PATCH 30/30] Update .github/workflows/on-push-verification.yml --- .github/workflows/on-push-verification.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 510a17c..28c142b 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -31,4 +31,4 @@ jobs: uses: ./ id: dotnet-analyzers with: - projects: samples\ClassLibrary1.sln + projects: sample\ClassLibrary1.sln