Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: adoption of sfdx-scan-pull-request by mitch spano #6

Merged
merged 9 commits into from
Mar 1, 2024
Merged

ci: adoption of sfdx-scan-pull-request by mitch spano #6

merged 9 commits into from
Mar 1, 2024

Conversation

mmoyaferrer
Copy link
Contributor

  • Adoption of sfdx-scan-pull-request
  • Mock metadata changes happen in the pull request in order to verify the correct behavior in the validations action, these changes will be reverted before merge.

@mmoyaferrer
Copy link
Contributor Author

mmoyaferrer commented Feb 28, 2024
edited
Loading

Such a nice action @mitchspano, thank you for the open source and feedback to include it.
Quick question: Given that in our pmd ruleset we have custom rules, do we need to specify it using the custom-pmd-rules parameter?

@mmoyaferrer
Copy link
Contributor Author

mmoyaferrer commented Feb 28, 2024
edited
Loading

@hmayerhutte , @amtrack

What do you think about adding sfdx-scan-pull-request to the template?
In this Pull Request, I replaced our quality scans with the usage of this action, and I made some mock metadata changes to play with the action, notice that I will revert these changes before the merge of this Pull request (if you like the idea).

Also, do you prefer to configure the action to reflect the vulnerabilities as checks or comments? I personally find comments a more streamlined experience.

@mmoyaferrer mmoyaferrer marked this pull request as ready for review February 28, 2024 20:27
hmayerhutte
hmayerhutte approved these changes Feb 29, 2024
View reviewed changes
Copy link
Member

@hmayerhutte hmayerhutte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is extremely nice! I agree on comments being the more "natural" feedback, familiar from manual reviews

@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
@hutte-recipes hutte-recipes deleted a comment from github-actions bot Feb 29, 2024
github-actions[bot]
github-actions bot reviewed Feb 29, 2024
View reviewed changes
force-app/main/default/classes/Test_Greeter.cls Outdated
Comment on lines 5 to 6
System.assertEquals(Greeter.greet('John'), 'Hello John from Greeter');
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attribute Value
Engine pmd-custom
Category Best Practices
Rule ApexAssertionsShouldIncludeMessage
Severity 3
Type Error
Message 'System.assertEquals' should have 3 parameters.
File force-app/main/default/classes/Test_Greeter.cls

github-actions[bot]
github-actions bot reviewed Feb 29, 2024
View reviewed changes
force-app/main/default/classes/UglyUpdateCtrl.cls Outdated
Comment on lines 6 to 7
update account;
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attribute Value
Engine pmd-custom
Category Security
Rule ApexCRUDViolation
Severity 1
Type Error
Message Validate CRUD permission before SOQL/DML operation or enforce user mode
File force-app/main/default/classes/UglyUpdateCtrl.cls

github-actions[bot]
github-actions bot reviewed Feb 29, 2024
View reviewed changes
force-app/main/default/lwc/helloWorld/helloWorld.js Outdated
Comment on lines 8 to 9
document.getElementById("output").innerHTML = userInput;
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attribute Value
Engine eslint-custom
Category undefined
Rule @lwc/lwc/no-document-query
Severity 2
Type Error
Message Invalid usage of "getElementById". DOM query at the document level is forbidden.
File force-app/main/default/lwc/helloWorld/helloWorld.js

github-actions[bot]
github-actions bot reviewed Feb 29, 2024
View reviewed changes
force-app/main/default/lwc/helloWorld/helloWorld.js Outdated
Comment on lines 8 to 9
document.getElementById("output").innerHTML = userInput;
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attribute Value
Engine eslint-custom
Category undefined
Rule @lwc/lwc/no-inner-html
Severity 2
Type Error
Message Using 'innerHTML/outputHTML/insertAdjacentHTML' is not allowed
File force-app/main/default/lwc/helloWorld/helloWorld.js

@mmoyaferrer mmoyaferrer merged commit 623a83b into main Mar 1, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@hmayerhutte hmayerhutte hmayerhutte approved these changes

@amtrack amtrack amtrack approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmoyaferrer @amtrack @hmayerhutte