Improvement about JUnit output

[GridexX]

Hello @nvuillam,
I'm an apprentice DevOps working for r2devops and I'm currently improving the Megalinter job.
The execution time could be decrease by render another output format than TAP. SARIF seems to be a good alternative.

Nevertheless some linters such as prettier and CSS or HTML linters are not compatible with this format, as described in the documentation.

Moreover, we must keep the JUnit output format for GitLab and there aren't npm package yet to convert from SARIF to JUnit as the one used here for converting from TAP to JUnit.

Have you any idea on how to keep the JUnit output without without converting from Tap

Thanks a lot 😄

[nvuillam]

Hi @GridexX ,

I posted on Gitlab to see if they have some ideas... there is probably a more "SAST" way than JUnit to provide results to Gitlab, because JUnit seems to be for test classes

About linters that do not manage SARIF yet... we have to find converters, or just say it's ok to not have them in results (for formatters like prettier, I don't think there is a lot of value to show the errors in Gitlab UI )

https://gitlab.com/gitlab-org/gitlab/-/issues/118496#note_1088263958

[nvuillam]

@GridexX it seems gitlab can handle a json format to accept SAST results (could be code climate format)

https://docs.gitlab.com/ee/ci/testing/code_quality.html

Code quality report widget: https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality

If you implement a sarif-to-gitlab script (json to json) , that will do the job :)

[nvuillam]

@GridexX that's great, the sooner you start in open-source, the sooner your carreer progresses :)

But where the hell is MegaLinter in your repo ? 😇 https://github.com/GridexX/sarif-codeclimate

Also: would it be possible to even improve perfs to take SARIF as stdin then output CodeClimate as stdout ? :)

So we could do some call like cat myFile.sarif | sarif-codeclimate -

[GridexX]

Hehe, I made a good start by working at Go2Scale !

Ow my bad about MegaLinter, I will wrote a section about it and how it is used inside the GitLab jobs 👍

For the perfs, the output argument is optionnal, so there is already an output as stdout. I will check how to retrieve the SARIF as stdin. Moreover, for changes, I need to update the version of the package and want to have a release tab just like this one :

How can I achieve that ? Is it related to a CHANGELOG file ?

[Kurt-von-Laven]

No, you just click on "Releases" and then "Draft a new release."

[nvuillam]

@GridexX I was talking about using MegaLinter in your repo, so you insure the code is clean ;)

[nvuillam]

If you want you can automate the publishing of :

• beta version when you merge in main branch
• release when you create a new tag and create a github release

You can have a look at the workflows in this repo, you can probably be almost a copy-paste ;)

https://github.com/nvuillam/node-sarif-builder/tree/main/.github/workflows

[GridexX]

By the way I also wrote the sarif-junit converter, even if it's the less SAST and a bit useless but is always display. As described here, the CodeClimate report only show in case of a comparison between the main and a feature branch.
With this new converter, the user will see everytime a report on the MR.

If you could review it, it would be awesome, you are giving good advices and have more experience than me 😄

[nvuillam]

If you want you can ask MegaLinter to have a look by installing the job, then ask us to check what MegaLinter will have not found :)