forked from abirismyname/spotbugs-github-action
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathanalyze.sh
More file actions
executable file
·112 lines (93 loc) · 3.13 KB
/
analyze.sh
File metadata and controls
executable file
·112 lines (93 loc) · 3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/bash
# set com.example.demo and all chid packages (.- means all children, .* this package only)
# PACKAGES="com.example.demo.-"
# source path to prepend to the class path
# BASEPATH="src/main/java"
# DEPENDENCIES_PATH="~/.m2"
# OUTPUT_TYPE="sarif"
# Check whether to use latest version of PMD
if [ "$SPOTBUGS_VERSION" == 'latest' ] || [ "$SPOTBUGS_VERSION" == "" ]; then
LATEST_TAG="$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/spotbugs/spotbugs/releases/latest | jq --raw-output '.tag_name')"
SPOTBUGS_VERSION=$LATEST_TAG
fi
# Download SpotBugs
wget -q -N https://github.com/spotbugs/spotbugs/releases/download/"${SPOTBUGS_VERSION}"/spotbugs-"${SPOTBUGS_VERSION}".zip
unzip -q -o spotbugs-"${SPOTBUGS_VERSION}".zip
# Run SpotBugs
SPOTBUGS_HOME=spotbugs-"${SPOTBUGS_VERSION}"
SPOTBUGS=${SPOTBUGS_HOME}/bin/spotbugs
#sh $SPOTBUGS -textui -output "${OUTPUT}" "${ARGUMENTS}" "${TARGET}"
# Take care of parameter order, sometimes does not work if you change it
CMD="java -Xmx1900M -Dlog4j2.formatMsgNoLookups=true \
-jar ${SPOTBUGS_HOME}/lib/spotbugs.jar -textui "
if [ "$PACKAGES" != "" ]; then
CMD="$CMD -onlyAnalyze ${PACKAGES}"
fi
CMD="$CMD -quiet -effort:max -low -noClassOk"
case $OUTPUT_TYPE in
"xml")
if [ "$OUTPUT" == "" ]; then
OUTPUT="results.xml"
fi
CMD="$CMD -xml:withMessages=./$OUTPUT"
;;
"html")
if [ "$OUTPUT" == "" ]; then
OUTPUT="results.html"
fi
CMD="$CMD -html:withMessages=./$OUTPUT"
;;
"emacs")
if [ "$OUTPUT" == "" ]; then
OUTPUT="results.emacs"
fi
CMD="$CMD -emacs:withMessages=./$OUTPUT"
;;
"xdocs")
if [ "$OUTPUT" == "" ]; then
OUTPUT="results.xdocs"
fi
CMD="$CMD -xdoc:withMessages=./$OUTPUT"
;;
*)
OUTPUT_TYPE="sarif"
if [ "$OUTPUT" == "" ]; then
OUTPUT="results.sarif"
fi
CMD="$CMD -sarif:withMessages=./resultspre.sarif"
;;
esac
if [ "$DEPENDENCIES_PATH" != "" ]; then
DEP_CMD="find ${DEPENDENCIES_PATH} -name \"*.jar\" -type f > /tmp/jardependencies.txt"
echo "Scanning jars with: ${DEP_CMD}"
eval ${DEP_CMD}
CMD="$CMD -auxclasspathFromFile /tmp/jardependencies.txt"
echo "Found dependencies: "
cat /tmp/jardependencies.txt
fi
if [ "$PROGRESS" == "true"]; then
CMD="$CMD -progress"
fi
if [ "$BASE_PATH" != "" ]; then
if [[ "$BASE_PATH" != */ ]]; then
BASE_PATH="$BASE_PATH/"
fi
# using sourcepath does not work for GitHub's sarif parser
# but keeping there just in case
CMD="$CMD -sourcepath ${BASE_PATH}"
fi
if [ "$ARGUMENTS" != "" ]; then
CMD="$CMD ${ARGUMENTS}"
fi
if [ "$TARGET" != "" ]; then
CMD="$CMD ${TARGET}"
else
CMD="$CMD ."
fi
echo "Running SpotBugs with command: $CMD"
eval ${CMD}
if [ "$OUTPUT_TYPE" == "sarif" ] && [ "$BASE_PATH" != "" ]; then
# prepend the pyhsical path
echo "Transform sarif file to include the physical path"
jq -c "(.runs[].results[].locations[].physicalLocation.artifactLocation.uri) |=\"$BASE_PATH\"+." resultspre.sarif > "$OUTPUT"
fi