Add all the parameters and generalize usage

jmservera · jmservera · commit 648230dfe85b · 2022-10-20T09:40:36.000+02:00
diff --git a/action.yml b/action.yml
@@ -8,16 +8,47 @@ inputs:
     description: 'SpotBugs version to use.'
     default: 'latest'
     required: false  
+  packages:
+    description: >
+      Comma separated list of packages to scan. It will fill the 
+      -onlyAnalyze parameter in spotbugs. It can contain the wildcards '*' and
+      '-': com.example.* for single package or com.example.- for all
+      subpackages.
+
+      If not specified, it will scan all packages.
+      See more: https://spotbugs.readthedocs.io/en/stable/running.html#text-ui-options
+    required: false
   arguments:
-    description: 'Command arguments to be sent to SpotBugs'
-    required: true
-    default: ''
+    description: >
+      A string with any additional command arguments to be sent to spotbugs.
+      See more: https://spotbugs.readthedocs.io/en/stable/running.html#text-ui-options
+    required: false
   output:
-    description: 'Output file name'
-    required: true
+    description: >
+      The output filename. If not specified, it will use the default name
+      'results.EXTENSION'
   target:
-    description: 'Target of what you want to analyze'
-    required: true    
+    description: >
+      Target of what you want to analyze. It can be a file or a directory, it
+      is usually the ./target folder where you compiled your project.      
+    required: false
+  outputType:
+    description: >
+      Output type for the report. It can be 'xml', 'html', 'sarif', 'emacs'
+      or 'xdocs'. Default value is 'sarif' as it is the used by GitHub Advanced
+      Security.
+    default: 'sarif'
+    required: true
+  dependenciesPath:
+    description: >
+      Path to the dependencies folder. For Maven it is usually stored in the
+      '~/.m2'  folder.
+    required: false
+  basePath:
+    description: >
+      The basePath is used as a prefix in the sarif file to help GitHub find the
+      right file of the issue. It is tipically something like 'src/main/java'.
+    required: false
 runs:
   using: "composite"
   steps: 
@@ -26,6 +57,10 @@ runs:
       shell: bash
       env:
         SPOTBUGS_VERSION: ${{ inputs.spotbugs-version }}
+        PACKAGES: ${{ inputs.packages }}
         OUTPUT: ${{ inputs.output }}
+        OUTPUT_TYPE: ${{ inputs.outputType }}
         ARGUMENTS: ${{ inputs.arguments }}  
-        TARGET: ${{ inputs.target }}
+        TARGET: ${{ inputs.target }}
+        DEPENDENCIES_PATH: ${{ inputs.dependenciesPath }}
+        BASE_PATH: ${{ inputs.basePath }}
diff --git a/analyze.sh b/analyze.sh
@@ -4,8 +4,8 @@
 # PACKAGES="com.example.demo.-"
 # source path to prepend to the class path
 # BASEPATH="src/main/java"
-# DEPENDENCYPATH="~/.m2"
-
+# DEPENDENCIES_PATH="~/.m2"
+# OUTPUT_TYPE="sarif"
 
 # Check whether to use latest version of PMD
 if [ "$SPOTBUGS_VERSION" == 'latest' ] || [ "$SPOTBUGS_VERSION" == "" ]; then
@@ -34,20 +34,54 @@ fi
 
 CMD="$CMD -quiet -effort:max -low -noClassOk"
 
-if [ "$SARIF" == "true" ]; then
-    CMD="$CMD -sarif:withMessages=./resultspre.sarif"
-fi
-
-if [ "$DEPENDENCYPATH" != "" ]; then
-    find "$DEPENDENCYPATH" -name "*.jar" -type f > /tmp/jardependencies.txt
+case $OUTPUT_TYPE in
+    "xml")
+        if [ "$OUTPUT" == "" ]; then
+            OUTPUT="results.xml"
+        fi
+        CMD="$CMD -xml:withMessages=./$OUTPUT"
+        ;;
+    "html")
+        if [ "$OUTPUT" == "" ]; then
+            OUTPUT="results.html"
+        fi
+        CMD="$CMD -html:withMessages=./$OUTPUT"
+        ;;
+    "emacs")
+        if [ "$OUTPUT" == "" ]; then
+            OUTPUT="results.emacs"
+        fi
+        CMD="$CMD -emacs:withMessages=./$OUTPUT"
+        ;;
+    "xdocs")
+        if [ "$OUTPUT" == "" ]; then
+            OUTPUT="results.xdocs"
+        fi
+        CMD="$CMD -xdoc:withMessages=./$OUTPUT"
+        ;;
+    *)
+        OUTPUT_TYPE="sarif"
+        if [ "$OUTPUT" == "" ]; then
+            OUTPUT="results.sarif"
+        fi
+        CMD="$CMD -sarif:withMessages=./resultspre.sarif"
+        ;;
+esac
+
+if [ "$DEPENDENCIES_PATH" != "" ]; then
+    find "$DEPENDENCIES_PATH" -name "*.jar" -type f > /tmp/jardependencies.txt
     CMD="$CMD -auxclasspathFromFile /tmp/jardependencies.txt"
 fi
 
-if [ "$BASEPATH" != "" ]; then
-    if [[ "$BASEPATH" != */ ]]; then
-        BASEPATH="$BASEPATH/"
+if [ "$BASE_PATH" != "" ]; then
+    if [[ "$BASE_PATH" != */ ]]; then
+        BASEPATH="$BASE_PATH/"
     fi
-    CMD="$CMD -sourcepath ${BASEPATH}"
+    CMD="$CMD -sourcepath ${BASE_PATH}"
+fi
+
+if [ "$ARGUMENTS" != ""]; then
+    CMD="$CMD ${ARGUMENTS}"
 fi
 
 if [ "$TARGET" != "" ]; then
@@ -60,8 +94,8 @@ echo "Running SpotBugs with command: $CMD"
 
 eval ${CMD}
 
-if [ "$SARIF" == "true" ] && [ "$BASEPATH" != "" ]; then
+if [ "$OUTPUT_TYPE" == "sarif" ] && [ "$BASE_PATH" != "" ]; then
     # prepend the pyhsical path
-    jq -c "(.runs[].results[].locations[].physicalLocation.artifactLocation.uri) |=\"$BASEPATH\"+." resultspre.sarif > results.sarif
+    jq -c "(.runs[].results[].locations[].physicalLocation.artifactLocation.uri) |=\"$BASEPATH\"+." resultspre.sarif > "$OUTPUT"
 fi
 
