-
Notifications
You must be signed in to change notification settings - Fork 26
/
action.yml
101 lines (90 loc) · 3.83 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: PMD
description: Execute PMD static code analysis.
author: PMD
inputs:
token:
description: >-
Personal access token (PAT) used to query the latest PMD release via
api.github.com and to determine the modified files of a push/pull request
(see option "analyzeModifiedFilesOnly").
By default the automatic token for GitHub Actions is used.
If this action is used in GHES environment (e.g. the baseUrl is not
"api.github.com"), then the token is only used for querying the modified
files of a push/pull request. The token won't be used to query the latest
PMD release.
[Learn more about automatic token
authentication](https://docs.github.com/en/actions/security-guides/automatic-token-authentication)
[Learn more about creating and using encrypted
secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
required: false
default: ${{ github.token }}
version:
description: >-
PMD version to use. Using "latest" automatically downloads the latest
version.
Available versions: <https://github.com/pmd/pmd/releases>
Note: Only PMD 6.31.0 and later is supported due to required support for
[Sarif report
format](https://pmd.github.io/latest/pmd_userdocs_report_formats.html#sarif).
required: false
default: latest
downloadUrl:
description: >-
Manually specify the download URL from where the PMD binary distribution
will be downloaded. By default, this parameter is empty and the download
URL is automatically determined by querying the PMD releases at
<https://github.com/pmd/pmd/releases>.
This can be used to test PMD versions that are not official releases.
If a downloadUrl is specified, then the version must not be "latest". You
need to specify a concrete version. The downloaded PMD won't be cached and
will always be downloaded again.
required: false
default: ''
sourcePath:
description: Root directory for sources
required: false
default: .
rulesets:
description: Comma separated list of ruleset names to use
required: true
analyzeModifiedFilesOnly:
description: >-
Instead of analyze all files under "sourcePath", only the files that have
been touched in a pull request or push will be analyzed. This makes the
analysis faster and helps especially bigger projects which gradually want
to introduce PMD. This helps in enforcing that no new code violation is
introduced.
Depending on the analyzed language, the results might be less accurate
results. At the moment, this is not a problem, as PMD mostly analyzes each
file individually, but that might change in the future.
If the change is very big, not all files might be analyzed. Currently the
maximum number of modified files is 300.
Note: When using PMD as a code scanner in order to create "Code scanning
alerts" on GitHub, all files should be analyzed in order to produce a
complete picture of the project. Otherwise alerts might get closed too
soon.
required: false
default: 'true'
createGitHubAnnotations:
description: >-
By default, all detected violations are added as annotations to the pull
request. You can disable this by setting FALSE. This can be useful if you
are using another tool for this purpose.
required: false
default: 'true'
uploadSarifReport:
description: >-
By default, the generated SARIF report will be uploaded as an artifact
named "PMD Report". This can be disabled, e.g. if there are multiple
executions on multiple os of this action.
required: false
default: 'true'
outputs:
violations:
description: Number of violations found
runs:
using: node20
main: dist/index.js
branding:
icon: code
color: white