Light

martinwitt / infer-train Goto Github PK

View Code? Open in Web Editor NEW

3.0 2.0 0.0 538 KB

A github action to run infer for java code

License: MIT License

Java 98.47% Dockerfile 1.53%

github-action github-action-docker java quarkus static-analyzer

infer-train's Introduction

Infer-java-Action

This action runs the infer static analyzer on a Java project. The infer static analyzer is a tool for Java, C and Objective-C, see https://fbinfer.com/.

Usage

run-infer:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
            fetch-depth: 0
      - name : run infer action
        uses: docker://ghcr.io/martinwitt/infer-train:master
        with:
            build-command: "gradle compileJava"
            use-annotations: "true"

Options:

build-command (required): The command to build the project.
use-annotations (optional): Whether to use the GitHub PR annotations. Default: false
pr-mode (optional): Whether to run infer in PR mode. Default: false

Motivation

The infer team sadly does not provide a docker image for Infer. This action is a workaround to run infer in a GitHub action. Also, it was a great learning experience for me to write a GitHub action.

infer-train's People

Contributors

Stargazers

Watchers

infer-train's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

fix(deps): update dependency io.quarkus.platform:quarkus-bom to v3.11.1

Detected dependencies

dockerfile

src/main/docker/Dockerfile

src/main/docker/Dockerfile.native

github-actions

.github/workflows/ci.yml

actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29

actions/setup-java v4

.github/workflows/dev-branch.yml

styfle/cancel-workflow-action 0.12.1

actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29

gradle/gradle-build-action v3

actions/setup-java v4

sigstore/cosign-installer b49ef6b125b98c2708965eeb167d89e86aa73ef6

docker/setup-buildx-action 5138f76647652447004da686b2411557eaf65f33

docker/login-action 0d4c9c5ea7693da7b068278f7b52bda2a190a446

docker/metadata-action f7b4ed12385588c3f9bc252f0a2b520d83b52d48

docker/build-push-action ca052bb54ab0790a636c9b5f226502c73d547a25

actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29

.github/workflows/docker-publish.yml

actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29

gradle/gradle-build-action v3

actions/setup-java v4

sigstore/cosign-installer b49ef6b125b98c2708965eeb167d89e86aa73ef6

docker/setup-buildx-action 5138f76647652447004da686b2411557eaf65f33

docker/login-action 0d4c9c5ea7693da7b068278f7b52bda2a190a446

docker/metadata-action f7b4ed12385588c3f9bc252f0a2b520d83b52d48

docker/build-push-action ca052bb54ab0790a636c9b5f226502c73d547a25

actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29

gradle

gradle.properties

io.quarkus.platform:quarkus-bom 3.8.3

settings.gradle

build.gradle

com.diffplug.spotless 6.25.0

org.buildobjects:jproc 2.8.2

com.contrastsecurity:java-sarif 2.0

gradle-wrapper

gradle/wrapper/gradle-wrapper.properties

gradle 8.8

Check this box to trigger a request for Renovate to run again on this repository

Upload sarif to GitHub Security Dashboard

Since you parse the sarif file, you could instead upload it to codeql-action/upload-sarif rather than use annotations or a job summary, which may be missed.

I gave this action a try and it said no issues found, which seems fishy since analyzers are full of false positives. Oh, and I used ./gradlew ... since gradle ... would use this project's version which could be incompatible.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.