Light

martinwitt / infer-train Goto Github PK

View Code? Open in Web Editor NEW

3.0 2.0 0.0 530 KB

A github action to run infer for java code

License: MIT License

Java 98.47% Dockerfile 1.53%

github-action github-action-docker java quarkus static-analyzer

infer-train's Introduction

Infer-java-Action

This action runs the infer static analyzer on a Java project. The infer static analyzer is a tool for Java, C and Objective-C, see https://fbinfer.com/.

Usage

run-infer:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
            fetch-depth: 0
      - name : run infer action
        uses: docker://ghcr.io/martinwitt/infer-train:master
        with:
            build-command: "gradle compileJava"
            use-annotations: "true"

Options:

build-command (required): The command to build the project.
use-annotations (optional): Whether to use the GitHub PR annotations. Default: false
pr-mode (optional): Whether to run infer in PR mode. Default: false

Motivation

The infer team sadly does not provide a docker image for Infer. This action is a workaround to run infer in a GitHub action. Also, it was a great learning experience for me to write a GitHub action.

infer-train's People

Contributors

Stargazers

Watchers

infer-train's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Pending Branch Automerge

These updates await pending status checks before automerging. Click on a checkbox to abort the branch automerge, and create a PR instead.

chore(deps): update docker/build-push-action digest to eb539f4

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

fix(deps): update dependency io.quarkus.platform:quarkus-bom to v3.9.4

Detected dependencies

dockerfile

src/main/docker/Dockerfile

src/main/docker/Dockerfile.native

github-actions

.github/workflows/ci.yml

actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b

actions/setup-java v4

.github/workflows/dev-branch.yml

styfle/cancel-workflow-action 0.12.1

actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b

gradle/gradle-build-action v3

actions/setup-java v4

sigstore/cosign-installer 19351d009d6b451ccfef9ebbb5e31495dd176d24

docker/setup-buildx-action a530e948adbeb357dbca95a7f8845d385edf4438

docker/login-action 5f4866a30a54f16a52d2ecb4a3898e9e424939cf

docker/metadata-action 1294d94f8ee362ab42b6da04c35f4cd03a0e6af7

docker/build-push-action 7e6f77677b7892794c8852c6e3773c3e9bc3129a

actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b

.github/workflows/docker-publish.yml

actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b

gradle/gradle-build-action v3

actions/setup-java v4

sigstore/cosign-installer 19351d009d6b451ccfef9ebbb5e31495dd176d24

docker/setup-buildx-action a530e948adbeb357dbca95a7f8845d385edf4438

docker/login-action 5f4866a30a54f16a52d2ecb4a3898e9e424939cf

docker/metadata-action 1294d94f8ee362ab42b6da04c35f4cd03a0e6af7

docker/build-push-action 7e6f77677b7892794c8852c6e3773c3e9bc3129a

actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b

gradle

gradle.properties

io.quarkus.platform:quarkus-bom 3.8.3

settings.gradle

build.gradle

com.diffplug.spotless 6.25.0

org.buildobjects:jproc 2.8.2

com.contrastsecurity:java-sarif 2.0

gradle-wrapper

gradle/wrapper/gradle-wrapper.properties

gradle 8.7

Check this box to trigger a request for Renovate to run again on this repository

Upload sarif to GitHub Security Dashboard

Since you parse the sarif file, you could instead upload it to codeql-action/upload-sarif rather than use annotations or a job summary, which may be missed.

I gave this action a try and it said no issues found, which seems fishy since analyzers are full of false positives. Oh, and I used ./gradlew ... since gradle ... would use this project's version which could be incompatible.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.