Header menu logo FSharp.Analyzers.SDK

Running analyzers during continuous integration

Similar to unit tests and code formatting, analyzers are a tool you want to enforce when modifying a code repository.
Especially, in the context of a team, you want to ensure everybody is adhering to the warnings produced by analyzers.

Command line options

Use the --report command line argument to produce a sarif report json.
Most CI/CD systems should be able to process this afterwards to capture the reported information by the analyzers.

Example usage:

dotnet fsharp-analyzers /
  --project MyProject.fsproj /
  --analyzers-path ./MyFolderWithAnalyzers /
  --report ./analysis.sarif

Code root

Use the --code-root flag to specify the root directory where all reported problems should be relative to. Typically, this should correspond to your source control (git) repository. Some tooling may require this setting to be accurate for easy navigation to the reported problems.

Example when using MSBuild:

    <FSharpAnalyzersOtherFlags>--analyzers-path &quot;$(PkgG-Research_FSharp_Analyzers)/analyzers/dotnet/fs&quot;</FSharpAnalyzersOtherFlags>
    <FSharpAnalyzersOtherFlags>$(FSharpAnalyzersOtherFlags) --code-root &quot;$(CodeRoot)&quot;</FSharpAnalyzersOtherFlags>
    <FSharpAnalyzersOtherFlags>$(FSharpAnalyzersOtherFlags) --report &quot;$(SarifOutput)$(MSBuildProjectName)-$(TargetFramework).sarif&quot;</FSharpAnalyzersOtherFlags>

GitHub Actions

If you are using GitHub Actions you can easily send the sarif file to CodeQL.

    - name: Run Analyzers
      run: dotnet msbuild /t:AnalyzeFSharpProject /p:Configuration=Release
      # This is important, you want to continue your Action even if you found problems.
      # As you always want the report to upload
      continue-on-error: true

    # checkout code, build, run analyzers, ...
    - name: Upload SARIF file
      uses: github/codeql-action/upload-sarif@v2
        # You can also specify the path to a folder for `sarif_file`
        sarif_file: analysis.sarif

You might need to give workflows in your repository the Read and write permissions for the sarif upload to succeed.
Go to Settings -> Actions -> General and check the Workflow permissions section.



See fsproject/fantomas#2962 for more information.


Type something to start searching.