Running analyzers during continuous integration
Similar to unit tests and code formatting, analyzers are a tool you want to enforce when modifying a code repository.
Especially, in the context of a team, you want to ensure everybody is adhering to the warnings produced by analyzers.
Command line options
Use the --report
command line argument to produce a sarif report json.
Most CI/CD systems should be able to process this afterwards to capture the reported information by the analyzers.
Example usage:
|
Code root
Use the --code-root
flag to specify the root directory where all reported problems should be relative to.
Typically, this should correspond to your source control (git) repository. Some tooling may require this setting to be accurate for easy navigation to the reported problems.
Example when using MSBuild:
|
GitHub Actions
GitHub Advanced Security
If you are using GitHub Actions you can easily send the sarif file to CodeQL.
|
You might need to give workflows in your repository the Read and write permissions
for the sarif upload to succeed.
Go to Settings
-> Actions
-> General
and check the Workflow permissions
section.
Sample:
See fsproject/fantomas#2962 for more information.
Github Workflow Commands
If you cannot use GitHub Advanced Security (e.g. if your repository is private), you can get similar annotations by running the analyzers with --output-format github
.
This will make the analyzers print their results as GitHub Workflow Commands.
If you for instance have a GitHub Action to run analyzers on every pull request, these annotations will show up in the "Files changed" on the pull request.
If the annotations don't show correctly, you might need to set the code-root
to the root of the repository.
Note that GitHub has a hard limit of 10 annotations of each type (notice, warning, error) per CI step. This means that only the first 10 errors, the first 10 warnings and the first 10 hints/info results from analyzers will generate annotations. The workflow log will contain all analyzer results even if a job hits the annotation limits.