diff --git a/.gitattributes b/.gitattributes index 9073910f..2170adcd 100644 --- a/.gitattributes +++ b/.gitattributes @@ -24,7 +24,6 @@ js/test/ export-ignore .styleci.yml export-ignore .travis.yml export-ignore .vscode export-ignore -codacy-analysis.yml export-ignore crowdin.yml export-ignore BADGES.md export-ignore CODE_OF_CONDUCT.md export-ignore diff --git a/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml similarity index 72% rename from codacy-analysis.yml rename to .github/workflows/codacy-analysis.yml index 31d065cd..920224d3 100644 --- a/codacy-analysis.yml +++ b/.github/workflows/codacy-analysis.yml @@ -24,26 +24,30 @@ jobs: steps: # Checkout the repository to the GitHub Actions runner - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 + + - name: Remove folders causing errors in report + run: rm -rf doc img *.md # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@1.1.0 + uses: codacy/codacy-analysis-cli-action@v4 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} - verbose: true - output: results.sarif - format: sarif + # verbose: true + # output: results.sarif + # format: sarif # Adjust severity of non-security issues - gh-code-scanning-compat: true + # gh-code-scanning-compat: true # Force 0 exit code to allow SARIF file generation # This will handover control about PR rejection to the GitHub side - max-allowed-issues: 2147483647 + # max-allowed-issues: 2147483647 # Upload the SARIF file generated in the previous step - - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: results.sarif + # disabled due to: https://github.com/codacy/codacy-analysis-cli-action/issues/142 + #- name: Upload SARIF results file + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: results.sarif diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 25c8d787..b212c2a3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,8 +26,8 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'javascript' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + language: [ 'actions', 'javascript' ] + # CodeQL supports [ 'actions', 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed @@ -37,7 +37,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -46,4 +46,4 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 851211f2..e48dfa08 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -30,6 +30,6 @@ jobs: with: args: --sarif-file-output=snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: snyk.sarif