d3a5cb6ef8
Disable unsupported ubuntu sample |
||
---|---|---|
.gdn | ||
.github/workflows | ||
lib | ||
node_modules | ||
policy | ||
sample | ||
src | ||
.gitignore | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md | ||
action.yml | ||
build.proj | ||
package-lock.json | ||
package.json | ||
tsconfig.json |
README.md
dotnet/code-analysis
Overview
This action runs the .NET code quality ("CAxxxx") and code style analyzers("IDExxxx") that ship with the .NET SDK.
Inputs
Mandatory Inputs
Name | Description |
---|---|
build-breaking |
Boolean value true or false indicating if code analysis violations should break the build. |
Optional Inputs
Analysis Target(s)
Inputs to select the set of projects and/or solutions to analyze. By default, the solution at the root of the repo would be analyzed.
Name | Description |
---|---|
solution |
Path to the solution to analyze. |
solutions |
One or more ; separated paths to the solutions to analyze. |
project |
Path to the project to analyze. |
projects |
One or more ; separated paths to the projects to analyze. |
Analysis Rules
Inputs to customize the buckets of analyzers that are executed, either based on category or for all categories. By default, we execute all the latest, minimum recommended analyzers for all categories.
Name | Applicable To | Default | Description |
---|---|---|---|
all-categories |
All 'CAxxxx' and 'IDExxxx' rules | latest-minimum |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
style |
'IDExxxx' code-style rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
design |
'CAxxxx' design rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
documentation |
'CAxxxx' documentation rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
globalization |
'CAxxxx' globalization rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
interoperability |
'CAxxxx' interoperability and portability rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
maintainability |
'CAxxxx' maintainability rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
naming |
'CAxxxx' naming rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
performance |
'CAxxxx' performance rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
reliability |
'CAxxxx' reliability rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
security |
'CAxxxx' security rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
usage |
'CAxxxx' usage rules | Value for all-categories |
Valid AnalysisLevel or AnalysisMode values or AnalysisLevel-AnalysisMode combinations from tables below. |
AnalysisLevel values
The following table shows the available AnalysisLevel options.
Value | Meaning |
---|---|
latest |
The latest code analyzers that have been released are used. This is the default. |
preview |
The latest code analyzers are used, even if they are in preview. |
5.0 |
The set of rules that was enabled for the .NET 5.0 release is used, even if newer rules are available. |
5 |
The set of rules that was enabled for the .NET 5.0 release is used, even if newer rules are available. |
AnalysisMode values
The following table shows the available AnalysisMode options.
Value | Meaning |
---|---|
minimum |
Minimum or highly-recommended set of code analyzers are enabled. This is the default. |
none or AllDisabledByDefault |
No code analyzers are enabled. This is the most conservative analysis mode. |
default |
Default set of code analyzers are enabled. |
recommended |
Recommended set of code analyzers are enabled. |
all or AllEnabledByDefault |
All code analyzers are enabled. This is the most aggressive analysis mode. |
Input Examples
-
Enable all
CAxxxx
andIDExxxx
rules for a single solution at repo root, such that code analysis violations break the build.- name: Run .NET Code Analysis uses: dotnet/code-analysis@v1 id: code-analysis with: solution: MySolution.sln build-breaking: true all-categories: all
-
Enable all 5.0 release
CAxxxx
security and performance rules, but only the recommended set for other rule categories forMyProject1.csproj
andMyProject2.csproj
, such that code analysis violations do not break the build.- name: Run .NET Code Analysis uses: dotnet/code-analysis@v1 id: code-analysis with: projects: src\MyProject1.csproj;src\MyProject2.csproj build-breaking: false security: 5.0-all performance: 5.0-all all-categories: 5.0-recommended
-
Enable highly-recommended
IDExxxx
code-style rules, and disable all the remaining rules for a single project, such that code analysis violations break the build.- name: Run .NET Code Analysis uses: dotnet/code-analysis@v1 id: code-analysis with: project: src\MyProject1.csproj build-breaking: true style: minimum all-categories: none
Outputs
The action produces a JSON format error log file in SARIF format. This file can be uploaded via the github/codeql-action/upload-sarif
action.
Usage
See action.yml
Basic
Run .NET code quality and code style analysis that ship with the .NET SDK.
steps:
- uses: actions/checkout@v2
# Run NuGet restore for each project/solution to analyze
- name: Run NuGet restore
run: dotnet restore <%path_to_project_or_solution%>
# Run code analysis for all projects/solutions, such that code analysis violations break the build.
- name: Run .NET Code Analysis
uses: dotnet/code-analysis@v1
id: code-analysis
with:
build-breaking: true
Note: The Microsoft Code Analysis CLI is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the actions/setup-dotnet action.
- uses: actions/setup-dotnet@v1
with:
dotnet-version: '3.1.x'
Limitations
The .NET code analysis action is currently in beta and runs on the windows-latest
queue, as well as Windows self hosted agents. ubuntu-latest
support coming soon.
More Information
Please see the wiki tab for more information and the Frequently Asked Questions (FAQ) page.
Report Issues
Please file a GitHub issue in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the .NET code analysis action output.
License
The scripts and documentation in this project are released under the MIT License
Contributing
Contributions are welcome! See the Contributor's Guide.
This project has adopted the .NET Foundation Code of Conduct.