Analyze Code #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Analyze Code | |
| # Manual-only: a scratch workflow to see how `robotcode analyze code` looks in | |
| # a GitHub Actions run. Two jobs demonstrate the two CI-facing formats: | |
| # - annotations: `--output-format github` -> inline annotations on the run | |
| # - code-scanning: `--output-format sarif` -> uploaded to GitHub code scanning | |
| # Trigger it from the Actions tab via "Run workflow". | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| annotations: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.13" | |
| - name: Install Hatch | |
| uses: pypa/hatch@install | |
| - name: Create the dev environment | |
| run: hatch env create | |
| - name: Analyze code | |
| # continue-on-error so the job stays green and the annotations are easy to | |
| # inspect, even though analyze code exits non-zero when it finds problems. | |
| continue-on-error: true | |
| run: hatch run robotcode analyze code --output-format github | |
| code-scanning: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required so github/codeql-action/upload-sarif can publish the results | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.13" | |
| - name: Install Hatch | |
| uses: pypa/hatch@install | |
| - name: Create the dev environment | |
| run: hatch env create | |
| - name: Analyze code (SARIF) | |
| # continue-on-error so the SARIF still gets uploaded when problems are found. | |
| continue-on-error: true | |
| run: hatch run robotcode analyze code --output-format sarif --output-file robotcode.sarif | |
| - name: Upload SARIF to code scanning | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: robotcode.sarif |