{"id":19359756,"url":"https://github.com/codacy/codacy-analysis-cli-action","last_synced_at":"2025-04-05T00:09:05.444Z","repository":{"id":37864068,"uuid":"217691904","full_name":"codacy/codacy-analysis-cli-action","owner":"codacy","description":"GitHub Action for the codacy-analysis-cli","archived":false,"fork":false,"pushed_at":"2024-07-12T13:51:37.000Z","size":535,"stargazers_count":61,"open_issues_count":12,"forks_count":18,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-02T21:53:50.233Z","etag":null,"topics":["automation","github-actions","static-analysis"],"latest_commit_sha":null,"homepage":"https://github.com/codacy/codacy-analysis-cli","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codacy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-26T10:20:46.000Z","updated_at":"2025-03-31T02:43:21.000Z","dependencies_parsed_at":"2024-05-08T09:44:52.501Z","dependency_job_id":"9903877e-3ae8-4e34-9fe0-6060321c5834","html_url":"https://github.com/codacy/codacy-analysis-cli-action","commit_stats":{"total_commits":120,"total_committers":24,"mean_commits":5.0,"dds":0.6833333333333333,"last_synced_commit":"09916000460adeeedc96b9704f86deba53e2ad5d"},"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codacy%2Fcodacy-analysis-cli-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codacy%2Fcodacy-analysis-cli-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codacy%2Fcodacy-analysis-cli-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codacy%2Fcodacy-analysis-cli-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codacy","download_url":"https://codeload.github.com/codacy/codacy-analysis-cli-action/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247266564,"owners_count":20910836,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","github-actions","static-analysis"],"created_at":"2024-11-10T07:16:02.143Z","updated_at":"2025-04-05T00:09:05.425Z","avatar_url":"https://github.com/codacy.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Codacy Analysis CLI GitHub Action\n\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/946b78614f154f81b1c9c0514fd9f35c)](https://www.codacy.com/gh/codacy/codacy-analysis-cli-action/dashboard?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=codacy/codacy-analysis-cli-action\u0026utm_campaign=Badge_Grade)\n\nGitHub Action for running Codacy static analysis on [over 40 supported languages](https://docs.codacy.com/getting-started/supported-languages-and-tools/) and returning identified issues in the code.\n\n\u003cbr/\u003e\n\n\u003ca href=\"https://www.codacy.com\" target=\"_blank\"\u003e\u003cimg src=\"images/codacy-logo.svg\" alt=\"Codacy\" width=\"400\"/\u003e\u003c/a\u003e\n\n\u003cbr/\u003e\n\n[Codacy](https://www.codacy.com/) is an automated code review tool that makes it easy to ensure your team is writing high-quality code by analyzing more than 40 programming languages such as PHP, JavaScript, Python, Java, and Ruby. Codacy allows you to define your own quality rules, code patterns and quality settings you'd like to enforce to prevent issues on your codebase.\n\nThe Codacy GitHub Action supports the following scenarios:\n\n-   **[Analysis with default settings](#analysis-with-default-settings):** Analyzes each commit and pull request and fails the workflow if it finds issues in your code.\n-   **[Integration with GitHub code scanning](#integration-with-github-code-scanning):** Analyzes each commit and pull request and uploads the results to GitHub, which displays the identified issues under your repository's tab **Security**.\n-   **[Integration with Codacy for client-side tools](#integration-with-codacy-for-client-side-tools):** Analyzes each commit and pull request using one of Codacy's client-side tools and uploads the results to Codacy, which displays the identified issues in UI dashboards and can also report the status of the analysis on your pull requests.\n\n## Analysis with default settings\n\nBy default, the Codacy GitHub Action:\n\n-   Analyzes each commit or pull request by running all supported static code analysis tools for the languages found in your repository.\n-   Prints the analysis results on the console, which is visible on the GitHub Action's workflow panel.  \n-   Fails the workflow if it finds at least one issue in your code.\n\n![Failed Codacy analysis workflow](images/failed-workflow.png)\n\nTo use the GitHub Action with default settings, add the following to a file `.github/workflows/codacy-analysis.yaml` in your repository:\n\n```yaml\nname: Codacy Analysis CLI\n\non: [\"push\"]\n\njobs:\n  codacy-analysis-cli:\n    name: Codacy Analysis CLI\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout code\n        uses: actions/checkout@main\n\n      - name: Run Codacy Analysis CLI\n        uses: codacy/codacy-analysis-cli-action@master\n```\n\n## Integration with GitHub code scanning\n\nIntegrate the Codacy GitHub Action with [GitHub code scanning](https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning) to display the analysis results on your repository under the tab **Security**, page **Code scanning alerts**.\n\nIn this scenario, the GitHub Action:\n\n-   Analyzes each commit and pull request to the `master` or `main` branch by running all supported static code analysis tools for the languages found in your repository.\n-   Outputs the analysis results to a file `results.sarif`, which is then uploaded to GitHub.\n\n![GitHub code scanning integration](images/github-code-scanning.png)\n\nTo use the GitHub Action with GitHub code scanning integration, add the following to a file `.github/workflows/codacy-analysis.yaml` in your repository:\n\n```yaml\nname: Codacy Security Scan\n\non:\n  push:\n    branches: [ \"master\", \"main\" ]\n  pull_request:\n    branches: [ \"master\", \"main\" ]\n\njobs:\n  codacy-security-scan:\n    name: Codacy Security Scan\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout code\n        uses: actions/checkout@main\n\n      - name: Run Codacy Analysis CLI\n        uses: codacy/codacy-analysis-cli-action@master\n        with:\n          output: results.sarif\n          format: sarif\n          # Adjust severity of non-security issues\n          gh-code-scanning-compat: true\n          # Force 0 exit code to allow SARIF file generation\n          # This will hand over control about PR rejection to the GitHub side\n          max-allowed-issues: 2147483647\n      \n      # Upload the SARIF file generated in the previous step\n      - name: Upload SARIF results file\n        uses: github/codeql-action/upload-sarif@main\n        with:\n          sarif_file: results.sarif\n```\n\n## Integration with Codacy for client-side tools\n\nUse the GitHub Action to run any of the [**containerized** client-side tools supported by Codacy](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/) and upload the results of the analysis to Codacy.\n\nIn this scenario, the GitHub action:\n\n-   Analyzes each commit or pull request by running a specific client-side tool with the configurations that you defined on Codacy.\n-   Uploads the analysis results to Codacy.\n\nAfter this, Codacy displays the results of the analysis of your commits and pull requests on the UI dashboards, and optionally reports the status of the analysis directly on your GitHub pull requests.\n\n![Codacy integration](images/codacy-analysis-integration.png)\n\nTo use the GitHub Action with Codacy integration:\n\n1.  On Codacy, [enable the containerized client-side tool](../../repositories-configure/configuring-code-patterns.md) and configure the corresponding code patterns on your repository **Code patterns** page.\n\n1.  On Codacy, enable **Run analysis through build server** in your repository **Settings**, tab **General**, **Repository analysis**.\n\n    This setting enables Codacy to wait for the results of the local analysis before resuming the analysis of your commits.\n\n2.  Set up an API token to allow the GitHub Action to authenticate on Codacy:\n\n    -   **If you're setting up one repository**, [obtain a project API token](https://docs.codacy.com/codacy-api/api-tokens/#project-api-tokens) and store it as an [encrypted secret for your **repository**](https://docs.github.com/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository) with the name `CODACY_PROJECT_TOKEN`.\n    -   **If you're setting up multiple repositories**, [obtain an account API token](https://docs.codacy.com/codacy-api/api-tokens/#account-api-tokens) and store it as an [encrypted secret for your **organization**](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-an-organization) with the name `CODACY_API_TOKEN`.\n\n    \u003e ⚠️ **Never write API tokens to your configuration files** and keep your API tokens well protected, as they grant owner permissions to your projects on Codacy.\n\n3.  Add the following to a file `.github/workflows/codacy-analysis.yaml` in your repository, where `\u003cCLIENT_SIDE_TOOL_NAME\u003e` is the name of the [containerized client-side tool](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/) that the Codacy Analysis CLI will run locally, or don't specify this parameter to run all tools supported by Codacy:\n\n    ```yaml\n    name: Codacy Analysis CLI\n\n    on: [\"push\"]\n\n    jobs:\n      codacy-analysis-cli:\n        name: Codacy Analysis CLI\n        runs-on: ubuntu-latest\n        steps:\n          - name: Checkout code\n            uses: actions/checkout@main\n\n          - name: Run Codacy Analysis CLI\n            uses: codacy/codacy-analysis-cli-action@master\n            with:\n              tool: \u003cCLIENT_SIDE_TOOL_NAME\u003e\n              project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}\n              # or\n              # api-token: ${{ secrets.CODACY_API_TOKEN }}\n              upload: true\n              max-allowed-issues: 2147483647\n    ```\n\n    **If you're running a Go client-side tool** you must also set up the Go environment before running the Codacy Analysis CLI GitHub Action. We recommend using the [setup-go GitHub Action](https://github.com/actions/setup-go) for this:\n\n    ```yaml\n    - name: set-up go\n      uses: actions/setup-go@v3\n      with:\n        # Go version currently supported by Codacy\n        go-version: 1.19.1\n    ```\n\n4.  Optionally, specify the following parameters to run [**standalone** client-side tools](https://docs.codacy.com/related-tools/local-analysis/client-side-tools/):\n\n    ```yaml\n    run-gosec: \"true\"\n    run-staticcheck: \"true\"\n    ```\n\n    Due to the complex orchestration of the tools Clang-Tidy and Faux Pas, the action can receive instead the output files of the tools and upload them to Codacy:\n\n    ```yaml\n    clang-tidy-output: \"path/to/output\"\n    faux-pas-output: \"path/to/output\"\n    ```\n\n    If you only want to run the standalone client-side tools and not all the containerized tools supported by Codacy, specify:\n\n    ```yaml\n    run-docker-tools: \"false\"\n    ```\n\n5.  Optionally, [enable the GitHub integration](https://docs.codacy.com/repositories-configure/integrations/github-integration/) on Codacy to have information about the analysis of the changed files directly on your pull requests.\n\n## Parameters\n\nThe Codacy GitHub Action is a wrapper for running the [Codacy Analysis CLI](https://github.com/codacy/codacy-analysis-cli). For a list of supported input parameters, see [`action.yml`](./action.yml). To pass input parameters to the action, [update the associated `with` map](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsstepswith).\n\nThe following example limits analysis to a `src` directory and provides additional details by setting `verbose` to `true`.\n\n```yaml\n- name: Run Codacy Analysis CLI\n  uses: codacy/codacy-analysis-cli-action@master\n  with:\n    directory: src\n    verbose: true\n```\n\n## Contributing\n\nWe love contributions, feedback, and bug reports.\nIf you run into issues while running this action,\n[open an issue](https://github.com/codacy/codacy-analysis-cli-action/issues) in this repository.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodacy%2Fcodacy-analysis-cli-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodacy%2Fcodacy-analysis-cli-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodacy%2Fcodacy-analysis-cli-action/lists"}