wip

Author: franciscoovazevedo

.codacy/cli-config.yaml

@@ -24,4 +24,5 @@ go.work.sum
 .idea/
 .vscode/
 
-cli-v2
+# Codacy CLI 
+cli-v2

.gitignore

@@ -20,7 +20,6 @@ var outputFormat string
 var sarifPath string
 var commitUuid string
 var projectToken string
-var pmdRulesetFile string
 
 type Sarif struct {
 	Runs []struct {
@@ -96,7 +95,6 @@ func init() {
 	analyzeCmd.Flags().StringVarP(&toolToAnalyze, "tool", "t", "", "Which tool to run analysis with")
 	analyzeCmd.Flags().StringVar(&outputFormat, "format", "", "Output format (use 'sarif' for SARIF format)")
 	analyzeCmd.Flags().BoolVar(&autoFix, "fix", false, "Apply auto fix to your issues when available")
-	analyzeCmd.Flags().StringVar(&pmdRulesetFile, "rulesets", "", "Path to PMD ruleset file")
 	rootCmd.AddCommand(analyzeCmd)
 }
 
@@ -209,7 +207,7 @@ func runPmdAnalysis(workDirectory string, pathsToCheck []string, outputFile stri
 	pmd := config.Config.Tools()["pmd"]
 	pmdBinary := pmd.Binaries["pmd"]
 
-	err := tools.RunPmd(workDirectory, pmdBinary, pathsToCheck, outputFile, outputFormat, pmdRulesetFile)
+	err := tools.RunPmd(workDirectory, pmdBinary, pathsToCheck, outputFile, outputFormat, "")
 	if err != nil {
 		log.Fatalf("Error running PMD: %v", err)
 	}

cmd/analyze.go

@@ -4,13 +4,15 @@ import (
 	"codacy/cli-v2/config"
 	"codacy/cli-v2/domain"
 	"codacy/cli-v2/tools"
+	"codacy/cli-v2/utils"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -53,6 +55,7 @@ var initCmd = &cobra.Command{
 			if err != nil {
 				log.Fatal(err)
 			}
+			createGitIgnoreFile()
 		}
 		fmt.Println()
 		fmt.Println("✅ Successfully initialized Codacy configuration!")
@@ -64,6 +67,26 @@ var initCmd = &cobra.Command{
 	},
 }
 
+func createGitIgnoreFile() error {
+	gitIgnorePath := filepath.Join(config.Config.LocalCodacyDirectory(), ".gitignore")
+	gitIgnoreFile, err := os.Create(gitIgnorePath)
+	if err != nil {
+		return fmt.Errorf("failed to create .gitignore file: %w", err)
+	}
+	defer gitIgnoreFile.Close()
+
+	content := `# Codacy CLI 
+tools-configs/
+.gitignore
+cli-config.yaml
+`
+	if _, err := gitIgnoreFile.WriteString(content); err != nil {
+		return fmt.Errorf("failed to write to .gitignore file: %w", err)
+	}
+
+	return nil
+}
+
 func createConfigurationFiles(tools []tools.Tool, cliLocalMode bool) error {
 	configFile, err := os.Create(config.Config.ProjectConfigFile())
 	defer configFile.Close()
@@ -137,6 +160,13 @@ func cliConfigFileTemplate(cliLocalMode bool) string {
 func buildRepositoryConfigurationFiles(token string) error {
 	fmt.Println("Fetching repository configuration from codacy using api token ...")
 
+	toolsConfigDir := config.Config.ToolsConfigDirectory()
+
+	// Create tools-configs directory if it doesn't exist
+	if err := os.MkdirAll(toolsConfigDir, utils.DefaultDirPerms); err != nil {
+		return fmt.Errorf("failed to create tools-configs directory: %w", err)
+	}
+
 	client := &http.Client{
 		Timeout: 10 * time.Second,
 	}
@@ -212,12 +242,13 @@ func buildRepositoryConfigurationFiles(token string) error {
 
 // map tool uuid to tool name
 func createToolFileConfigurations(tool tools.Tool, patternConfiguration []domain.PatternConfiguration) error {
+	toolsConfigDir := config.Config.ToolsConfigDirectory()
 	switch tool.Uuid {
 	case ESLint:
 		if len(patternConfiguration) > 0 {
 			eslintConfigurationString := tools.CreateEslintConfig(patternConfiguration)
 
-			eslintConfigFile, err := os.Create("eslint.config.mjs")
+			eslintConfigFile, err := os.Create(filepath.Join(toolsConfigDir, "eslint.config.mjs"))
 			if err != nil {
 				return fmt.Errorf("failed to create eslint config file: %v", err)
 			}
@@ -229,67 +260,79 @@ func createToolFileConfigurations(tool tools.Tool, patternConfiguration []domain
 			}
 			fmt.Println("ESLint configuration created based on Codacy settings")
 		} else {
-			err := createDefaultEslintConfigFile()
+			err := createDefaultEslintConfigFile(toolsConfigDir)
 			if err != nil {
 				return fmt.Errorf("failed to create default ESLint config: %v", err)
 			}
 			fmt.Println("Default ESLint configuration created")
 		}
 	case Trivy:
 		if len(patternConfiguration) > 0 {
-			createTrivyConfigFile(patternConfiguration)
+			err := createTrivyConfigFile(patternConfiguration, toolsConfigDir)
+			if err != nil {
+				return fmt.Errorf("failed to create Trivy config: %v", err)
+			}
 		} else {
-			createDefaultTrivyConfigFile()
+			err := createDefaultTrivyConfigFile(toolsConfigDir)
+			if err != nil {
+				return fmt.Errorf("failed to create default Trivy config: %v", err)
+			}
 		}
 		fmt.Println("Trivy configuration created based on Codacy settings")
 	case PMD:
 		if len(patternConfiguration) > 0 {
-			createPMDConfigFile(patternConfiguration)
+			err := createPMDConfigFile(patternConfiguration, toolsConfigDir)
+			if err != nil {
+				return fmt.Errorf("failed to create PMD config: %v", err)
+			}
 		} else {
-			createDefaultPMDConfigFile()
+			err := createDefaultPMDConfigFile(toolsConfigDir)
+			if err != nil {
+				return fmt.Errorf("failed to create default PMD config: %v", err)
+			}
 		}
 		fmt.Println("PMD configuration created based on Codacy settings")
 	}
 	return nil
 }
 
-func createPMDConfigFile(config []domain.PatternConfiguration) error {
+func createPMDConfigFile(config []domain.PatternConfiguration, toolsConfigDir string) error {
 	pmdConfigurationString := tools.CreatePmdConfig(config)
-	return os.WriteFile("pmd-ruleset.xml", []byte(pmdConfigurationString), 0644)
+	return os.WriteFile(filepath.Join(toolsConfigDir, "pmd-ruleset.xml"), []byte(pmdConfigurationString), utils.DefaultRW)
 }
 
-func createDefaultPMDConfigFile() error {
+func createDefaultPMDConfigFile(toolsConfigDir string) error {
 	content := tools.CreatePmdConfig([]domain.PatternConfiguration{})
-	return os.WriteFile("pmd-ruleset.xml", []byte(content), 0644)
+	return os.WriteFile(filepath.Join(toolsConfigDir, "pmd-ruleset.xml"), []byte(content), utils.DefaultRW)
 }
 
 // createTrivyConfigFile creates a trivy.yaml configuration file based on the API configuration
-func createTrivyConfigFile(config []domain.PatternConfiguration) error {
+func createTrivyConfigFile(config []domain.PatternConfiguration, toolsConfigDir string) error {
 
 	trivyConfigurationString := tools.CreateTrivyConfig(config)
 
 	// Write to file
-	return os.WriteFile("trivy.yaml", []byte(trivyConfigurationString), 0644)
+	return os.WriteFile(filepath.Join(toolsConfigDir, "trivy.yaml"), []byte(trivyConfigurationString), utils.DefaultRW)
 }
 
 // createDefaultTrivyConfigFile creates a default trivy.yaml configuration file
-func createDefaultTrivyConfigFile() error {
+func createDefaultTrivyConfigFile(toolsConfigDir string) error {
 	// Use empty tool configuration to get default settings
 	emptyConfig := []domain.PatternConfiguration{}
 	content := tools.CreateTrivyConfig(emptyConfig)
 
 	// Write to file
-	return os.WriteFile("trivy.yaml", []byte(content), 0644)
+	return os.WriteFile(filepath.Join(toolsConfigDir, "trivy.yaml"), []byte(content), utils.DefaultRW)
 }
 
 // createDefaultEslintConfigFile creates a default eslint.config.mjs configuration file
-func createDefaultEslintConfigFile() error {
+func createDefaultEslintConfigFile(toolsConfigDir string) error {
 	// Use empty tool configuration to get default settings
 	emptyConfig := []domain.PatternConfiguration{}
 	content := tools.CreateEslintConfig(emptyConfig)
 
 	// Write to file
-	return os.WriteFile("eslint.config.mjs", []byte(content), 0644)
+	return os.WriteFile(filepath.Join(toolsConfigDir, "eslint.config.mjs"), []byte(content), utils.DefaultRW)
 }
 
 const (

cmd/init.go

@@ -15,6 +15,7 @@ type ConfigType struct {
 	runtimesDirectory    string
 	toolsDirectory       string
 	localCodacyDirectory string
+	toolsConfigDirectory string
 	projectConfigFile    string
 	cliConfigFile        string
 
@@ -42,6 +43,10 @@ func (c *ConfigType) LocalCodacyDirectory() string {
 	return c.localCodacyDirectory
 }
 
+func (c *ConfigType) ToolsConfigsDirectory() string {
+	return c.toolsConfigDirectory
+}
+
 func (c *ConfigType) ProjectConfigFile() string {
 	return c.projectConfigFile
 }
@@ -88,11 +93,16 @@ func (c *ConfigType) AddTools(configs []plugins.ToolConfig) error {
 	return nil
 }
 
+func (c *ConfigType) ToolsConfigDirectory() string {
+	return c.toolsConfigDirectory
+}
+
 func (c *ConfigType) setupCodacyPaths() {
 	c.globalCacheDirectory = filepath.Join(c.homePath, ".cache", "codacy")
 	c.runtimesDirectory = filepath.Join(c.globalCacheDirectory, "runtimes")
 	c.toolsDirectory = filepath.Join(c.globalCacheDirectory, "tools")
 	c.localCodacyDirectory = ".codacy"
+	c.toolsConfigDirectory = filepath.Join(c.localCodacyDirectory, "tools-configs")
 
 	c.projectConfigFile = filepath.Join(c.localCodacyDirectory, "codacy.yaml")
 	c.cliConfigFile = filepath.Join(c.localCodacyDirectory, "cli-config.yaml")

config/config.go

@@ -1,6 +1,7 @@
 package tools
 
 import (
+	"codacy/cli-v2/config"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -14,6 +15,15 @@ func RunEslint(repositoryToAnalyseDirectory string, eslintInstallationDirectory
 	eslintJsPath := filepath.Join(eslintInstallationNodeModules, ".bin", "eslint")
 
 	cmd := exec.Command(nodeBinary, eslintJsPath)
+
+	// For Eslint compatibility with version 8.
+	// https://eslint.org/docs/v8.x/use/configure/configuration-files-new
+	cmd.Env = append(cmd.Env, "ESLINT_USE_FLAT_CONFIG=true")
+
+	// Add config file from tools-configs directory
+	configFile := filepath.Join(config.Config.ToolsConfigDirectory(), "eslint.config.mjs")
+	cmd.Args = append(cmd.Args, "-c", configFile)
+
 	if autoFix {
 		cmd.Args = append(cmd.Args, "--fix")
 	}
@@ -39,9 +49,9 @@ func RunEslint(repositoryToAnalyseDirectory string, eslintInstallationDirectory
 	nodePathEnv := "NODE_PATH=" + eslintInstallationNodeModules
 	cmd.Env = append(cmd.Env, nodePathEnv)
 
-	//DEBUG
-	//fmt.Println(cmd.Env)
-	//fmt.Println(cmd)
+	// DEBUG
+	// fmt.Println(cmd.Env)
+	// fmt.Println(cmd)
 
 	// TODO eslint returns 1 when it finds errors, so we're not propagating it
 	cmd.Run()

tools/eslintRunner.go

@@ -1,41 +1,55 @@
 package tools
 
 import (
+	"codacy/cli-v2/config"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 )
 
 // RunPmd executes PMD static code analyzer with the specified options
+//
+// Parameters:
+//   - repositoryToAnalyseDirectory: The root directory of the repository to analyze
+//   - pmdBinary: Path to the PMD executable
+//   - pathsToCheck: List of specific paths to analyze, if empty analyzes whole repository
+//   - outputFile: Path where analysis results should be written
+//   - outputFormat: Format for the output (e.g. "sarif")
+//   - rulesetFile: Path to custom ruleset XML file, if empty uses default ruleset
+//
+// Returns:
+//   - error: nil if analysis succeeds or violations found, error otherwise
 func RunPmd(repositoryToAnalyseDirectory string, pmdBinary string, pathsToCheck []string, outputFile string, outputFormat string, rulesetFile string) error {
-	cmdArgs := []string{"pmd"}
+	cmd := exec.Command(pmdBinary, "pmd")
+
+	// Add config file from tools-configs directory if not specified
+	if rulesetFile == "" {
+		configFile := filepath.Join(config.Config.ToolsConfigDirectory(), "pmd-ruleset.xml")
+		cmd.Args = append(cmd.Args, "-R", configFile)
+	} else {
+		cmd.Args = append(cmd.Args, "-R", rulesetFile)
+	}
 
 	// Add source directories (comma-separated list for PMD)
 	if len(pathsToCheck) > 0 {
 		dirArg := strings.Join(pathsToCheck, ",")
-		cmdArgs = append(cmdArgs, "-d", dirArg)
+		cmd.Args = append(cmd.Args, "-d", dirArg)
 	} else {
 		// Fall back to whole repo if no specific paths given
-		cmdArgs = append(cmdArgs, "-d", repositoryToAnalyseDirectory)
-	}
-
-	// Add ruleset
-	if rulesetFile != "" {
-		cmdArgs = append(cmdArgs, "-R", rulesetFile)
+		cmd.Args = append(cmd.Args, "-d", repositoryToAnalyseDirectory)
 	}
 
 	// Format
 	if outputFormat != "" {
-		cmdArgs = append(cmdArgs, "-f", outputFormat)
+		cmd.Args = append(cmd.Args, "-f", outputFormat)
 	}
 
 	// Output file
 	if outputFile != "" {
-		cmdArgs = append(cmdArgs, "-r", outputFile)
+		cmd.Args = append(cmd.Args, "-r", outputFile)
 	}
 
-	cmd := exec.Command(pmdBinary, cmdArgs...)
-
 	cmd.Dir = repositoryToAnalyseDirectory
 	cmd.Stderr = os.Stderr
 	cmd.Stdout = os.Stdout

tools/pmdRunner.go

@@ -1,14 +1,20 @@
 package tools
 
 import (
+	"codacy/cli-v2/config"
 	"os"
 	"os/exec"
+	"path/filepath"
 )
 
 // RunTrivy executes Trivy vulnerability scanner with the specified options
 func RunTrivy(repositoryToAnalyseDirectory string, trivyBinary string, pathsToCheck []string, outputFile string, outputFormat string) error {
 	cmd := exec.Command(trivyBinary, "fs")
 
+	// Add config file from tools-configs directory
+	configFile := filepath.Join(config.Config.ToolsConfigDirectory(), "trivy.yaml")
+	cmd.Args = append(cmd.Args, "--config", configFile)
+
 	// Add format options
 	if outputFile != "" {
 		cmd.Args = append(cmd.Args, "--output", outputFile)

tools/trivyRunner.go

@@ -0,0 +1,26 @@
+package utils
+
+const (
+
+	// FilePermission represents the default file permission (rw-r--r--)
+	// This permission gives:
+	// - read/write (rw-) permissions to the owner
+	// - read-only (r--) permissions to the group
+	// - read-only (r--) permissions to others
+	DefaultRW = 0644
+
+	// DefaultDirPerms represents the default directory permission (rwxr-xr-x)
+	// This permission gives:
+	// - read/write/execute (rwx) permissions to the owner
+	// - read/execute (r-x) permissions to the group
+	// - read/execute (r-x) permissions to others
+	//
+	// Execute permission on directories is required to:
+	// - List directory contents (ls)
+	// - Access files within the directory (cd)
+	// - Create/delete files in the directory
+	// Without execute permission, users cannot traverse into or use the directory,
+	// even if they have read/write permissions on files inside it
+
+	DefaultDirPerms = 0755 // For directories
+)