Merge pull request #10 from haskell-actions/haskell

Rewrite as a Docker container action written in Haskell.

Author: chungyc

.github/workflows/experiment.yaml

@@ -0,0 +1,16 @@
+name: Testing Action
+concurrency: build
+permissions: read-all
+
+on: [workflow_dispatch]
+
+jobs:
+  scan:
+    name: Scan code with HLint
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload results to GitHub code scanning.
+      security-events: write
+    steps:
+      - uses: actions/checkout@v3
+      - uses: haskell-actions/hlint-scan@haskell

.github/workflows/release.yaml

@@ -0,0 +1,41 @@
+name: Publish Docker Image
+concurrency: build
+permissions: read-all
+
+on: [workflow_dispatch]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -0,0 +1,5 @@
+*~
+*.cabal
+.stack-work/
+.vscode/
+stack.yaml.lock

Dockerfile

@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1
+
+# We fetch and build a specific unreleased version of HLint as well,
+# since a version of HLint with SARIF support has not been released yet.
+#
+# Once one has been, we may either continue to bundle the hlint binary
+# together but at a more stable and official set of versions.
+# Alternatively, we could have the action retrieve an hlint release
+# automatically if one is not already available locally in the action.
+
+FROM haskell:9.4.4 AS build
+RUN mkdir -p /src
+WORKDIR /src
+RUN git clone https://github.com/haskell-actions/hlint-scan.git
+WORKDIR /src/hlint-scan
+RUN stack install hlint hlint-scan:exe:hlint-scan
+RUN cp $(stack path --local-bin)/hlint /
+RUN cp $(stack path --local-bin)/hlint-scan /
+
+FROM haskell:9.4.4-slim
+COPY --from=build /hlint /hlint-scan /
+ENTRYPOINT ["/hlint-scan"]

README.md

@@ -3,15 +3,6 @@
 This is a GitHub action which scans Haskell code using [HLint]
 and uploads its suggested improvements to [GitHub code scanning].
 
-This needs HLint to be set up.
-This can be taken care of by [haskell/actions/hlint-setup].
-
-## Warning
-
-This depends on unreleased versions of HLint.
-For an example as to how one could use this action at the current time,
-see [chungyc/site-personal/hlint.yaml](https://github.com/chungyc/site-personal/blob/main/.github/workflows/hlint.yaml).
-
 ## Usage
 
 A minimal example for setting up code scanning with HLint:

action.yaml

@@ -19,41 +19,31 @@ inputs:
   binary:
     description: Path to the hlint binary.
     required: false
-    default: hlint
   path:
     description: Path of file or directory that HLint will be told to scan.
     required: false
     default: .
   category:
     description: String used by GitHub code scanning for matching the analyses.
     required: false
-    default: null
+  token:
+    description: Access token to fetch the repository and write the code scanning results from HLint to GitHub code scanning.
+    required: false
+    default: ${{ github.token }}
 
 outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
     value: ${{ steps.upload-sarif.outputs.sarif-id }}
 
 runs:
-  using: 'composite'
-
-  steps:
-
-    - name: Run HLint
-      run: |
-        "$BINARY" --no-exit-code --sarif "$FILEPATH" >> "$TMPDIR/hlint.sarif"
-      shell: bash
-      env:
-        BINARY: ${{ inputs.binary }}
-        FILEPATH: ${{ inputs.path }}
-        TMPDIR: ${{ runner.temp }}
-
-    - id: upload-sarif
-      name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: ${{ runner.temp }}/hlint.sarif
-        category: ${{ inputs.category }}
+  using: docker
+  image: Dockerfile
+  args:
+    - binary=${{ inputs.binary }}
+    - path=${{ inputs.path }}
+    - category=${{ inputs.category }}
+    - token=${{ inputs.token }}
 
 branding:
   icon: 'alert-circle'

app/Main.hs

@@ -0,0 +1,23 @@
+{-
+Copyright 2023 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-}
+
+module Main (main) where
+
+import qualified Scan
+import System.Environment (getArgs)
+
+main :: IO ()
+main = getArgs >>= Scan.main

docs/CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog for `hlint-scan`
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog] and this project adheres to
+the [Haskell Package Versioning Policy].
+
+[Haskell Package Versioning Policy]: https://pvp.haskell.org/
+[Keep a Changelog]: https://keepachangelog.com/en/1.0.0/
+
+## Unreleased
+
+*   Rewrite using a Docker container action using Haskell.
+    *   It will no longer need HLint to be set up separately,
+        although it can use one set up by the user if requested to do so.
+
+## 0.1.0.0 - 2023-04-03
+
+*   Initial working implementation with GitHub composite action.

package.yaml

@@ -0,0 +1,114 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name:                hlint-scan
+version:             0.0.0.0
+github:              "haskell-actions/hlint-scan"
+license:             Apache-2.0
+author:              "Yoo Chung"
+maintainer:          "[email protected]"
+copyright:           "Copyright 2023 Google LLC"
+
+extra-source-files:
+- action.yaml
+- LICENSE
+- README.md
+- docs/**
+
+synopsis:            Code scanning GitHub action using HLint.
+category:            GitHub, Development
+
+description: |
+  Scans code with HLint and uploads its analysis results to GitHub code scanning.
+  See <https://github.com/haskell-actions/hlint-scan>.
+
+dependencies:
+- base
+
+language: GHC2021
+
+default-extensions:
+- OverloadedStrings
+
+ghc-options:
+- -Wall
+- -Werror
+
+library:
+  source-dirs: src
+  dependencies:
+  - aeson
+  - base64
+  - bytestring
+  - filepath
+  - github-rest
+  - process
+  - text
+  - vector
+  - zlib
+
+executables:
+  hlint-scan:
+    main:                Main.hs
+    source-dirs:         app
+
+    ghc-options:
+    - -threaded
+    - -rtsopts
+    - -with-rtsopts=-N
+
+    dependencies:
+    - hlint-scan
+
+    # Work around https://github.com/sol/hpack/issues/303.
+    when:
+      condition: false
+      other-modules: Paths_hlint_scan
+
+tests:
+  spec:
+    main:                Spec.hs
+    source-dirs:         test
+
+    ghc-options:
+    - -threaded
+    - -rtsopts
+    - -with-rtsopts=-N
+
+    dependencies:
+    - hlint-scan
+    - hspec
+
+    when:
+      condition: false
+      other-modules:
+      - Examples         # Don't include the doctest runner.
+      - Paths_hlint_scan # Work around https://github.com/sol/hpack/issues/303.
+
+  examples:
+    main: test/Examples.hs
+
+    ghc-options:
+    - -threaded
+    - -rtsopts
+    - -with-rtsopts=-N
+
+    dependencies:
+    - hlint-scan
+    - doctest-parallel
+
+    # Work around https://github.com/sol/hpack/issues/303.
+    when:
+      condition: false
+      other-modules: Paths_hlint_scan

src/Arguments.hs

@@ -0,0 +1,61 @@
+{-
+Copyright 2023 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-}
+
+module Arguments (validate, translate) where
+
+import Data.List (group, sort)
+import Data.Maybe (mapMaybe)
+
+validate :: [String] -> Maybe String
+validate args
+  | [] <- errors = Nothing
+  | otherwise = Just $ unlines errors
+  where
+    errors = mapMaybe forString args ++ map (\s -> "duplicate argument: \"" <> s <> "\"") duplicates
+    forString s =
+      if '=' `elem` s
+        then Nothing
+        else Just ("no '=' in \"" <> s <> "\"")
+    keys = map (fst . toTuple) args
+    duplicates = concatMap (take 1) $ filter ((<) 1 . length) $ group $ sort keys
+
+translate :: [String] -> (FilePath, [String], Maybe String, Maybe String)
+translate args = (executable', path' : "-j" : "--sarif" : "--no-exit-code" : flags, category, token)
+  where
+    argsMap = map toTuple args
+    executable = lookup "binary" argsMap
+    executable'
+      | Nothing <- executable = "/hlint"
+      | Just "" <- executable = "/hlint"
+      | Just s <- executable = s
+    path = lookup "path" argsMap
+    path'
+      | Nothing <- path = "."
+      | Just "" <- path = "."
+      | Just s <- path = s
+    category = lookup "category" argsMap
+    token = lookup "token" argsMap
+    flags =
+      concatMap toFlag $
+        filter (flip elem ["binary", "path", "category", "token"] . fst) argsMap
+
+toTuple :: String -> (String, String)
+toTuple s = (key, drop 1 prefixedValue)
+  where
+    (key, prefixedValue) = break (== '=') s
+
+toFlag :: (String, String) -> [String]
+toFlag _ = []