Merge pull request #258 from modelix/feature/detekt-integration

ci: include detekt with GitHub code security analysis

Author: languitar

.detekt.yml

@@ -0,0 +1,12 @@
+style:
+  # handled by ktlint
+  MaxLineLength:
+    active: false
+  ModifierOrder:
+    active: false
+
+  # No need for this
+  ReturnCount:
+    active: false
+  ThrowsCount:
+    active: false

.github/workflows/build.yaml

@@ -28,6 +28,7 @@ jobs:
           arguments: |
             --build-cache
             build
+            detekt
             -PciBuild=true
       - name: Archive test report
         uses: actions/upload-artifact@v3
@@ -37,6 +38,17 @@ jobs:
           path: |
             */build/test-results
             */build/reports
+      # In theory, the upload action should take care of stripping the GitHub
+      # runner workspace path from the file paths. But somehow that doesn't
+      # work. So do it manually.
+      - name: relativize SARIF file paths
+        run: |
+          sed -i 's#${{ github.workspace }}/##' build/reports/detekt/*.sarif
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'build/reports/detekt/'
+          category: detekt
 
   test-model-api-gen-gradle:
     runs-on: ubuntu-latest

build.gradle.kts

@@ -1,5 +1,6 @@
 import com.github.gradle.node.NodeExtension
 import com.github.gradle.node.NodePlugin
+import io.gitlab.arturbosch.detekt.Detekt
 import kotlinx.html.FlowContent
 import kotlinx.html.a
 import kotlinx.html.body
@@ -44,6 +45,7 @@ plugins {
     alias(libs.plugins.tasktree)
     alias(libs.plugins.dokka)
     alias(libs.plugins.node) apply false
+    alias(libs.plugins.detekt) apply false
 }
 
 group = "org.modelix"
@@ -65,11 +67,14 @@ dependencies {
     dokkaPlugin(libs.dokka.versioning)
 }
 
+val parentProject = project
+
 subprojects {
     val subproject = this
     apply(plugin = "maven-publish")
     apply(plugin = "org.jetbrains.dokka")
     apply(plugin = "org.jlleitschuh.gradle.ktlint")
+    apply(plugin = "io.gitlab.arturbosch.detekt")
 
     version = rootProject.version
     group = rootProject.group
@@ -85,6 +90,22 @@ subprojects {
         version.set("0.50.0")
     }
 
+    tasks.withType<Detekt> {
+        parallel = true
+        // For now, we only use the results here as hints
+        ignoreFailures = true
+
+        buildUponDefaultConfig = true
+        config.setFrom(parentProject.projectDir.resolve(".detekt.yml"))
+
+        reports {
+            sarif.required.set(true)
+            // This is required for the GitHub upload action to easily find all sarif files in a single directory.
+            sarif.outputLocation.set(parentProject.buildDir.resolve("reports/detekt/${project.name}.sarif"))
+            html.required.set(true)
+        }
+    }
+
     val kotlinApiVersion = org.jetbrains.kotlin.gradle.dsl.KotlinVersion.KOTLIN_1_6
     subproject.tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile>().configureEach {
         if (!name.lowercase().contains("test")) {

gradle/libs.versions.toml

@@ -17,6 +17,7 @@ tasktree = { id = "com.dorongold.task-tree", version = "2.1.1" }
 modelix-mps-buildtools = { id = "org.modelix.mps.build-tools", version = "1.1.0" }
 dokka = {id = "org.jetbrains.dokka", version = "1.9.0"}
 node = {id = "com.github.node-gradle.node", version = "7.0.1"}
+detekt = { id = "io.gitlab.arturbosch.detekt", version = "1.23.1" }
 
 [versions]
 kotlin = "1.9.10"