Merge branch 'main' into typescript

Author: adangel

.github/workflows/generate.yml

@@ -54,7 +54,7 @@ jobs:
           git add CHANGELOG.md && git commit -m 'Updated CHANGELOG.md' && git push origin main
 
       - name: Setup Node.js
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           node-version: 20
 

.github/workflows/publish.yml

@@ -19,7 +19,7 @@ jobs:
           ref: ${{ github.event.release.tag_name }}
 
       - name: Setup Node
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           node-version: 20
 

.github/workflows/test.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Setup Node.js
-      uses: actions/[email protected].0
+      uses: actions/[email protected].2
       with:
         node-version: 20
     - run: npm ci

CHANGELOG.md

@@ -6,10 +6,27 @@
 
 **🚀 Implemented enhancements:**
 
+- Fix artifact upload, new parameter `uploadSarifReport` [\#250](https://github.com/pmd/pmd-github-action/pull/250) (@adangel)
 - Upgrade to node20 [\#221](https://github.com/pmd/pmd-github-action/pull/221) (@adangel)
 
+**🐛 Fixed bugs:**
+
+- Annotations are not shown in PR / commit [\#249](https://github.com/pmd/pmd-github-action/issues/249)
+
 **📦 Dependency updates:**
 
+- Bump @actions/artifact from 2.0.1 to 2.1.4 [\#263](https://github.com/pmd/pmd-github-action/pull/263) (@dependabot[bot])
+- Bump nock from 13.5.0 to 13.5.4 [\#262](https://github.com/pmd/pmd-github-action/pull/262) (@dependabot[bot])
+- Bump eslint from 8.56.0 to 8.57.0 [\#259](https://github.com/pmd/pmd-github-action/pull/259) (@dependabot[bot])
+- Bump actions/setup-node from 4.0.1 to 4.0.2 [\#256](https://github.com/pmd/pmd-github-action/pull/256) (@dependabot[bot])
+- Bump semver from 7.5.4 to 7.6.0 [\#255](https://github.com/pmd/pmd-github-action/pull/255) (@dependabot[bot])
+- Bump nock from 13.4.0 to 13.5.0 [\#248](https://github.com/pmd/pmd-github-action/pull/248) (@dependabot[bot])
+- Bump @actions/artifact from 2.0.0 to 2.0.1 [\#247](https://github.com/pmd/pmd-github-action/pull/247) (@dependabot[bot])
+- Bump actions/setup-node from 4.0.0 to 4.0.1 [\#245](https://github.com/pmd/pmd-github-action/pull/245) (@dependabot[bot])
+- Bump eslint from 8.55.0 to 8.56.0 [\#244](https://github.com/pmd/pmd-github-action/pull/244) (@dependabot[bot])
+- Bump @actions/artifact from 1.1.2 to 2.0.0 [\#243](https://github.com/pmd/pmd-github-action/pull/243) (@dependabot[bot])
+- Bump eslint from 8.54.0 to 8.55.0 [\#242](https://github.com/pmd/pmd-github-action/pull/242) (@dependabot[bot])
+- Bump nock from 13.3.8 to 13.4.0 [\#241](https://github.com/pmd/pmd-github-action/pull/241) (@dependabot[bot])
 - Bump eslint from 8.53.0 to 8.54.0 [\#240](https://github.com/pmd/pmd-github-action/pull/240) (@dependabot[bot])
 - Bump eslint from 8.52.0 to 8.53.0 [\#238](https://github.com/pmd/pmd-github-action/pull/238) (@dependabot[bot])
 - Bump nock from 13.3.7 to 13.3.8 [\#237](https://github.com/pmd/pmd-github-action/pull/237) (@dependabot[bot])
@@ -18,6 +35,7 @@
 - Bump eslint from 8.51.0 to 8.52.0 [\#234](https://github.com/pmd/pmd-github-action/pull/234) (@dependabot[bot])
 - Bump nock from 13.3.4 to 13.3.6 [\#233](https://github.com/pmd/pmd-github-action/pull/233) (@dependabot[bot])
 - Bump @vercel/ncc from 0.38.0 to 0.38.1 [\#232](https://github.com/pmd/pmd-github-action/pull/232) (@dependabot[bot])
+- Bump @actions/github from 5.1.1 to 6.0.0 [\#231](https://github.com/pmd/pmd-github-action/pull/231) (@dependabot[bot])
 - Bump nock from 13.3.3 to 13.3.4 [\#230](https://github.com/pmd/pmd-github-action/pull/230) (@dependabot[bot])
 - Bump eslint from 8.50.0 to 8.51.0 [\#229](https://github.com/pmd/pmd-github-action/pull/229) (@dependabot[bot])
 - Bump @octokit/rest from 20.0.1 to 20.0.2 [\#227](https://github.com/pmd/pmd-github-action/pull/227) (@dependabot[bot])
@@ -52,6 +70,14 @@
 - Bump convert-action from 0.2.0 to 0.2.2 [\#194](https://github.com/pmd/pmd-github-action/pull/194) (@dependabot[bot])
 - Bump eslint from 8.41.0 to 8.42.0 [\#192](https://github.com/pmd/pmd-github-action/pull/192) (@dependabot[bot])
 
+**✔️ Closed issues:**
+
+- Getting Warning in Node version only for PMD [\#253](https://github.com/pmd/pmd-github-action/issues/253)
+
+**🎉 Merged pull requests:**
+
+- Relativize paths if Sarif report already contains URIs [\#266](https://github.com/pmd/pmd-github-action/pull/266) (@adangel)
+
 ## [v1.4.1](https://github.com/pmd/pmd-github-action/tree/v1.4.1) (2023-05-26)
 
 [Full Changelog](https://github.com/pmd/pmd-github-action/compare/v1.4.0...v1.4.1)

README.md

@@ -84,6 +84,7 @@ See also [Uploading a SARIF file to GitHub](https://docs.github.com/en/code-secu
 |`rulesets`  |yes|        |Comma separated list of ruleset names to use.|
 |`analyzeModifiedFilesOnly`|no|"true"|Instead of analyze all files under "sourcePath", only the files that have been touched in a pull request or push will be analyzed. This makes the analysis faster and helps especially bigger projects which gradually want to introduce PMD. This helps in enforcing that no new code violation is introduced.<br>Depending on the analyzed language, the results might be less accurate results. At the moment, this is not a problem, as PMD mostly analyzes each file individually, but that might change in the future.<br>If the change is very big, not all files might be analyzed. Currently the maximum number of modified files is 300.<br>Note: When using PMD as a code scanner in order to create "Code scanning alerts" on GitHub, all files should be analyzed in order to produce a complete picture of the project. Otherwise alerts might get closed too soon.|
 |`createGitHubAnnotations`|no|"true"|By default, all detected violations are added as annotations to the pull request. You can disable this by setting FALSE. This can be useful if you are using another tool for this purpose.|
+|`uploadSarifReport`|no|"true"|By default, the generated SARIF report will be uploaded as an artifact named "PMD Report". This can be disabled, e.g. if there are multiple executions on multiple os of this action.|
 
 ## Outputs
 

__tests__/data/pmd-report-uris.sarif

@@ -0,0 +1,68 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "PMD",
+          "version": "6.40.0",
+          "informationUri": "https://pmd.github.io/pmd/",
+          "rules": [
+            {
+              "id": "UnusedLocalVariable",
+              "shortDescription": {
+                "text": "Variable 'x' defined but not used"
+              },
+              "fullDescription": {
+                "text": "\n        Detects when a local variable is declared and/or assigned but not used.\n        Second line.\n          Third line with additional indentation.\n      Fourth line with less indentation.\n          "
+              },
+              "helpUri": "https://pmd.github.io/pmd-6.40.0/pmd_rules_apex_bestpractices.html#unusedlocalvariable",
+              "help": {
+                "text": "\nDetects when a local variable is declared and/or assigned but not used.\n        "
+              },
+              "properties": {
+                "ruleset": "Best Practices",
+                "priority": 5,
+                "tags": [
+                  "Best Practices"
+                ]
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "UnusedLocalVariable",
+          "ruleIndex": 0,
+          "message": {
+            "text": "Variable 'x' defined but not used"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "file:///home/andreas/PMD/source/pmd-github-action-test/src/classes/UnusedLocalVariableSample.cls"
+                },
+                "region": {
+                  "startLine": 3,
+                  "startColumn": 16,
+                  "endLine": 3,
+                  "endColumn": 16
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "invocations": [
+        {
+          "executionSuccessful": true,
+          "toolConfigurationNotifications": [],
+          "toolExecutionNotifications": []
+        }
+      ]
+    }
+  ]
+}

__tests__/data/pmd-report-win-uris.sarif

@@ -0,0 +1,68 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "PMD",
+          "version": "6.40.0",
+          "informationUri": "https://pmd.github.io/pmd/",
+          "rules": [
+            {
+              "id": "UnusedLocalVariable",
+              "shortDescription": {
+                "text": "Variable 'x' defined but not used"
+              },
+              "fullDescription": {
+                "text": "\n        Detects when a local variable is declared and/or assigned but not used.\n        Second line.\n          Third line with additional indentation.\n      Fourth line with less indentation.\n          "
+              },
+              "helpUri": "https://pmd.github.io/pmd-6.40.0/pmd_rules_apex_bestpractices.html#unusedlocalvariable",
+              "help": {
+                "text": "\nDetects when a local variable is declared and/or assigned but not used.\n        "
+              },
+              "properties": {
+                "ruleset": "Best Practices",
+                "priority": 5,
+                "tags": [
+                  "Best Practices"
+                ]
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "UnusedLocalVariable",
+          "ruleIndex": 0,
+          "message": {
+            "text": "Variable 'x' defined but not used"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "file:///D:/a/pmd-github-action-test/src/classes/UnusedLocalVariableSample.cls"
+                },
+                "region": {
+                  "startLine": 3,
+                  "startColumn": 16,
+                  "endLine": 3,
+                  "endColumn": 16
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "invocations": [
+        {
+          "executionSuccessful": true,
+          "toolConfigurationNotifications": [],
+          "toolExecutionNotifications": []
+        }
+      ]
+    }
+  ]
+}

__tests__/sarif.test.ts

@@ -121,6 +121,36 @@ describe('pmd-github-action-sarif', function () {
     )
   })
 
+  test('can properly relativize report which contains already uris', async () => {
+    const isWindows = os.platform() === 'win32'
+
+    const reportPath = path.join(tempPath, 'pmd-report-uris.sarif')
+    await io.cp(
+      path.join(
+        __dirname,
+        'data',
+        isWindows ? 'pmd-report-win-uris.sarif' : 'pmd-report-uris.sarif'
+      ),
+      reportPath
+    )
+
+    const reportBefore = sarif.loadReport(reportPath)
+    const fullPath = isWindows
+      ? 'file:///D:/a/pmd-github-action-test/src/classes/UnusedLocalVariableSample.cls'
+      : 'file:///home/andreas/PMD/source/pmd-github-action-test/src/classes/UnusedLocalVariableSample.cls'
+    expect(extractFirstViolationLocationUri(reportBefore)).toBe(fullPath)
+
+    process.env['GITHUB_WORKSPACE'] = isWindows
+      ? 'D:\\a\\pmd-github-action-test'
+      : '/home/andreas/PMD/source/pmd-github-action-test'
+    sarif.relativizeReport(reportPath)
+    const reportAfter = sarif.loadReport(reportPath)
+    // note: not normalizing the paths to platform dependent paths - it must be a valid URI
+    expect(extractFirstViolationLocationUri(reportAfter)).toBe(
+      'src/classes/UnusedLocalVariableSample.cls'
+    )
+  })
+
   test('can properly relativize report - windows paths - issue #51', async () => {
     const reportPath = path.join(tempPath, 'pmd-report.sarif')
     await io.cp(