-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add DevSkim GitHub action support for Windows #618
Comments
Thanks for the feedback. It seems that a Dockerfile defined action (as DevSkim-Action is) is restricted to Linux pipelines only - the workaround seems to be to migrate to a Typescript action. I found a similar issue reported in another repo on GitHub with the same conclusion - peter-evans/create-pull-request#40. For us, the workaround is a little undesirable here - the docker method allows us to ensure that the .NET SDK is available and pull the latest version of the DevSkim tool, without interfering with the users environment, and ultimately the equivalent behavior of the action is only a couple lines of YML. It's a little less 'clean' than calling the one line to the DevSkim action but you can accomplish basically the same thing with a two items, by installing the DevSkim .NET tool and then running it. - run: dotnet tool install --tool-path path/to/tools Microsoft.CST.DevSkim.CLI
- run: path/to/tools/devskim analyze ... -O devskim-results.sarif
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarif Substituting Do you think that would work for you? |
It resolves this specific issue, but I'd still need to write a shell script and/or hook into exec on MSBuild so I can shift left. Related to #619 |
Acknowledge it doesn't solve the shift left issue, but glad to hear it resolves your ability to run DevSkim in Windows GitHub Action runners. |
Is your feature request related to a problem? Please describe.
There is a docker container run for Linux, but the action is not available on Windows.
Describe the solution you'd like
I am performing matrix builds and wish to run DevSkim through a single pipeline without conditional logic
Describe alternatives you've considered
Additional context
See rjmurillo/moq.analyzers#83
The text was updated successfully, but these errors were encountered: