codacy/codacy-analysis-cli

[CY-3297] Codacy runs itself even though repository analysis is on

tscpp opened this issue · 2 comments

tscpp commented

I report the issues in GitHub using an actions workflow file .github/workflows/codacy.yml

# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature.  For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.

name: Codacy

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  codacy-security-scan:
    name: Codacy Security Scan 1-2min
    runs-on: ubuntu-latest
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
        uses: actions/checkout@v2
        
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v1
        with:
          node-version: ${{ matrix.node-version }}
      - run: npm ci
      - run: npm run build # spec/src/spec.ts needs ../../build which is generated by build script

      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
        uses: codacy/codacy-analysis-cli-action@1.1.0
        with:
          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
          # You can also omit the token and run the tools that support default configurations
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          verbose: true
          output: results.sarif
          format: sarif
          # Adjust severity of non-security issues
          gh-code-scanning-compat: true
          # Force 0 exit code to allow SARIF file generation
          # This will handover control about PR rejection to the GitHub side
          max-allowed-issues: 2147483647

      # Upload the SARIF file generated in the previous step
      - name: Upload SARIF results file
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

(https://github.com/kolint/kolint/blob/master/.github/workflows/codacy.yml)

But Codacy still runs on master branch's commits. How do I fix this?

github-actions commented

Internal ticket created : CY-3297

machadoit commented

Hi @tscpp

Since you have the repository on Codacy, by default Codacy will report status to your repository. To keep the repository on Codacy to fetch the configuration. To not have any output on Codacy side you should go to:

  • Repository settings > Integrations and disable all the checks

Let me know if this work for you

  • 👍1