PDM results not populating
raghu-madireddy opened this issue · 4 comments
raghu-madireddy commented
for some reason not able to see pmd results and always scanning coming as success. I can see errors on my local.
- name: Run SF scanner
id: sf_code_scanner
uses: mitchspano/sfdx-scan-pull-request@v0.1.14
with:
pmdconfig: 'pmd/deployRules.xml'
target: 'packge/package.xml'
severity-threshold: 1
engine: 'pmd'
Beginning sfdx-scan-pull-request run...
Validating that this action was invoked from an acceptable context...
Getting difference within the pull request ... { baseRef: 'develop', headRef: 'feature/release-test' }
From https://github.com/raghu-madireddy/salesforce-metadata-test
* [new branch] develop -> destination/develop
* [new branch] feature/release-test -> destination/feature/release-test
* [new branch] main -> destination/main
(node:2683) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Performing static code analysis on all of the files in the difference...
npx sfdx scanner:run --engine pmd --pmdconfig pmd/deployRules.xml --target ".github/workflows/ci.yml,.github/workflows/initial-checks.yml,.github/workflows/validate-develop.yml,.gitignore,force-app/main/default/classes/TestingReleasePMDTest.cls" --json
Filtering the findings to just the lines which are part of the pull request...
Creating Check Runs using GitHub REST API...
mitchspano commented
There are a few issues here:
- The latest version of the action is 0.1.15 - please upgrade to that
- The scan only produces a finding if the entire scope of the PMD finding is present in the git diff, so not all findings will be reported on
- Your target is limited to
packge/package.xml
, so it should only scan that XML file unless ran from a pull request - in which case it will scan the files in the PR. - Your report mode is check runs instead of comments, so those might render in a different spot than you are looking - here is an example of how they are rendered.
- your
severity-threshold
is set to 1, so all 2s, 3s, 4s, and 5s will be treated as warnings, not errors and will not result in the job being halted.
raghu-madireddy commented
Thanks @mitchspano ! Appreciate the quick help! I tested with the latest version, varying severity and different targets, but #2 was the issue in my case. I managed to see the results with the new class in the PR. Can we scan the entire class in case of class modifications?
mitchspano commented
Unfortunately, the Github REST API prevents us from creating a comment on lines which are outside the scope of the git diff, hence the check for total inclusion.
raghu-madireddy commented
ok, that make sense. Thanks for building this.