Make Mix compilation produce report that is machine-readable.
Currently supported formats:
Add it to list of your dependencies:
def deps do
[
{:mix_machine, "~> 0.1.0"}
]
endAnd now you can use:
$ mix compile.machineThat will produce report.json with SARIF format.
Current behaviour can be controlled by few flags:
--format <format> (-f) - output format, currently supported values are
sarif and code_climate, defaults to sarif.--output <path> (-o) - output file, defaults to report.json.--pretty - pretty print output.In addition to CLI flags these options can be set in project/0 function in
mix.exs in :machine keyword list (it has lower precedence than CLI flags):
:format - atom :sarif or :code_climate that describes default format.:output - default filename to produce output.:pretty - boolean flag whether the output should be pretty printed.:root - relative path to root directory, defaults to current working
directory. It can be useful in situations when you have multirepo where
the Elixir application isn't mounted at root of the repository.def project do
[
# …
machine: [
format: :code_climate,
output: "codeclimate.json",
pretty: true,
root: ".."
]
]In your github .yml file, after you download Elixir deps, compile your project
with mix mix_machine.compile.
- name: Compile Deps
run: mix deps.compile
- name: Compile Project
run: mix compile.machineNote: This must come before any other lines that would inadvertently compile
your code such as mix test!
Note: the mix deps.compile in a separate step is not required but it can be
helpful to separate any compilation warnings in your project from any
compilation warnings in your deps.
Then later in the .yml file add this to upload your Sarif file to your GitHub repository:
- name: Upload Sarif
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: report.jsonSee LICENSE.