Open rjmurillo opened 3 weeks ago
Thanks for the feedback. It seems that a Dockerfile defined action (as DevSkim-Action is) is restricted to Linux pipelines only - the workaround seems to be to migrate to a Typescript action. I found a similar issue reported in another repo on GitHub with the same conclusion - https://github.com/peter-evans/create-pull-request/issues/40. For us, the workaround is a little undesirable here - the docker method allows us to ensure that the .NET SDK is available and pull the latest version of the DevSkim tool, without interfering with the users environment, and ultimately the equivalent behavior of the action is only a couple lines of YML.
It's a little less 'clean' than calling the one line to the DevSkim action but you can accomplish basically the same thing with a two items, by installing the DevSkim .NET tool and then running it.
- run: dotnet tool install --tool-path path/to/tools Microsoft.CST.DevSkim.CLI
- run: path/to/tools/devskim analyze ... -O devskim-results.sarif
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarif
Substituting ...
with the arguments you'd like to provide to the DevSkim CLI, and path/to/tools
with the path you'd like to install DevSkim to.
Do you think that would work for you?
It resolves this specific issue, but I'd still need to write a shell script and/or hook into exec on MSBuild so I can shift left. Related to #619
CC @mattkotsenas
Acknowledge it doesn't solve the shift left issue, but glad to hear it resolves your ability to run DevSkim in Windows GitHub Action runners.
Is your feature request related to a problem? Please describe. There is a docker container run for Linux, but the action is not available on Windows.
Describe the solution you'd like I am performing matrix builds and wish to run DevSkim through a single pipeline without conditional logic
Describe alternatives you've considered
Additional context See https://github.com/rjmurillo/moq.analyzers/pull/83