gfs
commented
3 weeks ago Thanks for the feedback. It seems that a Dockerfile defined action (as DevSkim-Action is) is restricted to Linux pipelines only - the workaround seems to be to migrate to a Typescript action. I found a similar issue reported in another repo on GitHub with the same conclusion - https://github.com/peter-evans/create-pull-request/issues/40. For us, the workaround is a little undesirable here - the docker method allows us to ensure that the .NET SDK is available and pull the latest version of the DevSkim tool, without interfering with the users environment, and ultimately the equivalent behavior of the action is only a couple lines of YML.
It's a little less 'clean' than calling the one line to the DevSkim action but you can accomplish basically the same thing with a two items, by installing the DevSkim .NET tool and then running it.
- run: dotnet tool install --tool-path path/to/tools Microsoft.CST.DevSkim.CLI
- run: path/to/tools/devskim analyze ... -O devskim-results.sarif
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarifSubstituting ... with the arguments you'd like to provide to the DevSkim CLI, and path/to/tools with the path you'd like to install DevSkim to.
Do you think that would work for you?
rjmurillo
Is your feature request related to a problem? Please describe. There is a docker container run for Linux, but the action is not available on Windows.
Describe the solution you'd like I am performing matrix builds and wish to run DevSkim through a single pipeline without conditional logic
Describe alternatives you've considered
Additional context See https://github.com/rjmurillo/moq.analyzers/pull/83