search

mitchspano / sfdx-scan-pull-request

Runs sfdx-scanner on a pull request and generates in-line comments with the findings.
Apache License 2.0
73 stars 25 forks source link

Comments non added when the XML tag is missing #77

Open vt89 opened 8 months ago

vt89 commented 8 months ago

I am using multiple PMD rulesets within the scan:

pmd ├── pmd-ruleset.xml ├── custom-pmd-ruleset.xml

The pmd-ruleset.xml is:

<?xml version="1.0">
<ruleset name="master"
    xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">
    <description>Master Ruleset</description>
    ...... 
    <rule ref="custom-pmd-ruleset.xml" />
</ruleset>

The custom-pmd-ruleset.xml contains two rules:

<?xml version="1.0"?>
<ruleset
    name="Custom PMD Ruleset"
    xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd"
>
    <description>Custom PMD Ruleset</description>

    <rule name="LatestApiVersion" language="xml" message="Metadata should use the latest API version."
        class="net.sourceforge.pmd.lang.rule.XPathRule">
        <priority>3</priority>
        <properties>
            <property name="version" value="2.0" />
            <property name="xpath">
                <value><![CDATA[
                //apiVersion/text[number(@Image) < 60]
            ]]></value>
            </property>
        </properties>
    </rule>

    <rule name="CustomFieldRequiresDescription" language="xml"
        message="The Description field is required for Custom Field."
        class="net.sourceforge.pmd.lang.rule.XPathRule">
        <priority>3</priority>
        <properties>
            <property name="version" value="2.0" />
            <property name="xpath">
                <value><![CDATA[
                    //CustomObject/fields[not(description)]
            ]]></value>
            </property>
        </properties>
    </rule>
</ruleset>

I have created a Pull Request containing:

  1. An Apex Class with API version 59.0
  2. A new custom field on the Account object without the descriptiontag: 
    <fields>
 <fullName>Test_Custom_Field_No_Description</fullName>
 <defaultValue>false</defaultValue>
 <externalId>false</externalId>
 <label>Test Custom Field No Description</label>
 <trackFeedHistory>false</trackFeedHistory>
 <trackHistory>false</trackHistory>
 <type>Checkbox</type>
</fields>

I am using the following step on the GitHub Action executed on the Pull Request:

- name: Run SFDX Scanner
    uses: mitchspano/sfdx-scan-pull-request@v0.1.16
    with:
      pmdconfig: pmd/pmd-ruleset.xml
      severity-threshold: 3
      engine: pmd
      report-mode: comments
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

A comment is added for the XML related to the Apex Class since the API version is < 60 but no comment is added for the Custom Field even if it does not have the description field.

mitchspano commented 8 months ago

This might be related to an issue with the sfdx scanner cli plugin - see this issue for more details - but I will take a look after work.

vt89 commented 8 months ago

@mitchspano Could it happen because the Salesforce Code Analyzer does not consider files having .object extension? I tried with a different Custom PMD Rule checking if a new custom field is added and the result is the same: no comment added.

The Custom PMD Rule used for this test is:

    <!-- CUSTOM OBJECTS / FIELDS RULES -->
    <rule name="NewCustomFieldCreated" language="xml"
        message="The new Custom Field creation has to be approved"
        class="net.sourceforge.pmd.lang.rule.XPathRule">
        <priority>2</priority>
        <properties>
            <property name="version" value="2.0" />
            <property name="xpath">
                <value><![CDATA[
                    boolean(//CustomObject/fields/fullName/text())
            ]]></value>
            </property>
        </properties>
    </rule>

And the Pull Request contains the following added change for the Account.object:

    <fields>
        <fullName>Test_VT_No_Description__c</fullName>
        <defaultValue>false</defaultValue>
        <externalId>false</externalId>
        <label>Test VT No Description</label>
        <trackFeedHistory>false</trackFeedHistory>
        <trackHistory>false</trackHistory>
        <type>Checkbox</type>
    </fields>
vt89 commented 8 months ago

I found [Feature Request]Allow for scanning of salesforce metadata where this topic was discussed.