Skip to content

Commit

Permalink
feat: provide html output with detected defects (#400)
Browse files Browse the repository at this point in the history
  • Loading branch information
jamacku authored May 3, 2024
1 parent ddda960 commit 723a734
Show file tree
Hide file tree
Showing 7 changed files with 113 additions and 2 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/differential-shellcheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,11 @@ jobs:
name: Differential ShellCheck SARIF
path: ${{ steps.ShellCheck.outputs.sarif }}
retention-days: 7

- if: ${{ always() }}
name: Upload artifact with defects in XHTML format
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: Differential ShellCheck HTML
path: ${{ steps.ShellCheck.outputs.html }}
retention-days: 7
23 changes: 23 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,29 @@ Relative path to SARIF file containing detected defects. Example of use:
sarif_file: ${{ steps.ShellCheck.outputs.sarif }}
```

### html

Relative path to HTML file containing detected defects. Example of use:

```yaml
- id: ShellCheck
name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@v5
- if: ${{ always() }}
name: Upload artifact with ShellCheck defects in HTML format
uses: actions/upload-artifact@v4
with:
name: Differential ShellCheck HTML
path: ${{ steps.ShellCheck.outputs.html }}
```

[Example](docs/example.xhtml) of HTML output:

<p align="center">
<img src="docs/images/html-output-exmple.png" width="800" alt="HTML output example" />
</p>

## Using with Private repositories

Differential ShellCheck GitHub Action could be used in private repositories by any user. But code scanning-related features are available only for GitHub Enterprise users, as mentioned in [GitHub Documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning):
Expand Down
4 changes: 3 additions & 1 deletion action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,9 @@ inputs:

outputs:
sarif:
description: 'The SARIF file containing defects'
description: The SARIF file containing defects
html:
description: The HTML file containing defects

runs:
using: docker
Expand Down
71 changes: 71 additions & 0 deletions docs/example.xhtml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.1//EN' 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head><title>Scan Results</title></head>
<body style='background: white;'>
<h1>Scan Results</h1>
<h2>List of Defects</h2>
<pre style='white-space: pre-wrap;'>
<a name='def1'/><b>Error: <span style='background: #C0FF00;'>SHELLCHECK_WARNING</span>:</b> <a href ='#def1'>[#def1]</a>
docs/example.sh:7:7: info[<b><a href="https://github.com/koalaman/shellcheck/wiki/SC2086" title="description of ShellCheck's checker SC2086">SC2086</a></b>]: Double quote to prevent globbing and word splitting.
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 4| # Quoting</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 5| # =======</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 6| </span></span>
<span style='color: #00C0C0;'>#<span style='color: #000000;'> 7|-&gt; echo $1 # Unquoted variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 8| rm &quot;~/my file.txt&quot; # Quoted tilde expansion</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 9| v=&apos;--verbose=&quot;true&quot;&apos;; cmd $v # Literal quotes in variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 10| # touch $@ # Unquoted $@</span></span>

<a name='def2'/><b>Error: <span style='background: #C0FF00;'>SHELLCHECK_WARNING</span>:</b> <a href ='#def2'>[#def2]</a>
docs/example.sh:8:6: warning[<b><a href="https://github.com/koalaman/shellcheck/wiki/SC2088" title="description of ShellCheck's checker SC2088">SC2088</a></b>]: Tilde does not expand in quotes. Use $HOME.
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 5| # =======</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 6| </span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 7| echo $1 # Unquoted variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #000000;'> 8|-&gt; rm &quot;~/my file.txt&quot; # Quoted tilde expansion</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 9| v=&apos;--verbose=&quot;true&quot;&apos;; cmd $v # Literal quotes in variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 10| # touch $@ # Unquoted $@</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 11| # echo &apos;Path is $PATH&apos; # Variables in single quotes</span></span>

<a name='def3'/><b>Error: <span style='background: #C0FF00;'>SHELLCHECK_WARNING</span>:</b> <a href ='#def3'>[#def3]</a>
docs/example.sh:9:4: warning[<b><a href="https://github.com/koalaman/shellcheck/wiki/SC2089" title="description of ShellCheck's checker SC2089">SC2089</a></b>]: Quotes/backslashes will be treated literally. Rewrite using set/&quot;$@&quot; or functions.
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 6| </span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 7| echo $1 # Unquoted variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 8| rm &quot;~/my file.txt&quot; # Quoted tilde expansion</span></span>
<span style='color: #00C0C0;'>#<span style='color: #000000;'> 9|-&gt; v=&apos;--verbose=&quot;true&quot;&apos;; cmd $v # Literal quotes in variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 10| # touch $@ # Unquoted $@</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 11| # echo &apos;Path is $PATH&apos; # Variables in single quotes</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 12| # trap &quot;echo Took ${SECONDS}s&quot; 0 # Prematurely expanded trap</span></span>

<a name='def4'/><b>Error: <span style='background: #C0FF00;'>SHELLCHECK_WARNING</span>:</b> <a href ='#def4'>[#def4]</a>
docs/example.sh:9:28: warning[<b><a href="https://github.com/koalaman/shellcheck/wiki/SC2090" title="description of ShellCheck's checker SC2090">SC2090</a></b>]: Quotes/backslashes in this variable will not be respected.
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 6| </span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 7| echo $1 # Unquoted variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 8| rm &quot;~/my file.txt&quot; # Quoted tilde expansion</span></span>
<span style='color: #00C0C0;'>#<span style='color: #000000;'> 9|-&gt; v=&apos;--verbose=&quot;true&quot;&apos;; cmd $v # Literal quotes in variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 10| # touch $@ # Unquoted $@</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 11| # echo &apos;Path is $PATH&apos; # Variables in single quotes</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 12| # trap &quot;echo Took ${SECONDS}s&quot; 0 # Prematurely expanded trap</span></span>

<a name='def5'/><b>Error: <span style='background: #C0FF00;'>SHELLCHECK_WARNING</span>:</b> <a href ='#def5'>[#def5]</a>
docs/example.sh:9:28: style[<b><a href="https://github.com/koalaman/shellcheck/wiki/SC2248" title="description of ShellCheck's checker SC2248">SC2248</a></b>]: Prefer double quoting even when variables don&apos;t contain special characters.
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 6| </span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 7| echo $1 # Unquoted variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 8| rm &quot;~/my file.txt&quot; # Quoted tilde expansion</span></span>
<span style='color: #00C0C0;'>#<span style='color: #000000;'> 9|-&gt; v=&apos;--verbose=&quot;true&quot;&apos;; cmd $v # Literal quotes in variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 10| # touch $@ # Unquoted $@</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 11| # echo &apos;Path is $PATH&apos; # Variables in single quotes</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 12| # trap &quot;echo Took ${SECONDS}s&quot; 0 # Prematurely expanded trap</span></span>

<a name='def6'/><b>Error: <span style='background: #C0FF00;'>SHELLCHECK_WARNING</span>:</b> <a href ='#def6'>[#def6]</a>
docs/example.sh:9:28: style[<b><a href="https://github.com/koalaman/shellcheck/wiki/SC2250" title="description of ShellCheck's checker SC2250">SC2250</a></b>]: Prefer putting braces around variable references even when not strictly required.
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 6| </span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 7| echo $1 # Unquoted variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 8| rm &quot;~/my file.txt&quot; # Quoted tilde expansion</span></span>
<span style='color: #00C0C0;'>#<span style='color: #000000;'> 9|-&gt; v=&apos;--verbose=&quot;true&quot;&apos;; cmd $v # Literal quotes in variables</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 10| # touch $@ # Unquoted $@</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 11| # echo &apos;Path is $PATH&apos; # Variables in single quotes</span></span>
<span style='color: #00C0C0;'>#<span style='color: #C0C0C0;'> 12| # trap &quot;echo Took ${SECONDS}s&quot; 0 # Prematurely expanded trap</span></span>

</pre>
</body>
</html>
Binary file added docs/images/html-output-exmple.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7 changes: 7 additions & 0 deletions src/index.sh
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,14 @@ csgrep \
--set-scan-prop='tool-url:https://www.shellcheck.net/wiki/' \
"${WORK_DIR}sarif-defects.log" > output.sarif

# Produce report in HTML format
cshtml \
"${WORK_DIR}sarif-defects.log" > output.xhtml

# shellcheck disable=SC2154
# GITHUB_OUTPUT is GitHub Actions environment variable
echo "sarif=output.sarif" >> "${GITHUB_OUTPUT}"
echo "html=output.xhtml" >> "${GITHUB_OUTPUT}"

# SARIF upload
if [[ -n "${INPUT_TOKEN}" ]]; then
Expand Down
2 changes: 1 addition & 1 deletion test/index.bats
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ setup () {
}

teardown () {
rm -f ../base-shellcheck.err ../changed-files.txt ../defects.log ../fixes.log ../head-shellcheck.err ./output.sarif
rm -f ../base-shellcheck.err ../changed-files.txt ../defects.log ../fixes.log ../head-shellcheck.err ./output.sarif ./output.xhtml

export \
SCRIPT_DIR="" \
Expand Down

0 comments on commit 723a734

Please sign in to comment.