Add DevSkim GitHub action support for Windows #618
Comments
|
Thanks for the feedback. It seems that a Dockerfile defined action (as DevSkim-Action is) is restricted to Linux pipelines only - the workaround seems to be to migrate to a Typescript action. I found a similar issue reported in another repo on GitHub with the same conclusion - peter-evans/create-pull-request#40. For us, the workaround is a little undesirable here - the docker method allows us to ensure that the .NET SDK is available and pull the latest version of the DevSkim tool, without interfering with the users environment, and ultimately the equivalent behavior of the action is only a couple lines of YML. It's a little less 'clean' than calling the one line to the DevSkim action but you can accomplish basically the same thing with a two items, by installing the DevSkim .NET tool and then running it. - run: dotnet tool install --tool-path path/to/tools Microsoft.CST.DevSkim.CLI
- run: path/to/tools/devskim analyze ... -O devskim-results.sarif
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarifSubstituting Do you think that would work for you? |
|
It resolves this specific issue, but I'd still need to write a shell script and/or hook into exec on MSBuild so I can shift left. Related to #619 |
|
Acknowledge it doesn't solve the shift left issue, but glad to hear it resolves your ability to run DevSkim in Windows GitHub Action runners. |
Is your feature request related to a problem? Please describe.
There is a docker container run for Linux, but the action is not available on Windows.
Describe the solution you'd like
I am performing matrix builds and wish to run DevSkim through a single pipeline without conditional logic
Describe alternatives you've considered
Additional context
See rjmurillo/moq.analyzers#83
The text was updated successfully, but these errors were encountered: