GitHub - haskell-actions/hlint-scan: Scan Haskell code with HLint. (original) (raw)

Code scanning with HLint

This is a GitHub action which scans Haskell code using HLintand uploads its suggested improvements to GitHub code scanning.

Usage

A minimal example for setting up code scanning with HLint:

name: Scan code with HLint on: [push, pull_request]

jobs: hlint: runs-on: ubuntu-latest permissions: # Needed to upload results to GitHub code scanning. security-events: write steps: - uses: actions/checkout@v4 - uses: haskell-actions/hlint-scan@v1

The action needs write permission for security-events to upload the analysis results to GitHub.

If you would like to use this as a status check which would prevent pull requests from being merged until an issue is resolved, you can adjust the alert severityfor which code scanning will trigger a failed check.

Inputs

None of the inputs are required. You only need to set them if the defaults do not work for your situation.

binary

Path to the hlint binary.

path

Path of file or directory that HLint will be told to scan. Multiple paths can be specified, delimited by whitespace.

hints

Path for HLint configuration file.

category

Category distinguishing multiple analyses at the same commit.

fail-on

If not empty, then this disables code scanning and instead outputs annotations. The value can be one of 'never', 'error', 'warning', or 'note', which are based on the levels specified by SARIF, and it controls at what level a non-zero exit can happen. Note that for pull requests, the non-zero exit can happen even if the issue is in part of the code not changed by the pull request. This is only intended for use in private GitHub repositories which do not have code scanning available.

Outputs

sarif-id

The ID of the uploaded SARIF file.

Examples

When scanning code with HLint on pushes, issues will show up in the "Code scanning" dashboard in the "Security" section:

In code scanning dashboard

When scanning code with HLint in a pull request, issues with the change will be reported in the pull request:

In pull request

Project information

Status

Build HLint Ormolu OpenSSF Scorecard OpenSSF Best Practices

Code of conduct

Be nice; see CODE_OF_CONDUCT.md for details.

Security policy

See SECURITY.md for details.

Contributing

See CONTRIBUTING.md for details.

License

Apache 2.0; see LICENSE for details.

Disclaimer

This project is not an official Google project. It is not supported by Google, and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.