生产运营/行业运营>> github-action-docker>> 返回
项目作者: embold

项目描述 :
Embold Docker Container for Github Action
高级语言: Shell
项目地址: git://github.com/embold/github-action-docker.git
创建时间: 2021-08-11T08:56:57Z
项目社区:https://github.com/embold/github-action-docker
开源协议:GNU Affero General Public License v3.0
下载


EMBOLD Github Actions

Embold Github Actions uncovers potential bugs, vulnerabilities and hard-to-detect anti-patterns that make your code difficult to maintain and can lead to error-prone solutions.

Embold is an AI-based software analytics platform that helps teams analyse and improve software quality. It analyses source code across 4 dimensions: code issues, design issues, metrics and duplication, and surfaces issues which impact stability, robustness, security, and maintainability. The Embold Score helps teams understand risk areas and prioritise the most important fixes.

PRE-REQUISITES

  1. You have Embold Enterprise License with version 1.9.2.0 and above.
  2. You have an Embold Access Token corresponding to your account
  3. The repository to be analysed is linked to Embold
  4. Languages supported: Java, C/C++, Objective C, SQL, HTML, Apex.

USAGE

  1. Create remote repository on Embold UI and download its repository-configuration.json.
  2. Copy the downloaded repository-configuration.json to your base folder and replace the below values:
    • “dataDir”: “./EMBOLD_DATA”,
    • “baseDir”: “$GITHUB_WORKSPACE”,
      Commit the json file to your repository at the top level.

  3. Secrets: Secrets can be created at 2 levels

    • Repository level secret
      EMBOLD_TOKEN: This is required to authenticate access to Embold.
      You can set the EMBOLD_TOKEN environment variable in the “Secrets” settings page of your repository. For more details, refer EAT documentation here

    • Organization level secret
      EMBOLD_TOKEN: This is required to authenticate access to Embold.
      You can set the EMBOLD_TOKEN environment variable in the “Secrets” settings page of your organization. For more details, refer EAT documentation here

  4. The workflow is usually declared in .github/workflows/main.yaml, and looks like this:

  1. on: [push]
  2. jobs:
  3.   embold_scan_job:
  4.     runs-on: ubuntu-latest
  5.     name: Embold scan
  6.     steps:
  7.       - uses: actions/checkout@v2
  8.       - name: Embold scan step
  9.         id: embold
  10.         uses: embold/github-action-docker@v0.2
  11.         with:
  12.           embold-url: <Your Embold Server URL>
  13.           embold-token: ${{ secrets.EMBOLD_TOKEN }}
  14.           repo-config: '/github/workspace/repository-configuration.json'
  15.           repo-uid: <The Embold Repository UID>
  16.           # Uncomment the below line for verbose logging
  17.           # verbose: true
  1. Embold Github action will then scan your source code on push.
  2. Once the job is complete, scan results are available on the Embold server

FEEDBACK

Feel free to use Embold Community to give feedback, feature requests or reporting a bug.

LICENSE

Sources and documentation in this repository are released under the AGPL v3