Run Salesforce Code Analyzer - GitHub Action

The run-code-analyzer GitHub Action scans your code for violations using Salesforce Code Analyzer, uploads the results as an artifact, and displays the results as a job summary.

Inputs

• run-command (Default: run)
  • Specifies the Salesforce Code Analyzer command to run.
    Possible values are: run, run dfa.
    
  • For more info on Code Analyzer, read our documentation.
• run-arguments (Default: --normalize-severity)
  • Specifies arguments passed to the specified run-command value.
    The arguments provided must include --normalize-severity.
    To control the output file included in the uploaded artifact, specify an output file with the --outfile argument.
    If an output file isn’t specified, results are written to GitHub workflow run logs and a SalesforceCodeAnalyzerResults.json file is included in the uploaded artifact.
  • For a full list of acceptable arguments, read the appropriate Command Reference:
    • sf scanner run
    • sf scanner run dfa
• results-artifact-name (Default: code-analyzer-results)
  • Specifies the name of the zip archive job artifact where the results output file is uploaded.

Outputs

• exit-code
  • The Salesforce Code Analyzer execution exit code.
• num-violations
  • The total number of violations found.
• num-sev1-violations
  • The number of normalized high-severity violations found.
• num-sev2-violations
  • The number of normalized medium-severity violations found.
• num-sev3-violations
  • The number of normalized low-severity violations found.

This run-code-analyzer action will not exit your GitHub workflow when violations are found. Instead, we recommend adding a subsequent step to your workflow that uses these outputs to determine how your workflow should proceed.

Example Usage

name: Salesforce Code Analyzer Workflow
on: push
jobs:
  salesforce-code-analyzer-workflow:
    runs-on: ubuntu-latest
    steps:
      - name: Check out files
        uses: actions/checkout@v4

      - name: Install Salesforce CLI
        run: npm install -g @salesforce/cli@latest

      - name: Install Salesforce Code Analyzer Plugin
        run: sf plugins install @salesforce/sfdx-scanner@latest

      - name: Run Salesforce Code Analyzer
        id: run-code-analyzer
        uses: forcedotcom/run-code-analyzer@v1
        with:
          run-command: run
          run-arguments: --normalize-severity --target . --outfile results.html
          results-artifact-name: salesforce-code-analyzer-results

      - name: Check the outputs to determine whether to fail
        if: |
          steps.run-code-analyzer.outputs.exit-code > 0 ||
          steps.run-code-analyzer.outputs.num-sev1-violations > 0 ||
          steps.run-code-analyzer.outputs.num-violations > 10
        run: exit 1

Contributing

To contribute to the run-code-analyzer GitHub Action, see CONTRIBUTING.md.