From 2e6d986598f208c1aa90db062dd67f5171c13ef8 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Thu, 18 Sep 2025 09:56:45 +0200 Subject: [PATCH] Create dottest_autofix.yml Added example of how CI/CD autofix solution can repair code in github pipeline --- .github/workflows/dottest_autofix.yml | 86 +++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 .github/workflows/dottest_autofix.yml diff --git a/.github/workflows/dottest_autofix.yml b/.github/workflows/dottest_autofix.yml new file mode 100644 index 0000000..61bbaa3 --- /dev/null +++ b/.github/workflows/dottest_autofix.yml @@ -0,0 +1,86 @@ +# This workflow runs Parasoft dotTEST to analyze code +# and display results with Github code scanning alerts. +# Parasoft dotTEST is a testing tool that provides code analysis techniques +# to improve code quality and ensure compliance with industry standards. +# See https://github.com/parasoft/run-dottest-action for more information. + +name: Parasoft dotTEST Code Analysis + +on: + # Allows you to run this workflow manually from the Actions tab. + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel. +jobs: + # This workflow is made up of one job "run-dottest-action". + run-dottest-action: + # Specifies the name of the job. + name: Run code analysis with dotTEST + + # Specifies required permissions for upload-sarif action + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + + # Specifies the type of runner that the job will run on. + runs-on: self-hosted + + # Steps represent a sequence of tasks that will be executed as part of the job. + steps: + + # Checks out your repository, so that your job can access it. + - name: Check out code + uses: actions/checkout@v4 + + # --------------------------------------------------------------- + # Runs code analysis with dotTEST and generates a .sarif report. + - name: Run Parasoft dotTEST + id: dottest + uses: parasoft/run-dottest-action@2.0.2 + with: + # Path to the dotTEST installation directory, which contains dottestcli.exe. If not specified, dottestcli.exe will be searched for on PATH. + #installDir: # optional + # Path to the project to be analyzed when no solution is provided. Specify a semicolon-separated list of paths to analyze many projects. Supports ANT-style wildcards. + testConfig: Recommended Rules + #settings: # optional + # A single configuration setting in the "key=value" format. + #property: # optional + # Solution configuration, e.g. "Debug". + #solutionConfig: Debug + # Target platform of the solution configuration (e.g."Any CPU") or project configuration (e.g. "AnyCPU"). + #targetPlatform: "Any CPU" + # Path to the location where console output is saved. + #out: ${{ github.workspace }}/.dottest/report/${{ github.run_number }}/output.txt + + # --------------------------------------------------------------- + # Uploads an archive that includes all report files (.xml, .html, .sarif). + - name: Upload report artifacts + uses: actions/upload-artifact@v3 + if: always() + with: + name: Report files + path: ${{ steps.dottest.outputs.reportDir }}/*.* + + # --------------------------------------------------------------- + # Uploads analysis results in the SARIF format, so that they are displayed as GitHub code scanning alerts. + - name: Upload results to GitHub + uses: github/codeql-action/upload-sarif@v3 + if: always() + with: + sarif_file: ${{ steps.dottest.outputs.report }} + + + # --------------------------------------------------------------- + # Runs code autofix + - name: Run code autofix + if: always() + shell: bash + run: | + python "${{ steps.dottest.outputs.installDir }}/integration/aider/DottestAutoFix.py" \ + --report "${{ steps.dottest.outputs.report }}" \ + --tool-home "${{ steps.dottest.outputs.installDir }}" \ + --solution "${{ steps.dottest.outputs.solution }}" \ + --fix-limit 3