Exakat in Github Action
Github Actions is way to automate your software development workflow on github. You can execute actions on your repositories at Github, and resolve issues before merging new code. Exakat integrates smoothly in the Github ecosystem with a dedicated action and its configuration. Let’ install Exakat in Github Action!
Getting started
Exakat for Github is available on Github Market place in the Code Quality and Security sections.
The installation process is as reduced as adding a new file to the repository.
- Navigate to your repository, as a github user with writing rights.
- Create a new file, with the button
Add file
- Call this file
.github/workflows/test.yml
..github
is a special folder for Github, andworkflows
is the folder dedicated to actions.
- Fill the
test.yml
file with the following YAML code :
on: [push, pull_request]
name: Test
jobs:
exakat:
name: Scan with Exakat
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Exakat
- uses: docker://exakat/exakat-ga
The action is now configured to be automatically activated upon push and pull request actions. If you have a public repository, it will be free to use; if you have a private repository, it will be counted on your plan.
The steps mention a action/checkout@v2
step, which clones the code into the Action environment, so that exakat/exakat-ga
can audit it.
- Commit the configuration file to Github
- In the toolbar, you can find ‘Actions’ next to ‘Pull Request’. There, you’ll find the action being run. All run of the action will be listed there. You can click on the current action to see it running.
- All results from Exakat will be listed there when it is finished. Note that this page doesn’t refresh automatically, so you have to click on
Test
orScan with Exakat
to see it being refreshed. - When the audit is done, the results are displayed as a text table : each block is a file, and each line has the line number, the description of the issue, and the rule short names.
-----------------------------------------------------------------------------------
line /thinkphp/library/think/controller/Rest.php
-----------------------------------------------------------------------------------
41 Static Methods Called From Object Classes/StaticMethodsCalledFromObject
42 Should Make Ternary Structures/ShouldMakeTernary
42 Uses Default Values Functions/UsesDefaultArguments
42 Wrong Type For Native PHP Function Php/WrongTypeForNativeFunction
50 Wrong Number Of Arguments Functions/WrongNumberOfArguments
77 Drop Else After Return Structures/DropElseAfterReturn
95 Wrong Type For Native PHP Function Php/WrongTypeForNativeFunction
132 Uses Default Values Functions/UsesDefaultArguments
-----------------------------------------------------------------------------------
For example, in the file /thinkphp/library/think/controller/Rest.php
, on line 42, Wrong Type For Native PHP Function
has been detected. The documentation for this rule is available at Wrong Type For Native PHP Function.
Congratulations! You have now configured Exakat to run on your repository. It will run immediately, and provide you with insight on the code.
Configuring Exakat
It is possible to configure the Github Action and ignore rules and ignore directories
Excluding rules
By default, Exakat on Github Actions runs the CI-checks ruleset. This is a pre-defined set of 180 rules. This is only a small subset of the vast reference library of Exakat (over 750 analysis documented). It is nice for a first audit, and it may be too much for a daily usage, until those issues are under control.
Let say that ‘Should Make Ternary‘ and ‘Uses Default Values` are too much for this repository. We can consider these problems later.
To omits those rules, we are going to configure Exakat Github Action with the short code, which are the third column in the results.
- Go to the previously created
.github/workflows/test.yml
- Edit the test.yml file with the online editor
- Add the following lines at the end of the file, after the `use:’ keyword : this is a parameter for this command. Make sure to use the valid YAML syntax
with:
ignore_rules: 'Structures/ShouldMakeTernary,Functions/UsesDefaultArguments'
- Commit the newly edited
test.yml
file
- Go again in the Actions tab.
- Once the results are in, we now have fewer issues per files.
The ignore_rules
directive allows for fine-tuning the auditing system by choosing the exact rules that fit your workflow. Use it to ignore rules that are not valuable for you, focusing on the important ones.
Excluding folders
By default, Exakat runs the audit on the whole repository. Yet, some folders may be excluded, such as cache
or test
folders. Here, the unit tests are in /thinkphp/tests
. We’ll use it to omit those files.
- Go to the previously created
.github/workflows/test.yml
- Edit the test.yml file with the online editor
- Add the following lines at the end of the file, after the
ignore_rules:
keyword : this is a parameter for theuses
command. Make sure to use the valid YAML syntaxignore_dirs: '/thinkphp/tests'
- Commit the newly edited
test.yml
file - Go again in the Actions tab.
- Once the results are in, we now have fewer files
The ignore_dirs
directive allows for fine-tuning the audited files. Use it to ignore files, to keep the audit quick and efficient.
Good Audits
You are now all set to use Exakat on Github. It runs on every commit and PR, and you can now focus on the important rules to monitor your code. The complete documentation for Exakat is available online.