Merge pull request #362 from atsign-foundation/cpswan-static-analysis

ci: Add static analysis workflow
atsign-foundation · Nov 25, 2023 · 6da7368 · 6da7368
2 parents 9ca6a63 + 0aeb05c
commit 6da7368
Show file tree

Hide file tree

Showing 4 changed files with 285 additions and 2 deletions.
diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
@@ -0,0 +1,54 @@
+name: static_analysis
+# Runs the workflow on the below events:
+# 1. on pull request raised to trunk branch.
+# 2. on push event to trunk branch.
+on:
+  push:
+    branches:
+      - trunk
+  pull_request:
+    branches:
+      - trunk
+
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  static_analysis:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        package:
+          - at_cli
+          - at_cram
+          - at_dump_atKeys
+          - at_hive_recovery
+          - at_pkam
+          - at_repl
+          - at_ve_doctor
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: dart-lang/setup-dart@b64355ae6ca0b5d484f0106a033dd1388965d06d # v1.6.0
+        with:
+          sdk: stable
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: 'stable'
+          cache-dependency-path: tools/osv-scanner/go.sum
+
+      - name: Install dependencies and analyze in ${{ matrix.package }}
+        working-directory: packages/${{ matrix.package }}
+        run: |
+          dart pub get
+          dart analyze
+
+      # Runs osv-scanner to find any vulnerable Dart dependencies
+      # It needs to look at pubspec.lock files, which is why it's
+      # placed here, as the `dart pub get` above will create them
+      - name: Run osv-scanner
+        working-directory: packages/${{ matrix.package }}
+        run: |
+          go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3
+          osv-scanner --lockfile=./pubspec.lock
diff --git a/packages/at_dump_atKeys/lib/commandline_parser.dart b/packages/at_dump_atKeys/lib/commandline_parser.dart
@@ -8,7 +8,7 @@ class CommandLineParser {
   ArgResults getParserResults(List<String> arguments, ArgParser parser) {
     var results;
     try {
-      if (arguments != null && arguments.isNotEmpty) {
+      if (arguments.isNotEmpty) {
         results = parser.parse(arguments);
         if (results.options.length != parser.options.length) {
           throw ArgParserException('Invalid Arguments \n' + parser.usage);

diff --git a/packages/at_pkam/lib/commandline_parser.dart b/packages/at_pkam/lib/commandline_parser.dart
@@ -8,7 +8,7 @@ class CommandLineParser {
   ArgResults getParserResults(List<String> arguments, ArgParser parser) {
     var results;
     try {
-      if (arguments != null && arguments.isNotEmpty) {
+      if (arguments.isNotEmpty) {
         results = parser.parse(arguments);
         if (results.options.length != parser.options.length) {
           throw ArgParserException('Invalid Arguments \n' + parser.usage);