From 7358cc295b734afa7c9bc3454c07cbf0b35ea259 Mon Sep 17 00:00:00 2001
From: blooper05 <legend.of.blooper@gmail.com>
Date: Wed, 19 Mar 2025 17:50:16 +0900
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat:=20Support=20sarif=20reporter?=
 =?UTF-8?q?=20which=20uses=20Code=20Scanning?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

refs. https://github.com/reviewdog/action-composite-template/pull/33
---
 .github/workflows/test.yml | 13 +++++++++++++
 README.md                  |  9 ++++++---
 action.yml                 | 14 +++++++++++---
 script.sh                  | 16 ++++++++++++----
 4 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8416d57..177744a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -58,3 +58,16 @@ jobs:
       - name: check the exit code
         if: ${{ !success() }}
         run: echo 'The previous step should fail' && exit 1
+
+  test-sarif:
+    name: runner / rails_best_practices (sarif)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f  # v1.227.0
+        with:
+          ruby-version: ruby
+      - uses: ./
+        with:
+          reporter: sarif
+          workdir: ./testdata/
diff --git a/README.md b/README.md
index b41f694..b11809c 100644
--- a/README.md
+++ b/README.md
@@ -34,13 +34,13 @@ inputs:
     description: Report level for reviewdog [info,warning,error].
     default: error
   reporter:
-    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check].
+    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check,sarif].
     default: github-check
   filter_mode:
     description: |
       Filtering mode for the reviewdog command [added,diff_context,file,nofilter].
-      Default is added.
-    default: added
+      Default is `added` except that sarif reporter uses `nofilter`.
+    default: ''
   fail_on_error:
     description: |
       Exit code for reviewdog when errors are found [true,false].
@@ -49,6 +49,9 @@ inputs:
   reviewdog_flags:
     description: Additional reviewdog flags.
     default: ''
+  output_dir:
+    description: Output directory of reviewdog result. Useful for -reporter=sarif
+    default: ../reviewdog-results
   ### Flags for rails_best_practices ###
   rails_best_practices_version:
     description: rails_best_practices version
diff --git a/action.yml b/action.yml
index e3729cd..2b0bb0c 100644
--- a/action.yml
+++ b/action.yml
@@ -17,13 +17,13 @@ inputs:
     description: Report level for reviewdog [info,warning,error].
     default: error
   reporter:
-    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check].
+    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check,sarif].
     default: github-check
   filter_mode:
     description: |
       Filtering mode for the reviewdog command [added,diff_context,file,nofilter].
-      Default is added.
-    default: added
+      Default is `added` except that sarif reporter uses `nofilter`.
+    default: ''
   fail_on_error:
     description: |
       Exit code for reviewdog when errors are found [true,false].
@@ -32,6 +32,9 @@ inputs:
   reviewdog_flags:
     description: Additional reviewdog flags.
     default: ''
+  output_dir:
+    description: Output directory of reviewdog result. Useful for -reporter=sarif
+    default: ../reviewdog-results
   ### Flags for rails_best_practices ###
   rails_best_practices_version:
     description: rails_best_practices version
@@ -58,8 +61,13 @@ runs:
         INPUT_FILTER_MODE: ${{ inputs.filter_mode }}
         INPUT_FAIL_ON_ERROR: ${{ inputs.fail_on_error }}
         INPUT_REVIEWDOG_FLAGS: ${{ inputs.reviewdog_flags }}
+        INPUT_OUTPUT_DIR: ${{ inputs.output_dir }}
         INPUT_RAILS_BEST_PRACTICES_VERSION: ${{ inputs.rails_best_practices_version }}
         INPUT_RAILS_BEST_PRACTICES_FLAGS: ${{ inputs.rails_best_practices_flags }}
+    - if: inputs.reporter == 'sarif'
+      uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5  # v3.28.11
+      with:
+        sarif_file: ${{ inputs.output_dir }}
 
 # Ref: https://haya14busa.github.io/github-action-brandings/
 branding:
diff --git a/script.sh b/script.sh
index 67982cc..6b27f14 100755
--- a/script.sh
+++ b/script.sh
@@ -1,10 +1,16 @@
-#!/bin/sh
+#!/bin/bash
 set -e
 
 if [ -n "${GITHUB_WORKSPACE}" ]; then
   cd "${GITHUB_WORKSPACE}/${INPUT_WORKDIR}" || exit
 fi
 
+mkdir -p "${INPUT_OUTPUT_DIR}"
+OUTPUT_FILE_NAME="reviewdog-${INPUT_TOOL_NAME}"
+if [[ "${INPUT_REPORTER}" == "sarif" ]]; then
+  OUTPUT_FILE_NAME="${OUTPUT_FILE_NAME}.sarif"
+fi
+
 export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}"
 
 echo '::group::🐶 Installing rails_best_practices ... https://github.com/flyerhzm/rails_best_practices'
@@ -42,7 +48,9 @@ rails_best_practices --without-color --silent . ${INPUT_RAILS_BEST_PRACTICES_FLA
     -filter-mode="${INPUT_FILTER_MODE}" \
     -fail-on-error="${INPUT_FAIL_ON_ERROR}" \
     -level="${INPUT_LEVEL}" \
-    ${INPUT_REVIEWDOG_FLAGS}
-exit_code=$?
+    ${INPUT_REVIEWDOG_FLAGS} |
+  tee "${INPUT_OUTPUT_DIR}/${OUTPUT_FILE_NAME}"
+
+exit_code=${PIPESTATUS[1]}
 echo '::endgroup::'
-exit $exit_code
+exit "$exit_code"