violation-comments-to-bitbucket-cloud-command-line

    1.30.1 • Public • Published

    Violation Comments To Bitbucket Cloud Command Line

    NPM Maven Central

    Report static code analysis to Bitbucket Cloud. It uses the Violations Lib.

    Bitbucket Cloud Comment

    The runnable can be found in NPM.

    Run it with:

    npx violation-comments-to-bitbucket-cloud-command-line \
     -u tomasbjerre \
     -p MY-APPLICATION-PASSWORD \
     -ws tomasbjerre \
     -rs violations-test \
     -prid 1 \
     -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
     -v "JSHINT" "." ".*jshint/report\.xml$" "JSHint"

    Create application passwords like this: https://confluence.atlassian.com/bitbucket/app-passwords-828781300.html

    If using it from Jenkins, you may integrate with Bitbucket Cloud with this plugin: https://github.com/jenkinsci/generic-webhook-trigger-plugin

    You must perform the merge before build. If you don't perform the merge, the reported violations will refer to other lines then those in the pull request. The merge can be done with a shell script like this.

    echo ---
    echo --- Merging from $FROM in $FROMREPO to $TO in $TOREPO
    echo ---
    git clone $TOREPO
    cd *
    git reset --hard $TO
    git status
    git remote add from $FROMREPO
    git fetch from
    git merge $FROM
    git --no-pager log --max-count=10 --graph --abbrev-commit
    
    Your build command here!
    

    Example of supported reports are available here.

    A number of parsers have been implemented. Some parsers can parse output from several reporters.

    Reporter Parser Notes
    ARM-GCC CLANG
    AndroidLint ANDROIDLINT
    AnsibleLint FLAKE8 With -p
    Bandit CLANG With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}"
    CLang CLANG
    CPD CPD
    CPPCheck CPPCHECK With cppcheck test.cpp --output-file=cppcheck.xml --xml
    CPPLint CPPLINT
    CSSLint CSSLINT
    Checkstyle CHECKSTYLE
    CloudFormation Linter JUNIT cfn-lint . -f junit --output-file report-junit.xml
    CodeClimate CODECLIMATE
    CodeNarc CODENARC
    Detekt CHECKSTYLE With --output-format xml.
    DocFX DOCFX
    Doxygen CLANG
    ERB CLANG With erb -P -x -T '-' "${it}" | ruby -c 2>&1 >/dev/null | grep '^-' | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out.
    ESLint CHECKSTYLE With format: 'checkstyle'.
    Findbugs FINDBUGS
    Flake8 FLAKE8
    FxCop FXCOP
    GCC CLANG
    Gendarme GENDARME
    Generic reporter GENERIC Will create one single violation with all the content as message.
    GoLint GOLINT
    GoVet GOLINT Same format as GoLint.
    GolangCI-Lint CHECKSTYLE With --out-format=checkstyle.
    GoogleErrorProne GOOGLEERRORPRONE
    HadoLint CHECKSTYLE With -f checkstyle
    IAR IAR With --no_wrap_diagnostics
    Infer PMD Facebook Infer. With --pmd-xml.
    JACOCO JACOCO
    JCReport JCREPORT
    JSHint JSLINT With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle
    JUnit JUNIT It only contains the failures.
    KTLint CHECKSTYLE
    Klocwork KLOCWORK
    KotlinGradle KOTLINGRADLE Output from Kotlin Gradle Plugin.
    KotlinMaven KOTLINMAVEN Output from Kotlin Maven Plugin.
    Lint LINT A common XML format, used by different linters.
    MSBuildLog MSBULDLOG With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename
    MSCpp MSCPP
    Mccabe FLAKE8
    MyPy MYPY
    NullAway GOOGLEERRORPRONE Same format as Google Error Prone.
    PCLint PCLINT PC-Lint using the same output format as the Jenkins warnings plugin, details here
    PHPCS CHECKSTYLE With phpcs api.php --report=checkstyle.
    PHPPMD PMD With phpmd api.php xml ruleset.xml.
    PMD PMD
    Pep8 FLAKE8
    PerlCritic PERLCRITIC
    PiTest PITEST
    ProtoLint PROTOLINT
    Puppet-Lint CLANG With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}
    PyDocStyle PYDOCSTYLE
    PyFlakes FLAKE8
    PyLint PYLINT With pylint --output-format=parseable.
    ReSharper RESHARPER
    RubyCop CLANG With rubycop -f clang file.rb
    SARIF SARIF
    SbtScalac SBTSCALAC
    Scalastyle CHECKSTYLE
    Simian SIMIAN
    Sonar SONAR With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' | jq -f sonar-report-builder.jq > sonar-report.json.
    Spotbugs FINDBUGS
    StyleCop STYLECOP
    SwiftLint CHECKSTYLE With --reporter checkstyle.
    TSLint CHECKSTYLE With -t checkstyle
    Valgrind VALGRIND With --xml=yes.
    XMLLint XMLLINT
    XUnit XUNIT It only contains the failures.
    YAMLLint YAMLLINT With -f parsable
    ZPTLint ZPTLINT

    47 parsers and 73 reporters.

    Missing a format? Open an issue here!

    Usage

    -comment-only-changed-content, -cocc <boolean>          True if only changed 
                                                            parts of the changed files 
                                                            should be commented. False if 
                                                            all findings on the 
                                                            changed files should be 
                                                            commented.
                                                            <boolean>: true or false
                                                            Default: true
    -comment-only-changed-files, -cocf <boolean>            True if only changed 
                                                            files should be commented. 
                                                            False if all findings should 
                                                            be commented.
                                                            <boolean>: true or false
                                                            Default: true
    -comment-template <string>                              https://github.
                                                            com/tomasbjerre/violation-comments-lib
                                                            <string>: any string
                                                            Default: 
    -create-comment-with-all-single-file-comments, -        <boolean>: true or false
    ccwasfc <boolean>                                       Default: false
    -create-single-file-comments, -csfc <boolean>           <boolean>: true or false
                                                            Default: true
    -h, --help <argument-to-print-help-for>                 <argument-to-print-help-for>: an argument to print help for
                                                            Default: If no specific parameter is given the whole usage text is given
    -keep-old-comments <boolean>                            <boolean>: true or false
                                                            Default: false
    -max-number-of-violations, -max <integer>               <integer>: -2,147,483,648 to 2,147,483,647
                                                            Default: 2,147,483,647
    -password, -p <string>                                  You can create an 
                                                            'application password' in Bitbucket 
                                                            to use here. See https:
                                                            //confluence.atlassian.
                                                            com/bitbucket/app-passwords-828781300.
                                                            html
                                                            <string>: any string
                                                            Default: 
    -pull-request-id, -prid <string>                        <string>: any string [Required]
    -repository-slug, -rs <string>                          <string>: any string [Required]
    -severity, -s <SEVERITY>                                Minimum severity level 
                                                            to report.
                                                            <SEVERITY>: {INFO | WARN | ERROR}
                                                            Default: INFO
    -show-debug-info                                        Please run your 
                                                            command with this parameter 
                                                            and supply output when 
                                                            reporting bugs.
                                                            Default: disabled
    -username, -u <string>                                  <string>: any string
                                                            Default: 
    --violations, -v <string>                               The violations to look 
                                                            for. <PARSER> <FOLDER> 
                                                            <REGEXP PATTERN> <NAME> where 
                                                            PARSER is one of: 
                                                            ANDROIDLINT, CHECKSTYLE, CODENARC, 
                                                            CLANG, CPD, CPPCHECK, 
                                                            CPPLINT, CSSLINT, FINDBUGS, 
                                                            FLAKE8, FXCOP, GENDARME, IAR, 
                                                            JCREPORT, JSHINT, JUNIT, LINT, 
                                                            KLOCWORK, KOTLINMAVEN, 
                                                            KOTLINGRADLE, MSCPP, MYPY, GOLINT, 
                                                            GOOGLEERRORPRONE, PERLCRITIC, PITEST, 
                                                            PMD, PYDOCSTYLE, PYLINT, 
                                                            RESHARPER, SBTSCALAC, SIMIAN, 
                                                            SONAR, STYLECOP, XMLLINT, 
                                                            YAMLLINT, ZPTLINT, DOCFX, PCLINT
                                                            
                                                             Example: -v "JSHINT" 
                                                            "." ".*/jshint.xml$" 
                                                            "JSHint" [Supports Multiple occurrences]
                                                            <string>: any string
                                                            Default: Empty list
    -workspace, -ws <string>                                The workspace is 
                                                            typically same as username. [Required]
                                                            <string>: any string

    Checkout the Violations Lib for more documentation.

    Keywords

    none

    Install

    npm i violation-comments-to-bitbucket-cloud-command-line

    DownloadsWeekly Downloads

    315

    Version

    1.30.1

    License

    Apache 2

    Unpacked Size

    10 MB

    Total Files

    12

    Last publish

    Collaborators

    • tomasbjerre