Merge pull request #94 from nanotaboada/feature/codacy-analysis-cli-action

nanotaboada · web-flow · commit db773bbf800a · 2024-05-04T14:54:15.000-03:00
chore(ci): update Codacy workflow
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
@@ -1,17 +1,18 @@
-# This workflow uses actions that are not certified by GitHub. They are provided by a third-party and are governed by separate
-# terms of service, privacy policy, and support documentation.
-# This workflow checks out code, performs a Codacy security scan and integrates the results with the GitHub Advanced Security
-# code scanning feature.  For more information on the Codacy security scan action usage and parameters, see
-# https://github.com/codacy/codacy-analysis-cli-action.
-# For more information on Codacy Analysis CLI in general, see https://github.com/codacy/codacy-analysis-cli.
+# This workflow uses actions not certified by GitHub. They are provided by a
+# third-party and governed by separate terms of service, privacy policy, and
+# support documentation. This workflow checks out code, performs a Codacy
+# security scan, and integrates the results with GitHub Advanced Security code
+# scanning feature. For more info on the Codacy Security Scan action usage and
+# parameters, see: https://github.com/codacy/codacy-analysis-cli-action.
+# For more info on Codacy Analysis CLI in general, see:
+# https://github.com/codacy/codacy-analysis-cli.
 
 name: Codacy Security Scan
 
 on:
   push:
     branches: [ "master" ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ "master" ]
   schedule:
     - cron: '0 21 * * 5' # Runs at 21:00, only on Friday
@@ -22,33 +23,25 @@ permissions:
 jobs:
   codacy-security-scan:
     permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read
+      security-events: write
+      actions: read
     name: Codacy Security Scan
     runs-on: ubuntu-latest
     steps:
-      # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
         uses: actions/checkout@v4
-
-      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security
+      # issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@33d455949345bddfdb845fba76b57b70cc83754b
+        uses: codacy/codacy-analysis-cli-action@v4
         with:
-          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy
-          # repository
-          # You can also omit the token and run the tools that support default configurations
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
           verbose: true
           output: results.sarif
           format: sarif
-          # Adjust severity of non-security issues
           gh-code-scanning-compat: true
-          # Force 0 exit code to allow SARIF file generation
-          # This will handover control about PR rejection to the GitHub side
           max-allowed-issues: 2147483647
-
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
         uses: github/codeql-action/upload-sarif@v3
