GitHub Actions for codacy-analysis-cli-action erroring out using Staticcheck

I am using the following Github Actions workflow:


name: Codacy Analysis CLI

on: ["push"]

jobs:
  codacy-analysis-cli:
    name: Codacy Analysis CLI
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@main

      - name: Run Codacy Analysis CLI
        uses: codacy/codacy-analysis-cli-action@master
        with:
          run-staticcheck: true
          run-gosec: false
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          upload: true
          max-allowed-issues: 2147483647

This keeps on giving an error with the following log:

+ '[' false == true ']'
Skipping GoSec
+ echo 'Skipping GoSec'
+ '[' true == true ']'
+ cd /tmp
+ xargs -L 1 curl -fsSL -o /tmp/staticcheck_linux_amd64.tar.gz
+ cut -d '"' -f 4
+ grep -E 'browser_download_url.*staticcheck_linux_amd64.tar.gz"$'
+ curl -fsSL https://api.github.com/repos/dominikh/go-tools/releases/latest
+ tar -xvf /tmp/staticcheck_linux_amd64.tar.gz staticcheck/staticcheck
staticcheck/staticcheck
+ chmod +x ./staticcheck/staticcheck
+ curl -fsSL https://api.github.com/repos/codacy/codacy-staticcheck/releases/latest
+ xargs -L 1 curl -fsSL -o /tmp/bin/codacy-staticcheck
+ grep browser_download_url
+ grep -v 'browser_download_url.*jar'
+ cut -d '"' -f 4
curl: (23) Failed writing body (0 != 1369)
Error: Process completed with exit code 123.

The curl step fails to write the body - so it is unable to upload the report to Codacy.
How do I fix this?

2 Likes

Hi @RedDocMD,

Seems like it is an issue when you do not run GoSec.
Working on a fix rn

1 Like

@RedDocMD if you select version 5bebb3ed465ac49d69e2eb312dbeb78bf8e9f475 it should already work. We will soon release a final version

@RedDocMD released as version 3.0.1

3 Likes

Thanks for the quick fix. :smile:
There seems to be a different problem now the previous one is gone:

+ '[' true == true ']'
+ cd /tmp
+ curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh
+ sh -s v2.7.0
securego/gosec info checking GitHub for tag 'v2.7.0'
securego/gosec info found version: 2.7.0 for v2.7.0/linux/amd64
securego/gosec info installed ./bin/gosec
+ chmod +x ./bin/gosec
+ grep browser_download_url
+ xargs -L 1 curl -fsSL -o /tmp/codacy-gosec
+ grep -v 'browser_download_url.*jar'
+ cut -d '"' -f 4
+ curl -fsSL https://api.github.com/repos/codacy/codacy-gosec/releases/latest
+ chmod +x /tmp/codacy-gosec
+ cd -
+ /tmp/bin/gosec -no-fail -fmt json -log /tmp/log.txt ./...
/home/runner/work/piledriver/piledriver
+ /tmp/codacy-gosec
+ '[' true = true ']'
+ curl -XPOST -L -H 'project-token: ***' -H 'Content-type: application/json' --data-binary @/tmp/codacy-out.json https://api.codacy.com/2.0/gh/RedDocMD/piledriver/commit/4782877e682bd5dbed544f06e2c61b7a6e1a77f1/issuesRemoteResults
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  3765  100    44  100  3721     55   4698 --:--:-- --:--:-- --:--:--  4753
{"success":"Results received successfully."}
+ '[' true == true ']'
+ cd /tmp
+ curl -fsSL https://api.github.com/repos/dominikh/go-tools/releases/latest
+ cut -d '"' -f 4
+ grep -E 'browser_download_url.*staticcheck_linux_amd64.tar.gz"$'
+ xargs -L 1 curl -fsSL -o /tmp/staticcheck_linux_amd64.tar.gz
+ tar -xvf /tmp/staticcheck_linux_amd64.tar.gz staticcheck/staticcheck
staticcheck/staticcheck
+ chmod +x ./staticcheck/staticcheck
+ grep browser_download_url
+ cut -d '"' -f 4
+ xargs -L 1 curl -fsSL -o /tmp/codacy-staticcheck
+ grep -v 'browser_download_url.*jar'
+ curl -fsSL https://api.github.com/repos/codacy/codacy-staticcheck/releases/latest
+ chmod +x /tmp/codacy-staticcheck
+ cd -
+ find . -type f -name go.mod -exec bash -c 'cd $(dirname $1); PKGS=$(go list ./...); /tmp/staticcheck/staticcheck -f json $PKGS' _ '{}' ';'
/home/runner/work/piledriver/piledriver
+ /tmp/codacy-staticcheck
+ '[' true = true ']'
+ curl -XPOST -L -H 'project-token: ***' -H 'Content-type: application/json' --data-binary @/tmp/codacy-out.json https://api.codacy.com/2.0/gh/RedDocMD/piledriver/commit/4782877e682bd5dbed544f06e2c61b7a6e1a77f1/issuesRemoteResults
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  1165  100    44  100  1121     56   1435 --:--:-- --:--:-- --:--:--  1489
100  1165  100    44  100  1121     56   1435 --:--:-- --:--:-- --:--:--  1489
{"success":"Results received successfully."}
+ '[' -n '' ']'
Skipping Clang Tidy
+ echo 'Skipping Clang Tidy'
+ '[' -n '' ']'
+ echo 'Skipping Faux Pas'
Skipping Faux Pas
--2021-05-04 14:56:11--  https://raw.githubusercontent.com/codacy/codacy-analysis-cli/6.2.1/bin/codacy-analysis-cli.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3107 (3.0K) [text/plain]
Saving to: ‘STDOUT’

     0K ...                                                   100% 39.5M=0s

2021-05-04 14:56:11 (39.5 MB/s) - written to stdout [3107/3107]

Unable to find image 'codacy/codacy-analysis-cli:6.2.1' locally
6.2.1: Pulling from codacy/codacy-analysis-cli
e7c96db7181b: Pulling fs layer
f910a506b6cb: Pulling fs layer
b6abafe80f63: Pulling fs layer
67f942acd58e: Pulling fs layer
50bd4bed61a1: Pulling fs layer
84bb8dfc29b1: Pulling fs layer
67f942acd58e: Waiting
50bd4bed61a1: Waiting
84bb8dfc29b1: Waiting
f910a506b6cb: Verifying Checksum
f910a506b6cb: Download complete
e7c96db7181b: Verifying Checksum
e7c96db7181b: Pull complete
50bd4bed61a1: Verifying Checksum
50bd4bed61a1: Download complete
b6abafe80f63: Verifying Checksum
b6abafe80f63: Download complete
84bb8dfc29b1: Verifying Checksum
84bb8dfc29b1: Download complete
67f942acd58e: Verifying Checksum
67f942acd58e: Download complete
f910a506b6cb: Pull complete
b6abafe80f63: Pull complete
67f942acd58e: Pull complete
50bd4bed61a1: Pull complete
84bb8dfc29b1: Pull complete
Digest: sha256:7b3c6fcd55192cbc3e929263e53d01a6d536734b41c0978a29a2b2b9a5f27af4
Status: Downloaded newer image for codacy/codacy-analysis-cli:6.2.1
Error: Process completed with exit code 11.

(I am running the GoSec tool now).
The error code 11, from the cli page, is because there are uncommited changes in the project directory.

The workflow file for reference:

name: Codacy Analysis CLI

on: ["push"]

jobs:
  codacy-analysis-cli:
    name: Codacy Analysis CLI
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@main

      - name: Run Codacy Analysis CLI
        uses: codacy/codacy-analysis-cli-action@master
        with:
          run-staticcheck: true
          run-gosec: true
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          upload: true
          max-allowed-issues: 2147483647

Hi @RedDocMD,
Since you are uploading results the CLI makes sure there are no files in the repository that were not commited. Can you run a git status and check if there are some files your build might have left there?

Hi @rodrigo,
The go.mod file is modified on running the codacy-analysis-cli Action. One of GoSec or StaticCheck causes this to happen. I think the action.yml file of codacy-analysis-cli Action will have to be modified to discard such changes.
Should I open a PR for this?

@RedDocMD very weird. Do you know the reason why it is changing the go.mod?
We can clean after running, but I am afraid to mess with users build and cause issues in other scenarios where people expected files to be changed and then discovering only after a long debugging.
For some reason in my tests it never changed the go.mod.

Looking into this.

I have put a PR for this.
But yes first we need to look at what changes the go.mod file. I think it is one of GoSec or StaticCheck. I will have to manually run the steps performed by the Github Actions to see what’s going on.

2 Likes

@RedDocMD seems like go list updates the go.mod if it is outdated. We went with a solution and the next version should have this fixed.

1 Like