Static Analysis and GitHub Actions

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Overview

Run a Datadog Static Analysis job in your GitHub Action workflows.

Setup

To use Datadog Static Analysis, you need to add a static-analysis.datadog.yml file to your repository’s root directory to specify which rulesets to use.

rulesets:
  - <ruleset-name>
  - <ruleset-name>

Example for Python

You can see an example for Python-based repositories:

rulesets:
  - python-code-style
  - python-best-practices
  - python-inclusive

Workflow

Create a file in .github/workflows to run a Datadog Static Analysis job.

The following is a sample workflow file.

on: [push]

jobs:
  check-quality:
    runs-on: ubuntu-latest
    name: Datadog Static Analyzer
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Check code meets quality standards
        id: datadog-static-analysis
        uses: DataDog/datadog-static-analyzer-github-action@v1
        with:
          dd_app_key: ${{ secrets.DD_APP_KEY }}
          dd_api_key: ${{ secrets.DD_API_KEY }}
          dd_service: "my-service"
          dd_env: "ci"
          dd_site: 
          cpu_count: 2
          enable_performance_statistics: false

You must set your Datadog API and application keys as secrets in your GitHub repository whether at the organization or repository level. For more information, see API and Application Keys.

Inputs

You can set the following parameters for Static Analysis.

Note: Diff-aware scanning only scans the files modified by a commit when analyzing feature branches. Diff-aware is enabled by default. To disable diff-aware scanning, set the GitHub action diff_aware parameter to false.

NameDescriptionRequiredDefault
dd_api_keyYour Datadog API key. This key is created by your Datadog organization and should be stored as a secret.Yes
dd_app_keyYour Datadog application key. This key is created by your Datadog organization and should be stored as a secret.Yes
dd_serviceThe service you want your results tagged with.Yes
dd_envThe environment you want your results tagged with. Datadog recommends using ci as the value for this input.Nonone
dd_siteThe Datadog site to send information to.Nodatadoghq.com
cpu_countSet the number of CPUs used to by the analyzer.No2
enable_performance_statisticsGet the execution time statistics for analyzed files.Nofalse
debugLets the analyzer print additional logs useful for debugging. To enable, set to yes.Nono
subdirectoryA subdirectory pattern or glob (or space-delimited subdirectory patterns) that the analysis should be limited to. For example: “src” or “src packages”.false
architectureThe CPU architecture to use for the analyzer. Supported values are x86_64 and aarch64.Nox86_64
diff_awareEnable diff-aware scanning mode.Notrue

Further Reading

Additional helpful documentation, links, and articles: