Guide

Guide is a tool that turns sobelow static code analysis results into markdown, that can be used to decorate pull requests of GitHub.

This tool should be run with the following command:

mix guide --source <url to markdown file> --repo <name of repo in GitHub> --commit <commit hash of the latest commit>

To decorate a PR you have to run these steps inside of your CI/CD pipeline (e.g. GitHub Actions):

1. mix sobelow --skip --format=json --out=./sobelow.results.json
2. mix guide --source <url to markdown file> --repo <name of repo in GitHub> --commit <commit hash of the latest commit>
3. gh pr comment <PR Number> --repo <name of repo in GitHub> -F comment.md

Command line options

• --source - URL to markdown file, where recommendations can be extracted from.
• --repo - Specify the name of your repository
• --commit - Commit hash of the latest commit of our PR, is used to generate code snippets.
• --results - File path of the results generated by sobelow. Has to be json. Defaults to: sobelow.results.json
• --target - File path where to store the generated markdown, defaults to: comment.md

Installation

The package can be installed by adding guide to your list of dependencies in mix.exs:

def deps do
  [
    {:guide, "~> 0.0.3", only: [:dev, :test], runtime: false}
  ]
end