Test PR for dotnet-analyzers-action

.github/workflows/on-push-verification.yml

@@ -1,38 +1,39 @@
 # sample-workflow-windows-latest
 # docs are in the repo
 
-name: OSSAR on-push-verification windows-latest
+name: .NET Analyzers on-push-verification windows-latest
 on: push
 
 jobs:
   sample:
-    name: Open Source Static Analysis Runner
+    name: .NET Analyzers runner
 
-    # OSSAR runs on windows-latest.
+    # .NET Analyzers runs on windows-latest.
     # ubuntu-latest and macos-latest supporting coming soon
     runs-on: windows-latest
 
+    # default working directory to the current directory
+    defaults:
+      run:
+        working-directory: .
+
     steps:
 
       # Checkout your code repository to scan
     - uses: actions/checkout@v2
 
     # Ensure a compatible version of dotnet is installed.
-    # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
+    # The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
     # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
     # Remote agents already have a compatible version of dotnet installed and this step may be skipped.
     # For local agents, ensure dotnet version 3.1.201 or later is installed by including this action:
     # - uses: actions/setup-dotnet@v1
     #   with:
     #     dotnet-version: '3.1.x'
 
-      # Run open source static analysis tools
-    - name: Run OSSAR
+      # Run .NET Analyzers
+    - name: Run .NET Analyzers
       uses: ./
-      id: ossar
-
-      # Upload results to the Security tab
-    - name: Upload results to Security tab
-      uses: github/codeql-action/upload-sarif@v1
+      id: dotnet-analyzers
       with:
-        sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+        projects: samples\ClassLibrary1.sln

.github/workflows/sample-workflow-ubuntu-latest.yml

@@ -1,17 +1,17 @@
 # sample-workflow-ubuntu-latest
 # docs are in the repo
 
-name: OSSAR ubuntu-latest
+name: .NET Analyzers ubuntu-latest
 on:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   sample:
-    name: Open Source Static Analysis Runner
+    name: .NET Analyzers runner
 
-    # OSSAR runs on windows-latest.
+    # .NET Analyzers runs on windows-latest.
     # ubuntu-latest and macos-latest supporting coming soon
     runs-on: ubuntu-latest
 
@@ -21,7 +21,7 @@ jobs:
     - uses: actions/checkout@v2
 
     # Ensure a compatible version of dotnet is installed.
-    # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
+    # The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
     # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
     # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
     # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
@@ -30,12 +30,6 @@ jobs:
     #     dotnet-version: '3.1.x'
 
       # Run open source static analysis tools
-    - name: Run OSSAR
-      uses: github/ossar-action@v1
-      id: ossar
-
-      # Upload results to the Security tab
-    - name: Upload results to Security tab
-      uses: github/codeql-action/upload-sarif@v1
-      with:
-        sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+    - name: Run .NET Analyzers
+      uses: github/dotnet-analyzers-action@v1
+      id: dotnet-analyzers

.github/workflows/sample-workflow-windows-latest.yml

@@ -1,17 +1,17 @@
 # sample-workflow-windows-latest
 # docs are in the repo
 
-name: OSSAR windows-latest
+name: .NET Analyzers windows-latest
 on:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   sample:
-    name: Open Source Static Analysis Runner
+    name: .NET Analyzers runner
 
-    # OSSAR runs on windows-latest.
+    # .NET Analyzers runs on windows-latest.
     # ubuntu-latest and macos-latest supporting coming soon
     runs-on: windows-latest
 
@@ -21,21 +21,15 @@ jobs:
     - uses: actions/checkout@v2
 
     # Ensure a compatible version of dotnet is installed.
-    # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
+    # The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
     # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
     # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
     # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
     # - uses: actions/setup-dotnet@v1
     #   with:
     #     dotnet-version: '3.1.x'
 
-      # Run open source static analysis tools
-    - name: Run OSSAR
-      uses: github/ossar-action@v1
-      id: ossar
-
-      # Upload results to the Security tab
-    - name: Upload results to Security tab
-      uses: github/codeql-action/upload-sarif@v1
-      with:
-        sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+      # Run .NET Analyzers
+    - name: Run .NET Analyzers
+      uses: github/dotnet-analyzers-action@v1
+      id: dotnet-analyzers

CONTRIBUTING.md

@@ -1,7 +1,7 @@
 ## Contributing
 
-[fork]: https://github.com/github/ossar-action/fork  
-[pr]: https://github.com/github/ossar-action/compare  
+[fork]: https://github.com/github/dotnet-analyzers-action/fork  
+[pr]: https://github.com/github/dotnet-analyzers-action/compare  
 [code-of-conduct]: CODE_OF_CONDUCT.md  
 
 Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.

README.md

@@ -1,23 +1,20 @@
-# github/ossar-action
+# github/dotnet-analyzers-action
 
-![OSSAR windows-latest](https://github.com/github/ossar-action/workflows/OSSAR%20windows-latest/badge.svg)  
-![OSSAR ubuntu-latest](https://github.com/github/ossar-action/workflows/OSSAR%20ubuntu-latest/badge.svg)
+![.NET Analyzers windows-latest](https://github.com/github/dotnet-analyzers-action/workflows/.NET%20Analyzers%20windows-latest/badge.svg)  
+![.NET Analyzers ubuntu-latest](https://github.com/github/dotnet-analyzers-action/workflows/.NET%20Analyzers%20ubuntu-latest/badge.svg)
 
-Run open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).
+Run [.NET code quality and code style analyzers](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) that ship with the .NET SDK.
 
 # Limitations
 
-The OSSAR action is currently in beta and runs on the `windows-latest` queue, as well as Windows self hosted agents. `ubuntu-latest` support coming soon.
+The .NET Analyzers action is currently in beta and runs on the `windows-latest` queue, as well as Windows self hosted agents. `ubuntu-latest` support coming soon.
 
 # Overview
 
-This action runs the [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) for security analysis by:
+This action runs the [Code Analysis CLI](https://aka.ms/mscadocs) for .NET code quality and code style analysis by:
 
-* Installing the Microsoft Security Code Analysis CLI
-* Installing the latest policy or referencing the local `policy/github.gdnpolicy` file
-* Installing the latest open source tools
-* Automatic or user-provided configuration of static analysis tools
-* Execution of a full suite of static analysis tools
+* Installing the Code Analysis CLI
+* Execution of [.NET code quality and code style analyzers](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) that ship with the .NET SDK
 * Normalized processing of results into the SARIF format
 * Exports a single SARIF file which can be uploaded via the `github/codeql-action/upload-sarif` action
 
@@ -39,46 +36,31 @@ See [action.yml](action.yml)
 
 ## Basic
 
-Run OSSAR with the default policy and recommended tools.
+Run [.NET code quality and code style analyzers](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) that ship with the .NET SDK.
 
 ```yaml
 steps:
 - uses: actions/checkout@v2
-- name: Run OSSAR
-  uses: github/ossar-action@v1
-  id: ossar
-- name: Upload results to Security tab
-  uses: github/codeql-action/upload-sarif@v1
-  with:
-    sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+- name: Run .NET code quality and code style analyzers
+  uses: github/dotnet-analyzers-action@v1
+  id: dotnet-analyzers
 ```
 
-**Note:** The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the [actions/setup-dotnet](https://github.com/actions/setup-dotnet) action.
+**Note:** The [Microsoft Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the [actions/setup-dotnet](https://github.com/actions/setup-dotnet) action.
 
 ```
 - uses: actions/setup-dotnet@v1
   with:
     dotnet-version: '3.1.x'
 ```
 
-## Upload Results to the Security tab
-
-To upload results to the Security tab of your repo, run the `github/codeql-action/upload-sarif` action immediately after running OSSAR. OSSAR sets the action output variable `sarifFile` to the path of a single SARIF file that can be uploaded to this API.
-
-```yaml
-- name: Upload results to Security tab
-  uses: github/codeql-action/upload-sarif@v1
-  with:
-    sarif_file: ${{ steps.ossar.outputs.sarifFile }}
-```
-
 # More Information
 
-Please see the [wiki tab](https://github.com/github/ossar-action/wiki) for more information and the [Frequently Asked Questions (FAQ)](https://github.com/github/ossar-action/wiki/FAQ) page.
+Please see the [wiki tab](https://github.com/github/dotnet-analyzers-action/wiki) for more information and the [Frequently Asked Questions (FAQ)](https://github.com/github/dotnet-analyzers-action/wiki/FAQ) page.
 
 # Report Issues
 
-Please [file a GitHub issue](https://github.com/github/ossar-action/issues/new) in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the OSSAR's action output.
+Please [file a GitHub issue](https://github.com/github/dotnet-analyzers-action/issues/new) in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the .NET Analyzers's action output.
 
 # License
 

action.yml

@@ -1,17 +1,61 @@
-name: 'ossar-action'
-description: 'Run open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner)'
+name: 'dotnet-analyzers-action'
+description: 'Run .NET code quality and code style analyzers shipping with .NET SDK'
 author: 'GitHub'
-branding:
-  icon: 'shield'
-  color: 'black'
 inputs:
-  config:
-    description: A file path to a .gdnconfig file.
-  policy:
-    description: The name of the well known policy to use. If empty, defaults to the policy/github.gdnpolicy file in the action repo.
+  projects:
+    description: 'Semi-colon separated list of projects or solutions to analyze'
+    required: true
+  analysis-level:  # AnalysisLevel: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Default analysis level for all rules'
+    required: false
+    default: 'latest-minimum'
+  style:  # AnalysisLevelStyle: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for code style rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/'
+    required: false
+    default: 'latest-minimum'
+  design:  # AnalysisLevelDesign: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for sesign rules: https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/design-warnings'
+    required: false
+    default: 'latest-minimum'
+  documentation:  # AnalysisLevelDocumentation: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for documentation rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/documentation-warnings'
+    required: false
+    default: 'latest-minimum'
+  globalization:  # AnalysisLevelGlobalization: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for globalization rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/globalization-warnings'
+    required: false
+    default: 'latest-minimum'
+  interoperability:  # AnalysisLevelInteroperability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for portability and interoperability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/interoperability-warnings'
+    required: false
+    default: 'latest-minimum'
+  maintainability:  # AnalysisLevelMaintainability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for maintainability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/maintainability-warnings'
+    required: false
+    default: 'latest-minimum'
+  naming:  # AnalysisLevelNaming: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for naming rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/naming-warnings'
+    required: false
+    default: 'latest-minimum'
+  performance:  # AnalysisLevelPerformance: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for performance rules: https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/performance-warnings'
+    required: false
+    default: 'latest-minimum'
+  reliability:  # AnalysisLevelReliability: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for reliability rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/reliability-warnings'
+    required: false
+    default: 'latest-minimum'
+  security:  # AnalysisLevelSecurity: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for security rules https://docs.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/security-warnings'
+    required: false
+    default: 'latest-minimum'
+  usage:  # AnalysisLevelPerformance: https://docs.microsoft.com/dotnet/core/project-sdk/msbuild-props#analysislevel
+    description: 'Overridden analysis level for usage rules: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/usage-warnings'
+    required: false
+    default: 'latest-minimum'
 outputs:
   sarifFile:
-    description: A file path to a SARIF results file.
+    description: A file path to a SARIF file with analysis results.
 runs:
   using: 'node12'
   main: 'lib/action.js'

build.proj

@@ -9,7 +9,7 @@
 
     <PropertyGroup Label="TypeScript">
         <TypeScriptCompileBlocked Condition=" '$(TypeScriptCompileBlocked)' == '' ">false</TypeScriptCompileBlocked>
-        <TypeScriptToolsVersion Condition=" '$(TypeScriptToolsVersion)' == '' ">3.8</TypeScriptToolsVersion>
+        <TypeScriptToolsVersion Condition=" '$(TypeScriptToolsVersion)' == '' ">4.1</TypeScriptToolsVersion>
         <TypeScriptConfigFileName Condition=" '$(TypeScriptConfigFileName)' == '' ">tsconfig.json</TypeScriptConfigFileName>
         <TypeScriptConfigFilePath>$(MSBuildProjectDirectory)/$(TypeScriptConfigFileName)</TypeScriptConfigFilePath>
         <TscYieldDuringToolExecution>false</TscYieldDuringToolExecution>