detekt.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

# This workflow performs a static analysis of your Kotlin source code using
# Detekt.
#
# Scans are triggered:
# 1. On every push to default and protected branches
# 2. On every Pull Request targeting the default branch
# 3. On a weekly schedule
# 4. Manually, on demand, via the "workflow_dispatch" event
name: Scan with Detekt

on:
  # Triggers the workflow on push or pull request events but only for default and protected branches
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  schedule:
     - cron: '15 1 * * 2'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

permissions:
  security-events: write

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "scan"
  scan:
    name: Detekt
    # The type of runner that the job will run on
    runs-on: macos-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v4

    # Sets up the detekt cli
    - name: Setup Detekt
      uses: ConorMacBride/install-package@v1.1.0
      with:
        brew: detekt

    # Performs static analysis using Detekt
    - name: Run Detekt
      continue-on-error: true
      run: |
        detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json

    # Uploads results to GitHub repository using the upload-sarif action
    - uses: github/codeql-action/upload-sarif@v3
      with:
        # Path to SARIF file relative to the root of the repository
        sarif_file: ${{ github.workspace }}/detekt.sarif.json
        checkout_path: ${{ github.workspace }}