-
Notifications
You must be signed in to change notification settings - Fork 6
65 lines (56 loc) · 2.49 KB
/
Copy pathcode-quality.yml
File metadata and controls
65 lines (56 loc) · 2.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Code Quality Check
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '9.0.x'
- name: Check for hardcoded credentials
run: |
echo "## Hardcoded Credentials Check" >> $GITHUB_STEP_SUMMARY
ISSUES=0
if grep -rn '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}:[0-9]\{4,5\}' --include="*.cs" .; then
echo "::warning::Found hardcoded IP:port combinations"
echo "⚠️ Found hardcoded IP:port" >> $GITHUB_STEP_SUMMARY
ISSUES=$((ISSUES+1))
fi
if grep -rn 'key=my_virus_key\|api_key.*=.*"[^"]\{10,\}"' --include="*.cs" .; then
echo "::warning::Found potential hardcoded API key"
echo "⚠️ Found potential hardcoded API key" >> $GITHUB_STEP_SUMMARY
ISSUES=$((ISSUES+1))
fi
if [ $ISSUES -eq 0 ]; then
echo "✅ No hardcoded credentials found" >> $GITHUB_STEP_SUMMARY
fi
- name: Check for empty catch blocks
run: |
echo "## Empty Catch Blocks" >> $GITHUB_STEP_SUMMARY
COUNT=$(grep -rncP 'catch\s*(\([^)]*\))?\s*\{\s*\}' --include="*.cs" . | grep -v ':0$' | wc -l)
echo "Found $COUNT files with empty catch blocks" >> $GITHUB_STEP_SUMMARY
grep -rnP 'catch\s*(\([^)]*\))?\s*\{\s*\}' --include="*.cs" . || true
- name: Check for unsafe code
run: |
echo "## Unsafe Code Usage" >> $GITHUB_STEP_SUMMARY
if grep -rn '\bunsafe\b' --include="*.cs" .; then
echo "⚠️ Found unsafe code blocks" >> $GITHUB_STEP_SUMMARY
else
echo "✅ No unsafe code found" >> $GITHUB_STEP_SUMMARY
fi
- name: Check file sizes
run: |
echo "## Large Source Files (>500 lines)" >> $GITHUB_STEP_SUMMARY
find . -name "*.cs" -exec sh -c 'lines=$(wc -l < "$1"); if [ "$lines" -gt 500 ]; then echo "⚠️ $1: $lines lines"; fi' _ {} \; | tee -a $GITHUB_STEP_SUMMARY
- name: Check TODO/HACK/FIXME comments
run: |
echo "## Code Debt Markers" >> $GITHUB_STEP_SUMMARY
grep -rn 'TODO\|HACK\|FIXME\|XXX\|TEMP' --include="*.cs" . | head -20 || echo "✅ None found" >> $GITHUB_STEP_SUMMARY
- name: Summary
run: echo "Code quality check complete." >> $GITHUB_STEP_SUMMARY