CodeGuru integration with GitHub Actions has inconsistent behavior?

1

We are currently attempting to integrate CodeGuru Reviewer with GitHub actions to scan our code in a GitHub repository.

When dispatching the GitHub actions CodeGuru workflow manually, this generates a full repository scan on CodeGuru for our GitHub repository. This full repository scan shows all of the findings in the GitHub repository.

When triggering the GitHub actions CodeGuru workflow through a GitHub pull request, this generates an incremental scan on CodeGuru for our GitHub repository. In theory, this incremental scan should only scan the code that was changed in our GitHub pull request. However, according to CodeGuru, the amount of lines that are scanned during an incremental scan are equivalent to the amount of lines that are scanned during a full repository scan.

Additionally, when the incremental scan is performed, not all recommendations from the full repository scan are found. When the incremental scan results file is compared to the full repository scan results file, the outcome is that GitHub reports that all recommendations from the full repository scan have been fixed. However, this is not the case, and no fixes were actually provided in the pull request. The behavior seems to report that because the recommendation was not found in the incremental scan, then the recommendation must have been fixed from the full repository scan. I would expect the recommendation to only be resolved if an actual fix is committed in the corresponding pull request.

I also do not understand why the SARIF file is not pushed during a GitHub push event. According to the GitHub Actions for CodeGuru Reviewer, the Upload Review Result step for uploading the SARIF file to GitHub is skipped if the GitHub event is equal to push. https://github.com/marketplace/actions/codeguru-reviewer

Why is the SARIF upload skipped if the GitHub event is pushed? I don't see any explanation for why this logic is in place to skip the SARIF upload to GitHub if the GitHub event is a push.

Lastly, there does not seem to be any documentation for when this GitHub workflow is to be triggered. I found some lines in a YouTube explanation video, showing when the GitHub workflow is triggered, but there is no additional documentation in the GitHub Actions for CodeGuru Reviewer. Could the documentation be appended to add additional information about when this particular workflow should be executed? https://www.youtube.com/watch?v=czlx4iixe0Y

Thanks for any help and information that you can provide!

  • Do we have any updates on this?

asked 2 years ago239 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions