Code Quality Analysis #86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Quality Analysis | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Run code quality checks weekly on Monday at 3 AM UTC | |
| - cron: '0 3 * * 1' | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - '**.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| env: | |
| GO_VERSION: '1.24' | |
| jobs: | |
| quality-analysis: | |
| name: Code Quality Analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # Allow commit comments | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Install analysis tools | |
| run: | | |
| go install github.com/fzipp/gocyclo/cmd/gocyclo@latest | |
| go install github.com/mibk/dupl@latest | |
| go install github.com/client9/misspell/cmd/misspell@latest | |
| go install honnef.co/go/tools/cmd/staticcheck@latest | |
| go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| - name: Code complexity analysis | |
| run: | | |
| echo "## Code Complexity Report" > quality-report.md | |
| echo "" >> quality-report.md | |
| echo "### Functions with cyclomatic complexity > 10" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| gocyclo -over 10 . >> quality-report.md || echo "No complex functions found" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Code duplication analysis | |
| run: | | |
| echo "### Code Duplication" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| dupl -threshold 50 -html ./... > duplication.html 2>&1 || true | |
| dupl -threshold 50 ./... >> quality-report.md 2>&1 || echo "No significant duplication found" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Spelling check | |
| run: | | |
| echo "### Spelling Issues" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| misspell -error . >> quality-report.md 2>&1 || echo "No spelling issues found" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Static analysis | |
| run: | | |
| echo "### Static Analysis (staticcheck)" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| staticcheck ./... >> quality-report.md 2>&1 || echo "No issues found" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Security analysis | |
| continue-on-error: true | |
| run: | | |
| echo "### Security Analysis" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| gosec -fmt text ./... >> quality-report.md 2>&1 || echo "No security issues found" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Vulnerability check | |
| run: | | |
| echo "### Vulnerability Scan" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| govulncheck ./... >> quality-report.md 2>&1 || echo "No vulnerabilities found" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Code metrics | |
| run: | | |
| echo "### Code Metrics" >> quality-report.md | |
| echo "" >> quality-report.md | |
| echo "**Lines of Code:**" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| find . -name '*.go' -not -path './vendor/*' -not -path './tests/mocks/*' | xargs wc -l | tail -1 >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| echo "**Test Files:**" >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| find . -name '*_test.go' | wc -l >> quality-report.md | |
| echo "\`\`\`" >> quality-report.md | |
| echo "" >> quality-report.md | |
| - name: Display quality report | |
| run: cat quality-report.md | |
| - name: Upload quality reports | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: code-quality-report | |
| path: | | |
| quality-report.md | |
| duplication.html | |
| - name: Comment on commit (if pushed) | |
| if: github.event_name == 'push' | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const report = fs.readFileSync('quality-report.md', 'utf8'); | |
| // Post as a commit comment | |
| await github.rest.repos.createCommitComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| commit_sha: context.sha, | |
| body: `## Code Quality Report\n\n${report}\n\nView full artifacts for detailed analysis.` | |
| }); |