Hello, thanks for your time, excellent tool, you know how I can solve this error, thanks.

Run phan --no-progress-bar --output-mode checkstyle | cs2pr --graceful-warnings --colorize
Error: Expecting xml stream starting with a xml opening tag.

##[error]Process completed with exit code 2.

I'm using cs2pr with php-cs-fixer. I have installed verison 1.7.1 via the shivammathur/setup-php@v2 action.

I use the --dry-run --using-cache=no --format=checkstyle so that I can just see what is wrong and then I would manually fix it with another commit. However, if something is wrong, I only see the message and not the filename

The actual XML report is

<?xml version="1.0" encoding="UTF-8"?>
<checkstyle>
  <file name="CareLineLive/app/Http/Controllers/Exports/CarersExportController.php">
    <error severity="warning" source="PHP-CS-Fixer.no_unused_imports" message="Found violation(s) of type: no_unused_imports"/>
  </file>
</checkstyle>

I don't think this is expected behaviour, right?

Hello,

Running vendor/bin/php-cs-fixer fix --dry-run --format=xml | cs2pr return error code 1.
Here's the output :

Loaded config default from "/home/ubuntu/projects/perso/multistream-tools/.php-cs-fixer.dist.php".
Using cache file ".php-cs-fixer.cache".
::warning file=,line=::

First of all: thanks for your tool!

I am running into an issue while setting up a GitHub action in case php-cs-fixer doesn't find any problem. If there is an issue in the code, it is properly annotated and reported in the PR.

But when running cs2pr piped from php-cs-fixer on sources that do not report any issue, I get this message:

  Run php-cs-fixer fix --dry-run --verbose --config=.php_cs.dist --using-cache=no --show-progress=none --format=checkstyle | cs2pr 14s

##[error]Process completed with exit code 2.
Run php-cs-fixer fix --dry-run --verbose --config=.php_cs.dist --using-cache=no --show-progress=none --format=checkstyle | cs2pr
Loaded config default from ".php_cs.dist".
unknown error. expecting checkstyle formatted xml input.
##[error]Process completed with exit code 2.

Running php-cs-fixer on a clean code base reports:

$ php-cs-fixer fix --dry-run --format=checkstyle --config=.php_cs.dist -v --stop-on-violation --using-cache=no
Loaded config default from ".php_cs.dist".
<?xml version="1.0" encoding="UTF-8"?>
<checkstyle/>

Running this:

$ php -r '$a = simplexml_load_string("<?xml version=\"1.0\" encoding=\"UTF-8\"?><checkstyle/>"); if (!$a) { var_dump($a); $b = libxml_get_errors(); if (!$b) { var_dump($b); } }'

leads to:

Command line code:1:
class SimpleXMLElement#1 (0) {
}
Command line code:1:
array(0) {
}

So I believe your recent changes here are not catching the case of an empty <checkstyle/> block.

EDIT: This test fails if you change its content from

<?xml version="1.0" encoding="UTF-8"?>
<checkstyle>
</checkstyle>

to

<?xml version="1.0" encoding="UTF-8"?>
<checkstyle/>

Looking at https://github.com/actions/toolkit/blob/4f7fb6513a355689f69f0849edeb369a4dc81729/packages/core/src/command.ts#L80 It seems we need to encode even more special chars then we did in 380cc8e#diff-53aef30a2ab25806980a8b72fd6b9aec

While the Checks API supports notices, workflow commands do not. Outputting these does not annotate anything, they're just another line in the action log (and they're not even dressed up there.) Short of using the checks api, you might consider promoting these to warnings, ignoring them completely, or giving the user the option what to do.

If you go the user option route it might be useful to allow them to specify which severities map to which types of annotation. While valid values for checkstyle's @severity appear to be ignore, info, warning, and error I don't know how well other tools hold to those (the list wasn't super easy to find and doesn't mention the xml format.)

@staabm Please update the latest release to add cs2pr file

Hello,

Is there any plans to support PhpSpec + PHP_Code_Sniffer (phpcs) ?

Thanks :)

Hey there,

we use docker-compose image: docker/compose in our github actions. If we use this tool in our github action we will get no output.

- name: "Run [phpstan]"
  run: |
      docker-compose exec -T php sh -c "php phpstan analyse --verbose --no-progress --memory-limit=4000M --configuration=phpstan.neon --error-format=checkstyle | cs2pr"

Are we doing something wrong or is docker-compose not supported?

Hello,

bin/phpcs --report=checkstyle --runtime-set ignore_warnings_on_exit 1 | cs2pr

It generates the output (only warnings):

##[warning]Always use identical comparison unless you need type juggling
##[warning]Always use identical comparison unless you need type juggling
##[warning]Always use identical comparison unless you need type juggling
##[warning]Always use identical comparison unless you need type juggling
##[warning]Always use identical comparison unless you need type juggling
##[warning]Member variable "commonNlv3Manager" contains numbers but this is discouraged
##[error]Process completed with exit code 1.

Warning should be ignored because of the flag --runtime-set ignore_warnings_on_exit 1

I'm not really sure if it's a bug with cs2pr or with phpcs itself combined with the report checkstyle

This would allow this to be run from anywhere on the internet, instead of just Github Actions. Github repo details and an access token would have to be passed in as options or environment variables.

HTTP API is documented at https://developer.github.com/v3/checks/runs/#update-a-check-run . It's currently in a 'preview period', so has no backward compatibility gurantee.

Hey, maybe my use case is a bit special.

Im have all dev tools in a different folder, and using the --working-dir from composer to call the tools.

use case:

composer --working-dir=./.build cs:check -- --format=checkstyle
> php-cs-fixer fix --config="./../.php_cs" --dry-run '--format=checkstyle'
Loaded config narrowspark from "./../.php_cs".
Using cache file "/var/www/package/.build/php-cs-fixer/.php_cs.cache".
<?xml version="1.0" encoding="UTF-8"?>
<checkstyle/>

error:

Start tag expected, '<' not found
 on line 1, column 1

Possible solution is to search for the <?xml ver.. position and remove everything before this input

Hi,

It looks like the last release 1.0.5 broke shivammathur/setup-php@v1:

We didn't have this issue before.

I've opened an issue in their repo too: shivammathur/setup-php#178

Thanks

Hi there, I'm using this to parse a phpcs checkstyle report using:

bin/phpcs -q --report=checkstyle src | cs2pr --graceful-warnings --notices-as-warnings --prepend-source

On my PR the action logs note 100's of issues, however the PR is only annotated for 10 errors and 11 warnings. I am rerunning this action to try different things but the checks/annotations number never changes.

When running locally I see a significant number of ::error and ::warning lines but these don't all seem to be making it in to the checks tab. Also the annotations that do go in are from a couple of random files in the tree, it's not like the first 10 in the report it just seems to be a few scattered throughout the report.

It's much easier to use without installing etc.

cs2pr is bundled with https://github.com/shivammathur/setup-php.
for this to work, https://github.com/shivammathur/setup-php needs a "cs2pr" release asset bundled with every release we make.

this asset upload is currently done manually (and therefore sometimes forgotten).

Maybe we can automate this using https://github.com/actions/upload-release-asset ?
(or with any other action?)

triggered by #17

See mheap/phpunit-github-actions-printer#14

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

1. The workflow csfix.yml is referencing action shivammathur/setup-php using references v1. However this reference is missing the commit 7163319 which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)

The version constant is not updated properly

On cs2pr 1.3.0 calling cs2pr --version reports 1.1.0-dev

Just like github action, gitlab ci may contains lots of stages with different lint check. Is there any tools can be used to annotate the MR from CI lint just like cs2pr?

auto asset upload seem still not working.

see https://github.com/staabm/annotate-pull-request-from-checkstyle/runs/469225020 for the recent 1.1.0 release

sources at https://github.com/staabm/annotate-pull-request-from-checkstyle/blob/master/.github/workflows/continuous-deployment.yml

when cs2pr completes and no errors/warnings have to be emitted, the screen stays empty.

as a user I dont know whether everything worked well and nothing had to be reported or there was a error and I dont see it.

at best we could emit a processed x errors and y warnings or similar status message at the very end into STDERR, so we dont destory possible consumers of our gihtub-api checks formatted output