This is a major release that converts the action from a container action to a composite action.

In practice, this will reduce the time the action takes to initialize from over 1 minute to under 10 seconds.

Upgrading from v2

TL;DR unless you are self-hosting runners, upgrading from v2 will work without issue.

GitHub-hosted Runners

If you're using Github's runners, you can upgrade without issue.

Side Effects

Note that with the move away from containerization, there are some net-new side effects to using the action that persist to following steps. These are not expected to cause behavior regressions but are listed below for transparency:

• $HOME/.local/bin/ will be created and added to $GITHUB_PATH
  • The datadog-static-analyzer binary will be written here
  • The datadog-ci binary might be written here
• git config --global --add safe.directory "$GITHUB_WORKSPACE" will be run
• git config --unset extensions.worktreeConfig might be run
• A temporary dir (mktemp -d) containing datadog-ci (semver ^4) might be written to $GITHUB_PATH

Self-hosted Runners

If you are using self-hosted runners you might need additional configuration, depending on your setup (firewalls, etc).

Net-new network calls

• npm view @datadog/datadog-ci is used
• GET https://github.com/DataDog/datadog-static-analyzer/releases/latest/download/*
• GET https://github.com/DataDog/datadog-ci/releases/download/*/*

Net-new required binaries in $PATH

• bash
• git
• curl (additionally, CA certificates)
• node
• npm
• unzip

The same "Side Effects" from the section above apply.

What's Changed

• Pin datadog-ci to v4 for v2.0.0 action release by @colemaring in #53
• See the datadog-ci v4 changelog for details - includes a breaking change to the Sarif upload command.

The Datadog Static Code Analysis action now supports only the push event. Using other triggers (e.g. pull_request) may cause issues. See the docs for details.

To avoid the breaking changes, pin the action to an older version:
Pinning to a commit:
uses: DataDog/datadog-static-analyzer-github-action@<release-commit-sha-here>

Pinning to a tag (less secure):
uses: DataDog/datadog-static-analyzer-github-action@v1

Full Changelog: v1...v2.0.0

What's Changed

• Pin datadog-ci to v3 for v1.2.4 action release by @colemaring in #52

New Contributors

• @colemaring made their first contribution in #52

Full Changelog: v1...v1.2.4

This release ensures that the latest version of datadog-ci is used.

What's Changed

• Update CODEOWNERS by @juli1 in #49
• Enable/Disable static analysis by @juli1 in #50

Full Changelog: v1...v1.2.2

What's Changed

• Add input deprecation warning by @jasonforal in #48