How to scan a Git repo with the Command Line (using Apache Ant)
In a previous post, we provided a script template to use integrate a Highlight code scan within a Jenkins pipeline. Let’s see now in this article how to clone a repository from Github and run Highlight’s analyzers from Apache Ant, and upload scan results to the portal and quickly get unprecedented software Analytics.
The script below illustrates how to integrate the command line from Apache Ant. Don’t hesitate to adapt your typical build.xml to your context and once you’re all set, just run ant -buildfile build.xml. As you probably know, Ant proposes an interesting connectivity to a bunch SCM tools such as Subversion, CVS, Git, ClearCase, Microsoft Virtual SourceSafe…
<?xml version="1.0"?>
<!--
REQUIREMENTS:
- JAVA 8 (JRE 1.8)
- APACHE ANT (HERE 1.10.2)
- GIT (HERE 2.16.1.windows.4)
- HIGHLIGHT COMMAND LINE
-->
<project>
<!-- // MACRODEF FOR GIT // -->
<macrodef name="git">
<attribute name = "command" />
<attribute name = "dir" default = "" />
<element name = "args" optional = "true" />
<sequential>
<echo file="GIT_COMMAND_LOG" message="git @{command} 
" append="yes" />
<exec executable = "C:\Program Files\Git\bin\git.exe" dir = "@{dir}"> <!-- PATH TO YOUR GIT BINARY -->
<arg value = "@{command}" />
<args/>
</exec>
</sequential>
</macrodef>
<!-- // ADD YOUR GIT COMMAND MACRODEF HERE -->
<!-- FOR THIS TEMPLATE WE JUST NEED TO CLONE A GIT PROJECT -->
<macrodef name = "git-clone-pull">
<attribute name = "repository" />
<attribute name = "branch" />
<attribute name = "dest" />
<sequential>
<git command = "clone">
<args>
<arg value = "@{repository}" />
<arg value = "@{branch}" />
<arg value = "@{dest}" />
</args>
</git>
<git command = "pull" dir = "@{dest}" />
</sequential>
</macrodef>
<!-- DEFINE YOUR SCAN ROOT FOLDER -->
<property name="git.dir">c:\temp\</property>
<!-- DEFINE THE GIT/GITHUB PROJECT AND RELEASE TO SCAN -->
<property name="git.projecturl">checkstyle/checkstyle</property> <!-- E.G. https://github.com/checkstyle/checkstyle.git -->
<property name="git.release">checkstyle-8.9</property> <!-- GIT RELEASE TAG -->
<!-- CLEAN YOUR FOLDER FROM PREVIOUS SCANS OF THE SAME PROJECT -->
<delete dir="${git.dir}/${git.projecturl}"/>
<!-- CLONE/GET THE PROJECT SOURCE CODE -->
<git command = "clone">
<args>
<arg value = "https://github.com/${git.projecturl}.git" />
<arg value = "${git.dir}/${git.projecturl}" />
<arg value = "-b" />
<arg value = "${git.release}" />
<arg value = "--single-branch" />
</args>
</git>
<!-- CONFIGURE AND RUN THE HIGHLIGHT COMMANDE LINE -->
<exec executable="java" dir="C:\Highlight\cli\" failonerror="true"> <!-- PATH TO YOUR COMMAND LINE -->
<arg value="-jar"/>
<arg value="HighlightAutomation.jar"/>
<arg value="--sourceDir"/>
<arg value="${git.dir}/${git.projecturl}"/> <!-- YOUR LOCAL PROJECT SOURCE DIRECTORY -->
<arg value="--workingDir"/>
<arg value="${git.dir}/${git.projecturl}/Highlight-Results"/> <!-- WHERE HIGHLIGHT RESULTS WILL BE CREATED -->
<!--
RESULT UPLOAD CONFIGURATION
IN CASE YOU WANT TO KEEP SCAN RESULTS LOCAL FOR A MANUAL UPLOAD, REMOVE AND ADD THE OPTION --skipUpload
-->
<arg value="--serverUrl"/>
<arg value="https://rpa.casthighlight.com"/> <!-- THE HIGHLIGHT SERVER URL -->
<arg value="--companyId"/>
<arg value="1234"/> <!-- YOUR COMPANY/DOMAIN ID -->
<arg value="--applicationId"/>
<arg value="5467"/> <!-- YOUR APPLICATION ID -->
<arg value="--snapshotDatetime"/>
<arg value="1522144683000"/> <!-- EPOCH TIME IN MILLISECONDS E.G. 04/01/2017 -->
<arg value="--snapshotLabel"/>
<arg value="${git.release}"/> <!-- YOUR SNAPSHOT LABEL E.G. BUILD OR RELEASE NUMBER -->
<arg value="--login"/>
<arg value="yourlogin"/> <!-- YOUR HIGHLIGHT USER LOGIN -->
<arg value="--password"/>
<arg value="*********"/> <!-- YOUR HIGHLIGHT USER PASSWORD -->
</exec>
</project>
Want to use our command line from another tool? Don’t hesitate to contact us, we’ll try to post a script sample for your environment in the coming articles.