INTEGRATION.md

Code Graph Analysis Pipeline - Integration guide

This document describes the steps to get started as quickly as possible.
👉 For more details on what else you can do see README.
👉 For more details on how to analyze your code locally see GETTING_STARTED.

🚀 How to integrate it

This repository provides a reusable GitHub Actions Workflow to analyze code. The workflow is defined in public-analyze-code-graph.yml.

The main idea is to have three workflow jobs:

1. Collect source code and build artifacts: Gather the source code and any build artifacts.
2. Run the analysis: Use the reusable workflow to analyze the collected code and artifacts.
3. Download the reports: Retrieve the analysis reports generated by the workflow.

The workflow requires the names of the uploaded artifacts (source code and build artifacts) and provides the names of the artifact containing the analysis results for download.

You can find examples in:

• internal-internal-java-code-analysis.yml
• internal-internal-typescript-code-analysis.yml

⚠️ Note: Workflows with names starting with internal- are private and should not be used outside this repository. They may change at any time without notice.

🔁 How to update it with Renovate

This repository provides a Renovate presets to update the code graph analysis pipeline workflow. The presets are defined in the folder renovate-presets. Example: code-graph-analysis-workflow-latest-digest.json5. More details can be found in renovate-presets/README.md.

⚙️ Parameters

The workflow parameters are as follows:

• analysis-name: The name of the project to analyze. Example: MyProject-1.0.0. This parameter is required and should be a string.
• artifacts-upload-name: The name of the artifacts uploaded with actions/upload-artifact containing the content of the 'artifacts' directory for the analysis. This is used to analyze Java JARs, WARs, EARs, etc. This parameter is optional and defaults to an empty string.
• sources-upload-name: The name of the sources uploaded with actions/upload-artifact containing the content of the 'source' directory for the analysis. It also supports sub-folders for multiple source code bases. This parameter is optional and defaults to an empty string. Please use 'include-hidden-files: true' if you also want to upload the git history.
• ref: The branch, tag, or SHA of the code-graph-analysis-pipeline to checkout. This parameter is optional and defaults to "main".
• analysis-arguments: The arguments to pass to the analysis script. This parameter is optional and defaults to '--profile Neo4jv5-low-memory'. You can find all available options in section Command Line Options of COMMANDS.md/.
• typescript-scan-heap-memory: The heap memory size in MB to use for the TypeScript code scans. This value is only used for the TypeScript code scans and is ignored for other scans. This parameter is optional and defaults to '4096'. It will set the environment variable TYPESCRIPT_SCAN_HEAP_MEMORY which leads to NODE_OPTIONS set to --max-old-space-size=4096 for TypeScript scans. See Questions and Answers of README.md for more information.

The workflow also provides an output parameter:

• uploaded-analysis-results: The name of the artifact uploaded with 'actions/upload-artifact' containing all analysis