Teams+
GitHub Actions
To use DCM with GitHub, install dedicated GitHub Actions: setup-dcm and dcm-action.
note
If you are migrating from @v1, replace all _ in the configuration option names with - (for example, github_token -> github-token). This change was made to make the github action options consistent with the CLI options.
Visit setup-dcm@v1 or dcm-action@v1 to access the docs for v1.
setup-dcm
setup-dcm installs and sets up DCM for use in GitHub Actions.
Usage Example
name: DCM
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Dart and Flutter
uses: subosito/flutter-action@v2
- name: Install dependencies
run: flutter pub get
- name: Install DCM
uses: CQLabs/setup-dcm@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Run DCM
run: dcm analyze --ci-key="${{ secrets.DCM_CI_KEY }}" --email="${{ secrets.DCM_EMAIL }}" lib
info
Even though DCM is no longer an analyzer plugin, it's important to install dependencies via pub get before running dcm checks.
Alternatively, you can install DCM on your CI directly
- name: Install DCM
run: |
sudo apt-get update
wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg
echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list
sudo apt-get update
sudo apt-get install dcm
Inputs
The action takes the following inputs:
github-token: Used to get the latest DCM version from GitHub releases (required).version: Which DCM version to setup:- A specific DCM version (e.g.
1.21.2) - or
latest(default) - or
auto(to reuse the version constraint from dcm_global.yaml described here)
- A specific DCM version (e.g.
Outputs
The action produces the following output:
dcm-version: The version of the DCM executable that was installed.
dcm-action
dcm-action runs DCM checks in GitHub Actions. It can also add a comment with dcm checks status to your Pull Requests.
info
Usage Example (combined with setup-dcm)
name: DCM
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Dart and Flutter
uses: subosito/flutter-action@v2
- name: Install dependencies
run: flutter pub get
- name: Install DCM
uses: CQLabs/setup-dcm@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Run DCM
uses: CQLabs/dcm-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
ci-key: ${{ secrets.DCM_CI_KEY }}
email: ${{ secrets.DCM_EMAIL }}
analyze: true
folders: lib
warning
working-directory option works only for run steps and has no effect when used with an action. You can find more info in GitHub docs.
Inputs
note
If you have a DCM Open Source license, pass oss to both CI key and email inputs.
| Name | Required | Description | Default |
|---|---|---|---|
| github-token | ☑️ | Required to post a report on GitHub. Note: the secret GITHUB_TOKEN is already provided by GitHub and you don't have to set it up yourself. | |
| github-pat | In some cases1 | Personal access token. Must have access to repo and read:user scopes. | |
| ci-key | ☑️ | The license CI/CD key. | |
| ☑️ | The license email. | ||
| pull-request-comment | Add a comment with a report overview to your pull requests. | true | |
| pull-request-comment-on-fail | Add a comment with a report overview to your pull requests, but only when any DCM check fails. Note, when this option is enabled, pull-request-comment must be explicitly set to false. | false | |
| package-name | Package name to differentiate the report. Set when running several DCM runs at once. | ||
| ### General: | |||
| folders | List of folders and files (comma separated) to scan. | [lib] | |
| exclude | List of files to exclude (in Glob syntax). If passing more than 1 glob pattern, wrap the list of patters into {}. | {**/*.g.dart, **/*.freezed.dart} | |
| exclude-public-api | Exclude publicly exported code from the analysis output. | false | |
| fatal-found | Treat any found issue as fatal. | true | |
| ### Commands: | |||
| analyze | Run dcm analyze (docs). | true | |
| analyze-assets | Run dcm analyze-assets (docs). Supports additional options listed below. | false | |
| analyze-widgets | Run dcm analyze-widgets (docs). Supports additional options listed below. | false | |
| calculate-metrics | Run dcm calculate-metrics (docs). | false | |
| check-code-duplication | Run dcm check-code-duplication (docs). Supports additional options listed below. | false | |
| check-dependencies | Run dcm check-dependencies (docs). Supports additional options listed below. | false | |
| check-exports-completeness | Run dcm check-exports-completeness (docs). | false | |
| check-parameters | Run dcm check-parameters (docs). Supports additional options listed below. | false | |
| check-unused-code | Run dcm check-unused-code (docs). Supports additional options listed below. | false | |
| check-unused-files | Run dcm check-unused-files (docs). | false | |
| check-unused-l10n | Run dcm check-unused-l10n (docs). Supports additional options listed below. | false | |
| ### Analyze Assets: | |||
| size | Size limit for image assets (docs). Supported formats: 10KB, 1MB, 100B, etc. | 500KB | |
| webp | Require converting .jpg and .png images to .webp (docs). | false | |
| naming | Required naming convention for image assets (pascal, kebab or snake) (docs). | ||
| resolution | Find missing or incorrect resolution-aware image assets (docs). | true | |
| allowed-formats | List of allowed formats for particular folders (e.g. icons:svg,img:jpg) (docs). | ||
| ### Analyze Widgets: | |||
| show-similarity | Include similar widgets into the report (docs). | false | |
| similarity-threshold | Set a minimum threshold after which widgets are considered similar. | 0.2 | |
| ### Check Code Duplication: | |||
| per-package | Compare code for duplications only within one package (docs). | false | |
| exclude-overrides | Exclude methods marked with @override (docs). | false | |
| statements-threshold | Minimum number of statements inside a declaration block (docs). | 3 | |
| ### Check Dependencies: | |||
| ignored-packages | Package names that should be ignored (docs). | ||
| ### Check Parameters: | |||
| show-same-value | Include parameters that always get the same constant argument (docs). | false | |
| show-unused-default-value | Include parameters with default values that always get an argument (docs). | false | |
| show-redundant | Include parameters whose values are always passed with another parameter (docs). | false | |
| show-unused-vft | Include @visibleForTesting parameters that are never used in tests (docs). | false | |
| show-broad-types | Include parameters whose types can be made more specific (docs). | false | |
| ### Check Unused Code: | |||
| no-exclude-overridden | Do not treat overridden members as always used (docs). | false | |
| ### Check Unused L10n: | |||
| class-pattern | Regular expression for class names to detect classes that provide localization (for example, ^AppLocalizations$). | ^AppLocalizations$ |
Outputs
Action Console
PR Summary
PR Comment
Footnotes
-
Required if you have a private GitHub repository in the package dependencies. ↩