From 92a1d54d88a6e9028eadb1d4ffc02472b72a2dc5 Mon Sep 17 00:00:00 2001 From: DMarinhoCodacy Date: Thu, 22 Jan 2026 10:27:11 +0000 Subject: [PATCH 1/5] Add ability to analyze with api token --- .github/instructions/codacy.instructions.md | 79 +++++++++++++++++++++ .idea/.gitignore | 8 +++ .idea/codacy-cli-v2-action.iml | 9 +++ .idea/codeStyles/codeStyleConfig.xml | 5 ++ .idea/misc.xml | 6 ++ .idea/modules.xml | 8 +++ .idea/vcs.xml | 6 ++ action.yml | 9 ++- 8 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 .github/instructions/codacy.instructions.md create mode 100644 .idea/.gitignore create mode 100644 .idea/codacy-cli-v2-action.iml create mode 100644 .idea/codeStyles/codeStyleConfig.xml create mode 100644 .idea/misc.xml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml diff --git a/.github/instructions/codacy.instructions.md b/.github/instructions/codacy.instructions.md new file mode 100644 index 0000000..1dada10 --- /dev/null +++ b/.github/instructions/codacy.instructions.md @@ -0,0 +1,79 @@ +--- + description: Configuration for AI behavior when interacting with Codacy's MCP Server + applyTo: '**' +--- +--- +# Codacy Rules +Configuration for AI behavior when interacting with Codacy's MCP Server + +## using any tool that accepts the arguments: `provider`, `organization`, or `repository` +- ALWAYS use: + - provider: gh + - organization: codacy + - repository: codacy-cli-v2-action +- Avoid calling `git remote -v` unless really necessary + +## CRITICAL: After ANY successful `edit_file` or `reapply` operation +- YOU MUST IMMEDIATELY run the `codacy_cli_analyze` tool from Codacy's MCP Server for each file that was edited, with: + - `rootPath`: set to the workspace path + - `file`: set to the path of the edited file + - `tool`: leave empty or unset +- If any issues are found in the new edits, propose and apply fixes for them. +- > NOTE: Failure to follow this rule is considered a critical error. + +## When you tried to run the `codacy_cli_analyze` tool and the Codacy CLI is not installed +- Ask the user 'Codacy CLI is not installed. Would you like me to install it now?' +- If the user responds with "yes", run the `codacy_cli_install` tool and then continue with the original task +- If the user responds with "no", instruct the user that they can disable automatic analysis in the extension settings +- Wait for the user to respond before proceeding with any other actions + +## After every response +- If you made any file edits in this conversation, verify you ran `codacy_cli_analyze` tool from Codacy's MCP Server + +## When there are no Codacy MCP Server tools available, or the MCP Server is not reachable +- Suggest the user the following troubleshooting steps: + - Try to reset the MCP on the extension + - If the user is using VSCode, suggest them to review their Copilot > MCP settings in Github, under their organization or personal account. Refer them to Settings > Copilot > Enable MCP servers in Copilot. Suggested URL (https://github.com/settings/copilot/features) or https://github.com/organizations/{organization-name}/settings/copilot/features (This can only be done by their organization admins / owners) +- If none of the above steps work, suggest the user to contact Codacy support + +## Trying to call a tool that needs a rootPath as a parameter +- Always use the standard, non-URL-encoded file system path + +## CRITICAL: Dependencies and Security Checks +- IMMEDIATELY after ANY of these actions: + - Running npm/yarn/pnpm install + - Adding dependencies to package.json + - Adding requirements to requirements.txt + - Adding dependencies to pom.xml + - Adding dependencies to build.gradle + - Any other package manager operations +- You MUST run the `codacy_cli_analyze` tool with: + - `rootPath`: set to the workspace path + - `tool`: set to "trivy" + - `file`: leave empty or unset +- If any vulnerabilities are found because of the newly added packages: + - Stop all other operations + - Propose and apply fixes for the security issues + - Only continue with the original task after security issues are resolved +- EXAMPLE: + - After: npm install react-markdown + - Do: Run codacy_cli_analyze with trivy + - Before: Continuing with any other tasks + +## General +- Repeat the relevant steps for each modified file. +- "Propose fixes" means to both suggest and, if possible, automatically apply the fixes. +- You MUST NOT wait for the user to ask for analysis or remind you to run the tool. +- Do not run `codacy_cli_analyze` looking for changes in duplicated code or code complexity metrics. +- Complexity metrics are different from complexity issues. When trying to fix complexity in a repository or file, focus on solving the complexity issues and ignore the complexity metric. +- Do not run `codacy_cli_analyze` looking for changes in code coverage. +- Do not try to manually install Codacy CLI using either brew, npm, npx, or any other package manager. +- If the Codacy CLI is not installed, just run the `codacy_cli_analyze` tool from Codacy's MCP Server. +- When calling `codacy_cli_analyze`, only send provider, organization and repository if the project is a git repository. + +## Whenever a call to a Codacy tool that uses `repository` or `organization` as a parameter returns a 404 error +- Offer to run the `codacy_setup_repository` tool to add the repository to Codacy +- If the user accepts, run the `codacy_setup_repository` tool +- Do not ever try to run the `codacy_setup_repository` tool on your own +- After setup, immediately retry the action that failed (only retry once) +--- \ No newline at end of file diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..13566b8 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/codacy-cli-v2-action.iml b/.idea/codacy-cli-v2-action.iml new file mode 100644 index 0000000..d6ebd48 --- /dev/null +++ b/.idea/codacy-cli-v2-action.iml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/.idea/codeStyles/codeStyleConfig.xml b/.idea/codeStyles/codeStyleConfig.xml new file mode 100644 index 0000000..a55e7a1 --- /dev/null +++ b/.idea/codeStyles/codeStyleConfig.xml @@ -0,0 +1,5 @@ + + + + \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 0000000..89ee753 --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000..ce80af0 --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..35eb1dd --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/action.yml b/action.yml index 5866634..8404600 100644 --- a/action.yml +++ b/action.yml @@ -61,6 +61,9 @@ runs: echo "Setting up CLI V2" curl -Ls https://raw.githubusercontent.com/codacy/codacy-cli-v2/main/codacy-cli.sh -o /tmp/codacy-cli-v2 chmod +x /tmp/codacy-cli-v2 + if [ "${{ inputs.api_token }}" != "" ]; then + /tmp/codacy-cli-v2 init --api-token ${{inputs.api_token}} --provider ${{inputs.provider}} --organization ${{inputs.organization}} --repository ${{inputs.repository}} + fi if [ "${{ inputs.registry }}" != "" ]; then /tmp/codacy-cli-v2 install -r ${{ inputs.registry }} else @@ -71,7 +74,11 @@ runs: shell: bash run: | echo "Running the tool" - /tmp/codacy-cli-v2 analyze -t ${{inputs.tool}} --format sarif -o ${{inputs.sarif_file_path}} + if [ "${{ inputs.api_token }}" != "" ]; then + /tmp/codacy-cli-v2 analyze -t ${{inputs.tool}} ${{inputs.directory}} --format sarif -o ${{inputs.sarif_file_path}} --api-token ${{inputs.api_token}} --provider ${{inputs.provider}} --organization ${{inputs.organization}} --repository ${{inputs.repository}} + else + /tmp/codacy-cli-v2 analyze -t ${{inputs.tool}} --format sarif -o ${{inputs.sarif_file_path}} + fi echo "Tool run complete" - name: "Upload the results" shell: bash From 91b31d934cdaa35e49109bac25db2bfa1eff33b5 Mon Sep 17 00:00:00 2001 From: DMarinhoCodacy Date: Thu, 22 Jan 2026 10:28:41 +0000 Subject: [PATCH 2/5] add gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6eca42a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea/ +.github/instructions \ No newline at end of file From a71b07f69240c950ad3eaf4d734b410503bd269e Mon Sep 17 00:00:00 2001 From: DMarinhoCodacy Date: Thu, 22 Jan 2026 10:29:08 +0000 Subject: [PATCH 3/5] removed .idea --- .idea/.gitignore | 8 -------- .idea/codacy-cli-v2-action.iml | 9 --------- .idea/codeStyles/codeStyleConfig.xml | 5 ----- .idea/misc.xml | 6 ------ .idea/modules.xml | 8 -------- .idea/vcs.xml | 6 ------ 6 files changed, 42 deletions(-) delete mode 100644 .idea/.gitignore delete mode 100644 .idea/codacy-cli-v2-action.iml delete mode 100644 .idea/codeStyles/codeStyleConfig.xml delete mode 100644 .idea/misc.xml delete mode 100644 .idea/modules.xml delete mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore deleted file mode 100644 index 13566b8..0000000 --- a/.idea/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -# Default ignored files -/shelf/ -/workspace.xml -# Editor-based HTTP Client requests -/httpRequests/ -# Datasource local storage ignored files -/dataSources/ -/dataSources.local.xml diff --git a/.idea/codacy-cli-v2-action.iml b/.idea/codacy-cli-v2-action.iml deleted file mode 100644 index d6ebd48..0000000 --- a/.idea/codacy-cli-v2-action.iml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - \ No newline at end of file diff --git a/.idea/codeStyles/codeStyleConfig.xml b/.idea/codeStyles/codeStyleConfig.xml deleted file mode 100644 index a55e7a1..0000000 --- a/.idea/codeStyles/codeStyleConfig.xml +++ /dev/null @@ -1,5 +0,0 @@ - - - - \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml deleted file mode 100644 index 89ee753..0000000 --- a/.idea/misc.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml deleted file mode 100644 index ce80af0..0000000 --- a/.idea/modules.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml deleted file mode 100644 index 35eb1dd..0000000 --- a/.idea/vcs.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file From d76132267d12f91f6dffd830b494ada207f95421 Mon Sep 17 00:00:00 2001 From: DMarinhoCodacy Date: Thu, 22 Jan 2026 10:29:33 +0000 Subject: [PATCH 4/5] removed github instructions --- .github/instructions/codacy.instructions.md | 79 --------------------- 1 file changed, 79 deletions(-) delete mode 100644 .github/instructions/codacy.instructions.md diff --git a/.github/instructions/codacy.instructions.md b/.github/instructions/codacy.instructions.md deleted file mode 100644 index 1dada10..0000000 --- a/.github/instructions/codacy.instructions.md +++ /dev/null @@ -1,79 +0,0 @@ ---- - description: Configuration for AI behavior when interacting with Codacy's MCP Server - applyTo: '**' ---- ---- -# Codacy Rules -Configuration for AI behavior when interacting with Codacy's MCP Server - -## using any tool that accepts the arguments: `provider`, `organization`, or `repository` -- ALWAYS use: - - provider: gh - - organization: codacy - - repository: codacy-cli-v2-action -- Avoid calling `git remote -v` unless really necessary - -## CRITICAL: After ANY successful `edit_file` or `reapply` operation -- YOU MUST IMMEDIATELY run the `codacy_cli_analyze` tool from Codacy's MCP Server for each file that was edited, with: - - `rootPath`: set to the workspace path - - `file`: set to the path of the edited file - - `tool`: leave empty or unset -- If any issues are found in the new edits, propose and apply fixes for them. -- > NOTE: Failure to follow this rule is considered a critical error. - -## When you tried to run the `codacy_cli_analyze` tool and the Codacy CLI is not installed -- Ask the user 'Codacy CLI is not installed. Would you like me to install it now?' -- If the user responds with "yes", run the `codacy_cli_install` tool and then continue with the original task -- If the user responds with "no", instruct the user that they can disable automatic analysis in the extension settings -- Wait for the user to respond before proceeding with any other actions - -## After every response -- If you made any file edits in this conversation, verify you ran `codacy_cli_analyze` tool from Codacy's MCP Server - -## When there are no Codacy MCP Server tools available, or the MCP Server is not reachable -- Suggest the user the following troubleshooting steps: - - Try to reset the MCP on the extension - - If the user is using VSCode, suggest them to review their Copilot > MCP settings in Github, under their organization or personal account. Refer them to Settings > Copilot > Enable MCP servers in Copilot. Suggested URL (https://github.com/settings/copilot/features) or https://github.com/organizations/{organization-name}/settings/copilot/features (This can only be done by their organization admins / owners) -- If none of the above steps work, suggest the user to contact Codacy support - -## Trying to call a tool that needs a rootPath as a parameter -- Always use the standard, non-URL-encoded file system path - -## CRITICAL: Dependencies and Security Checks -- IMMEDIATELY after ANY of these actions: - - Running npm/yarn/pnpm install - - Adding dependencies to package.json - - Adding requirements to requirements.txt - - Adding dependencies to pom.xml - - Adding dependencies to build.gradle - - Any other package manager operations -- You MUST run the `codacy_cli_analyze` tool with: - - `rootPath`: set to the workspace path - - `tool`: set to "trivy" - - `file`: leave empty or unset -- If any vulnerabilities are found because of the newly added packages: - - Stop all other operations - - Propose and apply fixes for the security issues - - Only continue with the original task after security issues are resolved -- EXAMPLE: - - After: npm install react-markdown - - Do: Run codacy_cli_analyze with trivy - - Before: Continuing with any other tasks - -## General -- Repeat the relevant steps for each modified file. -- "Propose fixes" means to both suggest and, if possible, automatically apply the fixes. -- You MUST NOT wait for the user to ask for analysis or remind you to run the tool. -- Do not run `codacy_cli_analyze` looking for changes in duplicated code or code complexity metrics. -- Complexity metrics are different from complexity issues. When trying to fix complexity in a repository or file, focus on solving the complexity issues and ignore the complexity metric. -- Do not run `codacy_cli_analyze` looking for changes in code coverage. -- Do not try to manually install Codacy CLI using either brew, npm, npx, or any other package manager. -- If the Codacy CLI is not installed, just run the `codacy_cli_analyze` tool from Codacy's MCP Server. -- When calling `codacy_cli_analyze`, only send provider, organization and repository if the project is a git repository. - -## Whenever a call to a Codacy tool that uses `repository` or `organization` as a parameter returns a 404 error -- Offer to run the `codacy_setup_repository` tool to add the repository to Codacy -- If the user accepts, run the `codacy_setup_repository` tool -- Do not ever try to run the `codacy_setup_repository` tool on your own -- After setup, immediately retry the action that failed (only retry once) ---- \ No newline at end of file From 000617f4999fc9e96d0a84a7dee62ed92bfcb41e Mon Sep 17 00:00:00 2001 From: DMarinhoCodacy Date: Thu, 29 Jan 2026 17:30:27 +0000 Subject: [PATCH 5/5] fix input organization to owner --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 8404600..aa45524 100644 --- a/action.yml +++ b/action.yml @@ -62,7 +62,7 @@ runs: curl -Ls https://raw.githubusercontent.com/codacy/codacy-cli-v2/main/codacy-cli.sh -o /tmp/codacy-cli-v2 chmod +x /tmp/codacy-cli-v2 if [ "${{ inputs.api_token }}" != "" ]; then - /tmp/codacy-cli-v2 init --api-token ${{inputs.api_token}} --provider ${{inputs.provider}} --organization ${{inputs.organization}} --repository ${{inputs.repository}} + /tmp/codacy-cli-v2 init --api-token ${{inputs.api_token}} --provider ${{inputs.provider}} --organization ${{inputs.owner}} --repository ${{inputs.repository}} fi if [ "${{ inputs.registry }}" != "" ]; then /tmp/codacy-cli-v2 install -r ${{ inputs.registry }} @@ -75,7 +75,7 @@ runs: run: | echo "Running the tool" if [ "${{ inputs.api_token }}" != "" ]; then - /tmp/codacy-cli-v2 analyze -t ${{inputs.tool}} ${{inputs.directory}} --format sarif -o ${{inputs.sarif_file_path}} --api-token ${{inputs.api_token}} --provider ${{inputs.provider}} --organization ${{inputs.organization}} --repository ${{inputs.repository}} + /tmp/codacy-cli-v2 analyze -t ${{inputs.tool}} ${{inputs.directory}} --format sarif -o ${{inputs.sarif_file_path}} --api-token ${{inputs.api_token}} --provider ${{inputs.provider}} --organization ${{inputs.owner}} --repository ${{inputs.repository}} else /tmp/codacy-cli-v2 analyze -t ${{inputs.tool}} --format sarif -o ${{inputs.sarif_file_path}} fi