diff --git a/README.md b/README.md index 607d48e..0597581 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,12 @@ Run [Seqra](https://github.com/seqra/seqra) static analysis in your CI, generate > **Note:** The action expects **Linux x86\_64** runners. +### Prerequisites + +Seqra analyzes compiled bytecode of your project. Before running this action, ensure your CI environment is configured to compile the project. For example: + +- **Java/Kotlin projects:** Set up a JDK using `actions/setup-java@v5` + ### Quick Start ### Scan @@ -21,7 +27,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout your repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + distribution: 'temurin' + java-version: '21' - name: Run Seqra code analysis uses: seqra/seqra-action@v2 @@ -45,7 +57,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout your repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + distribution: 'temurin' + java-version: '21' - name: Run Seqra code analysis uses: seqra/seqra-action@v2 @@ -72,7 +90,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout your repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + distribution: 'temurin' + java-version: '21' - name: Run Seqra code analysis uses: seqra/seqra-action@v2 @@ -127,6 +151,7 @@ After the job completes, you’ll find: ## Troubleshooting +* **"Compilation has failed:"** Seqra needs to compile your project to analyze bytecode. Ensure you have set up the required build tools (e.g., JDK via `actions/setup-java@v5`) before running this action. See [Prerequisites](#prerequisites). * **Monorepos:** You can analyze only the project you need using `project-root`. * **Timeouts:** If the scan times out, increase `timeout` (e.g., `30m`).