How to Run Codacy Analysis in CI
The Codacy Analysis CLI action runs static analyzers locally and can upload SARIF so results appear in Codacy and the Security tab.
Run codacy/codacy-analysis-cli-action with CODACY_PROJECT_TOKEN. Set upload: true to send results to Codacy, or output SARIF for GitHub code scanning.
Steps
- Add
CODACY_PROJECT_TOKENas a repo secret from Codacy project settings. - Run the analysis action with
outputas SARIF andupload: true. - Optionally upload the SARIF to the Security tab.
Workflow
.github/workflows/ci.yml
jobs:
codacy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: codacy/codacy-analysis-cli-action@v4
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
upload: true
format: sarif
output: results.sarif
gh-code-scanning-compat: true
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarifGotchas
- Codacy caps severities;
gh-code-scanning-compat: trueremaps them so SARIF upload accepts them. - The gate itself lives in Codacy repository settings, not the CLI; the action reports, Codacy decides pass/fail on the commit status.
Related guides
How to Set Up Code Climate Analysis in CIRun Code Climate maintainability and duplication analysis in GitHub Actions and report test coverage with the…
How to Aggregate SARIF Results in the GitHub Security TabUpload multiple SARIF files from different analyzers to GitHub code scanning with distinct categories so all…