Checkstyle for Java GitHub Action

A GitHub action that integrates Checkstyle with your pull request workflow to enforce Java code quality standards. Violations are automatically reported via reviewdog, making code reviews more efficient and consistent.

Table of Contents

• Checkstyle for Java GitHub Action
  • Table of Contents
  • Example
  • Usage
    • Security Note: Pin by Tag or by Hash?
      • Pinning by Tag
      • Pinning by Commit SHA
      • Best Practice
  • Input Parameters
    • Checkstyle Parameters
    • Reviewdog Parameters

Example

An example of how the reported Checkstyle violations will look on a pull request is shown below (link to example PR):

Usage

name: reviewdog
on: [pull_request]
jobs:
  checkstyle:
    name: runner / checkstyle
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - uses: dbelyaev/action-checkstyle@v2
        with:
          github_token: ${{ secrets.github_token }}
          reporter: github-pr-review
          level: warning

Security Note: Pin by Tag or by Hash?

When using GitHub Actions, you can pin to a specific version in two ways:

Pinning by Tag

- uses: dbelyaev/action-checkstyle@v2 # pin to the latest major tag

- uses: dbelyaev/[email protected] # pin to specific version tag

• Pros: Convenient, automatically receives updates
• Cons: Less secure, as tags can be modified to point to different commits

Pinning by Commit SHA

- uses: dbelyaev/action-checkstyle@8cf9c6f2656938f2a745dca3179929d14e7a5316 # v2.0.0

• Pros: Maximum security, guarantees the exact same code runs every time
• Cons: Requires manual updates when new versions are released

Best Practice

GitHub officially recommends pinning actions to a full length commit SHA for production workflows and 3rd party actions to ensure security. For non-critical workflows, major version tags provide a reasonable balance between convenience and safety.

For automated SHA updates, consider using tools like Dependabot (owned by GitHub) or Renovate (owned by mend.io) to keep your actions current while maintaining security.

Input Parameters

Checkstyle Parameters

• checkstyle_config

  Checkstyle configuration specifies which ruleset to apply during the scan.

  There are two built-in configurations:

  • google_checks.xml - Configuration for the Google coding conventions
  • sun_checks.xml - Configuration for the Sun coding conventions

  It is also possible to supply your custom Checkstyle configuration file located in the same directory.

  Default: google_checks.xml

  Example:

  name: reviewdog
  on: [pull_request]
  jobs:
    checkstyle:
      name: runner / checkstyle
      runs-on: ubuntu-latest
      steps:
        - uses: actions/checkout@v5
        - uses: dbelyaev/action-checkstyle@v2
          with:
            github_token: ${{ secrets.github_token }}
            reporter: github-pr-review
            checkstyle_config: sun_checks.xml

  Link to example PR.

• checkstyle_version

  Checkstyle version to be used during analysis.

  For a list of available version numbers, go to the Checkstyle release page.

  Important: This field will always try to follow Checkstyle releases as closely as possible and will use the latest available version by default. If the default preference is not suitable for your project, please pin the needed version using this property.

  Default: Latest available version

  Example:

  name: reviewdog
  on: [pull_request]
  jobs:
    checkstyle:
      name: runner / checkstyle
      runs-on: ubuntu-latest
      steps:
        - uses: actions/checkout@v5
        - uses: dbelyaev/action-checkstyle@v2
          with:
            github_token: ${{ secrets.github_token }}
            reporter: github-pr-review
            checkstyle_version: "9.0" # double quotes important here

• workdir

  The working directory relative to the root directory.

  Default: '.' (root)

• properties_file

  Location of the properties file relative to the root directory.

  This file serves as a means to resolve repetitive or predefined values within the checkstyle configuration file.

  Default: '' (empty)

  Example:

  name: reviewdog
  on: [pull_request]
  jobs:
    checkstyle:
      name: runner / checkstyle
      runs-on: ubuntu-latest
      steps:
        - uses: actions/checkout@v5
        - uses: dbelyaev/action-checkstyle@v2
          with:
            github_token: ${{ secrets.github_token }}
            reporter: github-pr-review
            checkstyle_config: ./properties_file/test_checks.xml
            properties_file: ./properties_file/additional.properties

  Link to example PR.

Reviewdog Parameters

• reporter

  Specific reporter to be used for the GitHub results reporting by reviewdog.

  Values: github-pr-check, github-check, github-pr-review

  For more information, check reviewdog / reporters documentation, which includes examples of GitHub reports and descriptions of possible limitations.

  Default: github-pr-check

• level

  This flag is used to change report level for the chosen reporter.

  Values: info, warning, error

  You can control GitHub status check result with this feature:

  Level	GitHub Status
  info	neutral
  warning	neutral
  error	failure

  Default: info

• filter_mode

  Filtering mode for the reviewdog command.

  Values: added, diff_context, file, nofilter

  For more information, check reviewdog / filter-mode documentation.

  Default: added

• fail_level

  Controls when reviewdog should return a non-zero exit code to fail your workflow.

  Values: none, any, info, warning, error

  By default (none), reviewdog will exit with code 0 even if it finds errors. Setting this to another value will cause reviewdog to exit with code 1 when it finds issues at or above the specified severity level, which can be used to fail the GitHub workflow.

  Default: none

• reviewdog_flags

  Additional reviewdog flags.

  Default: ""