bitbucket-pipelines.yml:
image: mcr.microsoft.com/dotnet/sdk:9.0
pipelines:
default:
- step:
name: CodeCharter
caches:
- codecharter
script:
- curl -sSL -H "Authorization: Bearer $CODECHARTER_API_KEY" \
-o codecharter.tar.gz \
https://codecharter.tools/api/v1/cli/linux-x64/1.4.0
- mkdir -p /opt/codecharter && tar -xzf codecharter.tar.gz -C /opt/codecharter
- chmod +x /opt/codecharter/codecharter
- export PATH="/opt/codecharter:$PATH"
- codecharter analyze . --fail-on error --output console
artifacts:
- codecharter.sarif
definitions:
caches:
codecharter: ~/.cache/codecharter
API key
In Bitbucket: Repository settings → Repository variables, create the variable
CODECHARTER_API_KEY and enable "Secured".
PR annotations via Bitbucket Reports API
Optionally you can post findings as Bitbucket Code Insights. CodeCharter has no direct converter for this, but the JSON format is easy to work with:
- codecharter analyze . --output json --output-file findings.json
- # Convert findings.json into Code Insights API calls
- python3 ./scripts/publish-to-bitbucket-insights.py findings.json
Caching
The caches: codecharter block above together with the custom cache definition below
persists ~/.cache/codecharter between pipelines.
Version pinning
As always recommended: pin a specific CLI version, see Versioning.