Extending Lift

Custom Tool APIs are interface specifications about program arguments, standard input and standard output formats a tool must support in order to interoperate with Lift. The configuration reference presents how to configure your repository so that each analysis will invoke such a tool using the customTools field.

Two APIs exist that allow extension of Lift with new analysis capabilities. The first API, dubbed API V3, provides compilation steps and is intended for tools that need to compile the source code in order to operate. The other API, dubbed API V5, does not receive compilation information and is invoked even when Lift is not able to understand the compilation steps or the repository contents do not lend themselves to compilation.

  • API v3: Receives compilation information across multiple analysis invocations.
  • API v5: Does not receive compilation information. Analysis capabilities are requested once per project directory.
  • API v1: Legacy. Does not receive compilation information. Analysis capabilities are requested once per project directory.

Execution Environment

Each tool runs in an Ubuntu 20.04 environment specifically for analysis of either the source or destination branches of a pull request. Shell scripts are used in the linked version documentation's examples because scripts are a common language found across many platforms, but there is no requirement to use shell scripts. More complex tools might benefit from a shell wrapper that verifies the environment before invoking the analysis tool.

For each issue discovered by a tool it should emit a tool note specifying the type of the issue, a detailed message, and location including file and line.

The Android SDK will be available on the file system accessible under $ANDROID_HOME.

When Lift runs your tool on a pull request the issues it discovers are categorized into those that are introduced (appearing only in the source branch), fixed (appearing only in the destination branch) and preexisting (appearing in both branches). Only introduced issues are propagated to the user by way of a pull request comment. All tool results are available to the user via the console.