Analyze changes

Using Qodana, you can not only scan your entire codebase, but also run analysis on change sets like merge or pull requests, as well as inspect changes between two commits.

Analyze pull and merge requests

If you just finished work and would like to analyze the changes, you can employ the --diff-start option and specify a hash of the commit that will act as a base for comparison:

To run Qodana CLI in the default mode, you must have Docker or Podman installed and running locally. If you are using Linux, you should be able to run Docker under your current non-root user. Use this command to run Qodana CLI:

            qodana scan \
               -e QODANA_TOKEN="<cloud-project-token>" \
               --diff-start=<GIT_START_HASH>
        

In GitHub Actions, the --diff-start can be omitted because it will be added automatically while running Qodana, so you can follow this procedure:

On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.
On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.
Add this snippet to the .github/workflows/code_quality.yml file:
name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2024.3 env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

Make sure that your project repository is accessible to GitLab CI/CD and the Merged results pipeline feature is enabled.

In the root directory of your project, save the .gitlab-ci.yml file containing the following snippet:

            qodana:
   image:
      name: jetbrains/qodana-<linter>
      entrypoint: [""]
   cache:
      - key: qodana-2024.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
        fallback_keys:
           - qodana-2024.3-$CI_DEFAULT_BRANCH-
           - qodana-2024.3-
        paths:
           - .qodana/cache
   variables:
      QODANA_TOKEN: $qodana_token
    script:
      - >
        qodana --diff-start=$CI_MERGE_REQUEST_TARGET_BRANCH_SHA \
          --results-dir=$CI_PROJECT_DIR/.qodana/results \
          --cache-dir=$CI_PROJECT_DIR/.qodana/cache
   artifacts:
      paths:
         - .qodana/results
      expose_as: 'Qodana report'
        

            docker run \
               -v $(pwd):/data/project/ \
               -e QODANA_TOKEN="<cloud-project-token>" \
               jetbrains/qodana-<linter> \
               --diff-start=<GIT_START_HASH>
        

Analyze changes between two commits

To inspect a set of changes between two commits, employ both --diff-start and --diff-end options:

            qodana scan \
               -e QODANA_TOKEN="<cloud-project-token>" \
               --diff-start=<GIT_START_HASH> \
               --diff-end=<GIT_END_HASH>
        

On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.
On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.
Add this snippet to the .github/workflows/code_quality.yml file:
name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2024.3 with: args: --diff-start,<GIT_START_HASH>,--diff-end,<GIT_END_HASH> env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

Make sure that your project repository is accessible to GitLab CI/CD.

In the root directory of your project, save the .gitlab-ci.yml file containing the following snippet:

            qodana:
   image:
      name: jetbrains/qodana-<linter>
      entrypoint: [""]
   cache:
      - key: qodana-2024.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
        fallback_keys:
           - qodana-2024.3-$CI_DEFAULT_BRANCH-
           - qodana-2024.3-
        paths:
           - .qodana/cache
   variables:
      QODANA_TOKEN: $qodana_token
    script:
      - >
        qodana --diff-start=$CI_MERGE_REQUEST_TARGET_BRANCH_SHA \
          --diff-end=$CI_MERGE_REQUEST_SOURCE_BRANCH_SHA \
          --results-dir=$CI_PROJECT_DIR/.qodana/results \
          --cache-dir=$CI_PROJECT_DIR/.qodana/cache
   artifacts:
      paths:
         - .qodana/results
      expose_as: 'Qodana report'
        

            docker run \
               -v $(pwd):/data/project/ \
               -e QODANA_TOKEN="<cloud-project-token>" \
               jetbrains/qodana-<linter> \
               --diff-start=<GIT_START_HASH> \
               --diff-end=<GIT_END_HASH>
        

Last modified: 04 December 2024