Inspect open-source projects
This section explains how you can inspect your open-source projects using Qodana, and how you can use Qodana Cloud to view Qodana inspection results in a convenient form and free for open-source projects.
Depending on your needs, it may be useful to know how to:
Inspect your code using Qodana
Configure Qodana using
qodana.yaml
and Shell commandsRun Qodana either locally on in your CI/CD pipelines
Forward reports to Qodana Cloud
If you plan to create a separate team and project in your Qodana Cloud account, follow these steps.
tip
To learn more about using project tokens, see the Forward reports section.
You can inspect your codebase using methods described in the Analyze your code section.
Depending on the Qodana license, you can configure various features, for example:
Baseline for monitoring current and new problems
Inspections that you would like to use
License audit for checking license compatibility
Quality gate for restricting the number of problems
Here are the links to the sections that describe other available features:
By default, Qodana inspects your code using the qodana.starter
profile. You can use additional inspections by specifying the qodana.recommended
profile in the qodana.yaml
file contained in your project root:
profile:
name: qodana.recommended
To check the overall configuration of your project, you can employ the qodana.sanity
profile:
profile:
name: qodana.sanity
License audit lets you track the compatibility of dependency licenses with your project license.
To enable the license audit, use the include
option of the qodana.yaml
file in your project root:
include:
- name: CheckDependencyLicenses
Baseline lets you create a snapshot of your project that will be used as a basis for later analyses. To enable it, select inspections and download the qodana.sarif.json
file.
You can run Qodana with the baseline enabled using the --baseline
option:
--baseline <path-to-qodana.sarif.json>
Quality gate lets you configure the ultimate number of problems that will cause a CI/CD pipeline failure.
Once configured, a quality gate will make your CI/CD system:
Build the project only if the number of problems contained in it is below the configured threshold
Accept only the pull requests containing problems below the configured threshold
To enable the quality gate, you can use the fail-threshold <number>
option.
Qodana can generate the following types of inspection reports:
Reports containing inspection results over a specific branch of your project
Pull or merge request inspection reports generated by GitHub Actions and GitLab CI/CD
Using this example, you can configure GitHub for:
Forwarding inspection results to Qodana Cloud
Blocking the merge of pull requests if a quality gate has failed
Follow these steps:
Create an encrypted secret with the
QODANA_TOKEN
name.Create a new or open an existing GitHub workflow that invokes the Qodana Scan action.
Set the workflow to run on
pull_request
events that target themain
branch, and forward reports to Qodana Cloud based on theQODANA_TOKEN
value. Instead ofmain
, you can specify your branch here.
name: Qodana
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
branches:
- main
- 'releases/*'
jobs:
qodana:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: 'Qodana Scan'
uses: JetBrains/qodana-action@v2022.2.3
env:
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
Set the number of problems (integer) for the Qodana action
fail-threshold
option.Under your repository name, click Settings.
On the left menu, click Branches.
In the branch protection rules section, click Add rule.
Add
main
to Branch name pattern.Select Require status checks to pass before merging.
Search for the
Qodana
status check, then check it.Click Create.
Using this example, you can configure GitLab CI/CD for:
Inspecting the
main
branch and all merge requestsBlocking merge requests if a quality gate has failed
Forwarding inspection results to Qodana Cloud
Follow these steps to add a Qodana runner to a GitLab CI/CD pipeline:
Create the
QODANA_TOKEN
variable and save the Qodana Cloud project token value in itPaste this sample to the
.gitlab-ci.yml
file:
stages:
- qodana
qodana:
stage: qodana
only:
- main
- merge_requests
image:
name: jetbrains/qodana-<linter>
entrypoint: [""]
script:
- qodana --save-report --results-dir=$CI_PROJECT_DIR/qodana
--report-dir=$CI_PROJECT_DIR/qodana/report
--fail-threshold <number>
artifacts:
paths:
- qodana
In this sample, specify the Qodana linter and the quality gate using --fail-threshold
option. Using this configuration, Qodana will inspect the main branch and all merge requests coming to your repository.
After your project is inspected and inspection results are uploaded to Qodana Cloud, you can view results as shown on this page.
Thanks for your feedback!