GitLab CI/CD

Prepare your project

Make sure that your project repository is accessible by GitLab CI/CD.

In the root directory of your project, save the .gitlab-ci.yml file. This file will contain the pipeline configuration that will be used by GitLab CI/CD.

Basic configuration

This is the basic pipeline configuration.

In this configuration, the image:name keyword pulls the Qodana Docker image of your choice.

The cache keyword configures GitLab caches to store the Qodana cache, so subsequent runs will be faster.

The script keyword runs the qodana command and enumerates the Qodana configuration options described in the Shell commands section.

The variables keyword defines the QODANA_TOKEN variable referring to the project token generated in Qodana Cloud. This token is required by the paid Qodana linters, and is optional for using with the Community linters.

You can see these sections to learn how to generate the project token:

• The Onboarding section explains how to get the project token generated while first working with Qodana Cloud

• The Manage a project section explains how to create a project in the existing Qodana Cloud organization

Inspect specific branches

Using the only keyword, you can tell Qodana which branches to inspect. To inspect only the main branch and incoming merge requests, you can use this configuration:

Expose Qodana reports

To make a report available in any given merge request without using Qodana Cloud, you can use the artifacts expose_as keywords and change the path to the artifacts:

Assuming that you have configured your pipeline in a similar manner, this is what it may look like:

1. Qodana report affiliated with a pipeline in a merge request

   

2. Available actions for a given exposed Qodana artifact

   

Quality gate and baseline

You can use the --fail-threshold <number> and --baseline <path/to/qodana.sarif.json> lines in the script block to invoke the quality gate and baseline features.