I created a template Java project (using the built-in “Spring” template), configured with AutoDevOps.
I’m evaluating Gitlab CI, using the trial period of gitlab.com (on shared runners).
The code_quality job seems to work fine, and ends up with :
Uploading artifacts...
gl-code-quality-report.json: found 1 matching files
Uploading artifacts to coordinator... ok id=441518751 responseStatus=201 Created token=XRnGz_Xv
Job succeeded
But there is no artifact visible in the job :
If I create a MR with many code mistakes, it always says there is “No changes to code quality”.
I did not add any .gitlab-ci.yml : only using the autodevops feature, that detects it’s a Maven project (through mvnw file), and successfully compiles and runs unit tests on it.
I have the same behavior on another (custom) Maven project.
I also see that license_management, sast and dast jobs fail. Are there issues with current autodevops configuration?
Hi @youri_b, Product Manager for the testing team here. If your Merge Request does not introduce changes to the code quality, improvements or degradations, the widget on the Merge Request page will show that no change occurred as you are seeing. If you are interested in the issues in the code you can download the full report from the jobs page. We are working on an issue to display the full code quality report content on that page as well and hope to release that soon.
But I did introduce bad Java code in this MR (see my post above) : System.out.println, catching all exceptions without doing anything etc. See snapshot below :
I’d be surprised the quality control of gitlab does not catch this.
In the jobs page, there is no download icon for the quality tests :
So it behaves as if no control has been done.
Thanks for the link about displaying the quality report in the gitlab UI. I see this should be available soon, which would be important to us, too. Unfortunately, in my case, I suppose it would not display anything for now.
@youri_b - This consumes the code climate open source engine, you may find more information about what is detected/let through in their docs.
The download button appears if you have setup an artifacts:paths keyword in the gitlab-ci.yml. You’ll find more info in the documentation.
The full code quality report will show the full contents of the report on the pipeline page, not just the changes as the Merge Request widget does so if your code includes detected issues they will display.
But I’m very disappointed by the accuracy of these quality tests, as they did not detect what I consider as classical Java anti-patterns. Compared to SonarQube, it seems to be night and day (at least on Java language)
@youri_b - It looks like the default engine setup from CodeClimate isn’t the best for your project and I see what you mean now about the downloadable artifact. I was looking at the job page, not pipelines page. Sorry about that confusion.
There is a SonarJava plugin available and inclusion of the plugin in a .codeclimate.yml may override the defaults from the AutoDevops but I have not tried that so cannot confirm. If you give it a go let us know how it goes!
