Code-Quality job is refusing to obey SOURCE_CODE env variable

  • Describe your question in as much detail as possible:

By reading the documentation here I came up with a configuration which adds the Code-Quality job to my pipeline. The problem is that the tool is scanning my entire project instead of the directory that I have specified.

  • What are you seeing, and how does that differ from what you expect to see?

My artifacts file gl-code-quality-report.json is 28.4kb, the entire project is only ~5kb. Opening the file gl-code-quality-report.json reveals that the tool is scanning every file in the repository

  • What version are you on? Are you using self-managed or

  • Add the CI configuration from .gitlab-ci.yml and other configuration if relevant (e.g. docker-compose.yml)
    - template: Code-Quality.gitlab-ci.yml

    stage: test
    SOURCE_CODE: $PWD:/src
    paths: [gl-code-quality-report.json]

  • What troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?

I have also tried
and even tried moving the variables section to different parts of the file. Look at the commit history here, it tells the story. I’ve tried every combination known to man. At this point I have more commits of me changing my .gitlab-ci.yml than anything else

@Native-Coder - Thanks for the post!

It looks like the instance you are working on may be a few versions behind based on the docs link. A bug fix was shipped with GitLab 13.4 to fix an issue in which the ENV variables were not being passed correctly. Without this bug fix your best option is to add directories to a custom .codeclimate.yml file for exclusion. You can see this in practice in the default .codeclimate.yml in the codequality project.

I hope this helps!

-James H, GitLab Product Manager, Verify:Testing

Thanks @jheimbuck_gl, I really appreciate you pointing that out to me. I’ll add that file to my projects root directory now.

I’m using the shared runners on How could it possibly be out of date? You can see all of the different .gitlab-ci.yaml options that I tried by looking throught the commit history (linked in the original post.) I have more than 2 pages worth of commits of me trying everything I could think of. But no matter what, my entire project got scanned.

Is it possible that this old bug is rearing its head again, or am I so dense as to not figure out how to override this env variable? XD

Ah, the link to the docs you referenced was an older version compared to so I thought your instance may be on a version that is older than 13.4. I missed that you were running on, this could be a regression. I see the options you tried but not a link to the project. If you can re-post that i’ll take a look.

We’re working on another issue to speed up the startup time of the code quality job and you can follow along there. The container for the code quality scan does take some time to retrieve and startup and we are hoping to address that soon.

-James H, GitLab Product Manager, Verify:Testing

Thanks for that info!

The issue is not how long it takes the runner to complete, the issue is that the only code relevant to the code quality scan is in the /src directory. All other files are meta. (Used for unit tests, build, gitlab-ci etc). So when code quality scans, it’s scanning a bunch of minified, often obfuscated code (typically from node_modules). naturally, that gets a low quality score haha.

Ah, gotcha. OK the exclusions should help then. If you can pass along the link to the project or add me as a member I’ll take a peek at the jobs and try to figure out what’s going on. Thanks!

-James H, GitLab Product Manager, Verify:Testing

Sure thing. Thanks a lot!

OK, I explicitly excluded everything that I didn’t want scanned in .codeclimate.yml. Removed uneeded languages (the project is entirely JS and JSX). And the generated artifact is now empty (a step in the right direction at the very least!). I’m going to add a bunch of unnecessary params to one of my methods and see if the runner catches it. stay tuned…

UPDATE: Code Quality runner does not catch my funny function in /src/index.js.

function codeQualityFailure( a, b, c, d, e, f, g, h ){
	a = b;
	b = c;
	c = d;
	d = f;
	f = g;
	g = h;
	h = "foo";

.gitlab-ci.yml <- NOTE: even though this file contains the env variable override for the code-quality test, it doesn’t actually do anything alone. It wasn’t until I added the .codeclimate.yml that I got the desired outcome.

1 Like

Glad to hear you got it working @Native-Coder!

-James H, GitLab Product Manager, Verify:Testing