Code Quality with Gitlab Ci
I have been using Gitlab as my main git repository for a while, and it is the main repository for CyberLabs.
One thing that I love about Gitlab is the CI. I don't know how to live without it. Since the beginning of my journey as a developer back in 2017 at Rede Globo, I was writing Gitlab CI files to improve the workflow of deploy and testing of my applications.
Lately at CyberLabs I was searching for tools to make an analysis of the code that we have been writing for the microservices of our Facial Recognition app, with the goal to catch bugs before a merge and gaining more trust on the code that we write with compliance tools.
There's a lot of tools arThere's a lot of tools around that can help you on this task, however, Gitlab has embedded tools for this, without the need of a third-party application.
Gitlab offers you the following tools to help you in writing better code:
Code Quality
Static Application Security Testing (SAST)
Dependency Scanning
License Compliance
Container Scanning
Dynamic Application Security Testing (DAST)
Sadly the only available template on the free version of Gitlab is the Code Quality one, where you only need to add a template on your CI and you are good to go. The ready to go templates for the others are only available on the Ultimate/Gold subscriptions. You can check them here.
To implement the Code Quality job on your CI you can just add this to your .gitlab-ci.yml
:
include:
- template: Code-Quality.gitlab-ci.yml
And you are good to go. This job is based on the Code Climate engine for code analysis that is available under an open-source license (yay!). You can reach Code Climate docs to have a look at the setup that you may need on your code based on your project language. For example, mine is JavaScript/NodeJs, and the default configuration for the eslint
on the Gitlab Code Quality docker image was raising a lot of errors based on the ECMA version. So I needed to set up my .eslintrc.js
file where those errors were "fixed". Not here that you need the .eslintrc.js
to have the javascript extension otherwise the Code Climate engine will just ignore the eslintrc that you have.
Last but not least the result of Code Quality analysis on one of the projects:
That's all for today!