Codiga has joined Datadog!

Read the Blog·

Interested in our Static Analysis?

Sign up
← All posts
Julien Delange Saturday, June 5, 2021

Monitor Code Quality with CircleCI and Codiga

Share

AUTHOR

Julien Delange, Founder and CEO

Julien is the CEO of Codiga. Before starting Codiga, Julien was a software engineer at Twitter and Amazon Web Services.

Julien has a PhD in computer science from Universite Pierre et Marie Curie in Paris, France.

See all articles

Pipeline

Why check your code quality?

It’s important to ensure your code quality stays above a given threshold that guarantees the quality of your software.

However, this is hard:

  • This is a constant effort to inspect the source code and look for potential issues
  • This is often a manually intensive process
  • Software auditors need to make sure all tools are up to date

Thankfully, Codiga (now Codiga) lets you analyze your code quality automatically at each commit and present all analysis results in a user-friendly dashboard.

What is a Continuous Integration Pipeline?

A Continuous Integration Pipeline (often referred to as CI Pipeline) is a series of automated steps to automate tests and deployments. Generally, a Continuous Integration Pipeline consists of three major steps as shown below

  1. Clone the code: get the current version of the code from configuration management (GitHub, GitLab, Bitbucket).
  2. Run tests: check that the current version of the code passes all required tests, checking the quality of the software against the requirements.
  3. Deploy: install the new revision of the software in a testing or production environment.

Code Checking Process

Depending on your organization, deployment schedule, and testing policy, your CI pipeline might be more complicated but it generally follows the patterns explained above.

When testing the software, various approaches are used. From running unit tests, integration tests to checking other aspects of the code quality.

This is in this particular step that we want to integrate with Codiga and automatically check that the code quality is above a given threshold. This is done in the testing phase where the quality of the code is being evaluated before any tests. If the code does not satisfy certain requirements, the code is not tested, built, or deployed.

What is CircleCI?

CircleCI is a continuous integration/delivery platform that lets you define jobs to build, test and deploy your software. You can define sequences to build, test and deploy your software using continuous integration pipelines.

Integrating CircleCI with Codiga to continuously check your code quality

Let’s explain how you can call Codiga in your CircleCI. We will call Codiga within CircleCI to check your code quality.

Step 1: Add environment variable to your CircleCI project

The first step is to define environment variables in your CircleCI environment. Edit your CircleCI configuration and its environment.

Configure Codiga token in CircleCI

You need to create the three following variables:

  • CODIGA_TOKEN: your Codiga token
  • CODIGA_PROJECT_NAME: the name of your project on Codiga.

For your API keys, you get them directly on the Codiga App once logged.

Call Codiga in CircleCI

The second step is to add steps in your .circleci/config.yml CircleCI file to call Codiga. It is done in two steps

  1. Install the codiga Python package
  2. Call codiga-check-quality to check the code quality of your project. This program will succeed if your program meets the code quality criteria specified or fail if it does not.

For example, if you call codiga-check-quality with the argument --min-quality-score 75 it means that the project should have a minimum quality score of 75.

There is an example of how to call the codiga-check-quality tool in CircleCI.

- run:
  name: Code Quality Gate
  command: |
  pip install codiga
  codiga-check-quality --project "${CODIGA_PROJECT_NAME}" --min-quality-score 30  --sha "${CIRCLE_SHA1}" --max-timeout-sec 60

You can pass multiple criteria to check the code quality:

  • Code Quality Score
  • Ratio of number of violations per line of code
  • Ratio of complex functions
  • Ratio of long functions
  • Ratio of code duplication

You can learn more about all criteria on the citool Python project.

The following file shows an example of how to install the codiga Python package (pip install codiga) and how to check the code quality (codiga-check-quality ...).

version: 2.1

orbs:
 python: circleci/python@1.2

workflows:
 sample:
 jobs:

- build-and-test

jobs:
 build-and-test:
 docker:

- image: cimg/posts/python:3.8
  steps:
- checkout
- run:
  name: Code Quality Gate
  command: |
  pip install codiga
  codiga-check-quality --project "${CODIGA\_PROJECT\_NAME}" --min-quality-score 75  --sha "${CIRCLE_SHA1}" --max-timeout-sec 60

See the results in action

Once your .circleci/config.yml is edited and the environment variables are correctly defined, you are ready to test everything! Start a build and you can see the results ofcodiga-check-quality in your CircleCI dashboard. When running the tool, it shows the analysis results.

CircleCI Code Quality Check

Wrapping up

In this article, we explained how to integrate Codiga with CircleCI to check your code quality at each commit. No need to manually review the code, everything is done automatically by Codiga and checked at each commit using CircleCI.

Want to learn more or have any questions?

Are you interested in Datadog Static Analysis?

Sign up