Make most out of your CI pipeline: Hassle-free and efficient code quality analysis and monitoring

Oct. 10, 2020

Tags: Code quality , Visualization , Trend analysis , Continuous integration , GitHub actions , QScored



A Continuous Integration (CI) pipeline, such as GitHub Actions, makes tasks such as compiling and testing software easier and automated. Though you may integrate code quality analysis tools (such as SonarQube, Codacy, and CodeBeat) into your CI pipeline. However, your pipeline may still lack some or all of the following much needed edge depending upon your employed code quality analysis tool.

  • A rich visualization for your code quality enabling you to comprehend your project and infer deeper issues.
  • Trend analysis of your project’s code quality ranking and score.
  • A relative code quality ranking compared to thousands of open-source projects giving enough confidence to your management that the project quality is at par, if it is, with a typical well-known open-source project.

How can you achieve all of the above-mentioned features in a hassle-free way? The combination of Designite and QScored can help you here! Keep on reading if you would like to setup (or improve) your CI pipeline in GitHub (via GitHub Actions) for your C# or Java projects, run Designite/DesigniteJava every time you push a commit, and upload the code quality analysis report to QScored for the rich visualization of smells and metrics as well as for relative ranking and code quality trend analysis.

Steps to setup a CI pipeline with Designite and QScored as GitHub Actions

Step 1. Obtain Personal access token and add it to GitHub secrets

  • 1.1 Create a new personal access token for your GitHub repository. You may do it by going to “Settings” -> “Developer settings” page of your GitHub account. Select “Personal access token” tab and create a new token.
  • 1.2 Add this token to your repository’s secrets. Go to “Settings” within your repository page and select “Secrets”. Add a new secret by pasting the access token in the Value field and give a meaning name (e.g. PAT).

Step 2: Add QScored API key to secrets

  • 2.1 If you do not have a QScored API key for your account, follow these steps to get one.
    • Login to your QScored account. If you don’t have an account yet, create one.
    • Go to the “Settings” page after logging in; it is located on the right top side of the navigation bar. Click on “Request an API key” option; you will get your API key within seconds in your inbox.
  • 2.2 Add the API key to your GitHub’s repository secrets. Let’s say you name it QSCORED_API_KEY.

Step 3: Optional: Add your Designite key to secrets

If you have Designite’s professional (or academic) license key, add the key to your GitHub’s repository secrets. Let us call it D_KEY

Step 4: Add a GitHub Actions workflow file

This is the last and very crucial step. Create a folder “.github” on your root directory of the project and create “workflows” folder inside the “.github” folder. Create a workflow file (say “actions.yml”) in the newly created “workflows” folder. The contents of the action.yml file depends upon your project language and tasks.

Sample actions.yml file for a C# project (.NET framework-based)

Change <Your email> and <Project name> in the following action file. Also, you may choose to keep your project private or publicly searchable by setting “is_open_access” to “off” or “on” respectively.

name: CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: windows-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v2

    - name: download build tools
      run: Invoke-webrequest -uri  https://aka.ms/vs/16/release/vs_buildtools.exe -OutFile vs_buildtools.exe
      shell: powershell

    - name: install build tools with required packages
      run: .\vs_buildtools.exe --wait --norestart --passive --installPath "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools" --includeOptional --includeRecommended --add Microsoft.VisualStudio.Workload.ManagedDesktopBuildTools --add Microsoft.VisualStudio.Workload.MSBuildTools --add Microsoft.VisualStudio.Workload.NativeDesktop --add Microsoft.VisualStudio.Workload.NetCoreTools
      shell: cmd

    - name: set MSBuildSDKsPath env variable
      run: echo ::set-env name=MSBuildSDKsPath::"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Sdks"

    - name: download DesigniteConsole.exe and unpack
      run: |
        curl.exe -o DesigniteConsole.zip "http://www.designite-tools.com/download/DesigniteConsole.zip"
        powershell.exe -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('DesigniteConsole.zip','.');}"
    - name: Run Designite and send the analysis report to QScored
      run: |
        .\DesigniteConsole\DesigniteConsole.exe -ci -repo ${{ github.repository }} -pat ${{ secrets.PAT }} -k ${{ secrets.D_KEY }}
        # cat Designite_output/DesigniteAnalysis.xml
        curl -X PUT -H "Authorization: Token ${{ secrets.QSCORED_API_KEY }}" -H "repository-link:https://github.com/" + ${{ github.repository }} -H "username: 'Your
        email'" -H "Content-Type: mulitpart/form-data" --url "https://qscored.com/api/upload/file.xml?is_open_access=off&version=${{ github.run_number }}&project_name='Project
        name'" -F "file=@Designite_output/DesigniteAnalysis.xml"

Sample actions.yml file for a Java project

Change <Your email> and <Project name> in the following action file. Also, you may choose to keep your project private or publicly searchable by setting “is_open_access” to “off” or “on” respectively.

name: CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Build with Maven
        run: mvn clean install
      - name: Download DesigniteJava
        run: wget "https://www.designite-tools.com/static/download/DJE/DesigniteJava.jar"
      - name: Analyze project with DesigniteJava
        run: |
          java -jar DesigniteJava.jar -ci -repo $GITHUB_REPOSITORY -pat ${{ secrets.PAT }} -k ${{ secrets.D_KEY }}
          ls
          curl -X PUT -H "Authorization: Token ${{ secrets.QSCORED_API_KEY }}" -H "repository-link:https://github.com/" + GITHUB_REPOSITORY -H "username: 'Your
        email'" -H "Content-Type: mulitpart/form-data" --url "https://qscored.com/api/upload/file.xml?is_open_access=off&version=$GITHUB_RUN_NUMBER&project_name='Project
        name'" -F "file=@Designite_output/DesigniteAnalysis.xml"

What will you get?

It’s important to know what you will get after putting effort to setup a CI pipeline with Designite and QScored.

The first thing that you achieved by the above exercise is that you have automated code analysis with Designite for each commit. Also, you have exported the analysis results to QScored. It implies that you can observe the trend of your code quality over time as well as relative ranking of your projects on QScored. Here is an example of the ‘My projects’ dashboards looks like.

dashboard in QScored
'My projects’ dashboard in QScored

Another related aspect that you achieved is that you may take a deeper look at your code quality report using QScored nice visualizations. The visualizations are designed to help you understand the quality hotspots of your projects and help you dig deeper them.

Summary of code quality visualization in QScored
Summary of code quality visualization in QScored