• Stars
    star
    248
  • Rank 163,560 (Top 4 %)
  • Language
    JavaScript
  • License
    Apache License 2.0
  • Created about 4 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

Qodana Scan

official JetBrains project GitHub Discussions Twitter Follow

Qodana is a code quality monitoring tool that identifies and suggests fixes for bugs, security vulnerabilities, duplications, and imperfections.

Table of Contents

Usage

The Qodana Scan GitHub action allows you to run Qodana on a GitHub repository.

Basic configuration

To configure Qodana Scan, save the .github/workflows/code_quality.yml file containing the workflow configuration:

name: Qodana
on:
  workflow_dispatch:
  pull_request:
  push:
    branches:
      - main
      - 'releases/*'

jobs:
  qodana:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: 'Qodana Scan'
        uses: JetBrains/[email protected]

Using this workflow, Qodana will run on the main branch, release branches, and on the pull requests coming to your repository.

Note: fetch-depth: 0 is required for checkout in case Qodana works in pull request mode (reports issues that appeared only in that pull request).

We recommend that you have a separate workflow file for Qodana because different jobs run in parallel .

Qodana Cloud

To send the results to Qodana Cloud, all you need to do is to specify the QODANA_TOKEN environment variable in the build configuration.

  1. In the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.
  2. In the GitHub workflow file, add QODANA_TOKEN variable to the env section of the Qodana Scan step:
      - name: 'Qodana Scan'
        uses: JetBrains/[email protected]
        env:
          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

After the token is set for analysis, all Qodana job results will be uploaded to your Qodana Cloud project.

Qodana Cloud

GitHub code scanning

You can set up GitHub code scanning for your project using Qodana. To do it, add these lines to the code_quality.yml workflow file right below the basic configuration of Qodana Scan:

      - uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json

This sample invokes codeql-action for uploading a SARIF-formatted Qodana report to GitHub and specifies the report file using the sarif_file key.

GitHub code scanning does not export inspection results to third-party tools, which means you cannot use this data for further processing by Qodana. In this case, you must set up baseline and quality gate processing on the Qodana side before submitting inspection results to GitHub code scanning. See the Quality gate and baseline section for details.

Pull request quality gate

You can enforce GitHub to block the merge of pull requests if the Qodana quality gate has failed. To do it, create a branch protection rule as described below:

  1. Create a new or open an existing GitHub workflow that invokes the Qodana Scan action.
  2. Set the workflow to run on pull_request events that target the main branch.
on:
  pull_request:
    branches:
      - main

Instead of main, you can specify your branch here.

  1. Set the number of problems (integer) for the Qodana action fail-threshold option.
  2. Under your repository name, click Settings.
  3. On the left menu, click Branches.
  4. In the branch protection rules section, click Add rule.
  5. Add main to Branch name pattern.
  6. Select Require status checks to pass before merging.
  7. Search for the Qodana status check, then check it.
  8. Click Create.

Quality gate and baseline

You can combine the quality gate, and baseline features to manage your technical debt, report only new problems, and block pull requests that contain too many issues.

Follow these steps to establish a baseline for your project:

  1. Run Qodana locally over your project:
cd project
qodana scan --show-report
  1. Open your report at http://localhost:8080/, add detected problems to the baseline, and download the qodana.sarif.json file.

  2. Upload the qodana.sarif.json file to your project root folder on GitHub.

  3. Append --baseline,qodana.sarif.json argument to the Qodana Scan action configuration args parameter in the code_quality.yml file:

- name: Qodana Scan
  uses: JetBrains/[email protected]
  with:
    args: --baseline,qodana.sarif.json

If you want to update the baseline, you must repeat these steps.

After that, the Qodana Scan GitHub action will generate alerts only for the problems that were not added to the baseline as new.

To establish a quality gate additionally to the baseline, add this line to qodana.yaml in the root of your repository:

failThreshold: <number-of-accepted-problems>

Based on this, you will be able to detect only new problems in pull requests that fall beyond the baseline. At the same time, pull requests with new problems exceeding the fail-threshold limit will be blocked, and the workflow will fail.

Get a Qodana badge

You can set up a Qodana workflow badge in your repository. To do it, follow these steps:

  1. Navigate to the workflow run that you previously configured.
  2. On the workflow page, select Create status badge.
  3. Copy the Markdown text to your repository README file.

Creating status badge

Configuration

Most likely, you won't need other options than args: all other options can be helpful if you are configuring multiple Qodana Scan jobs in one workflow.

Use with to define any action parameters:

with:
  args: --baseline,qodana.sarif.json
  cache-default-branch-only: true
Name Description Default Value
args Additional Qodana CLI scan command arguments, split the arguments with commas (,), for example -i,frontend,--print-problems. Optional. -
results-dir Directory to store the analysis results. Optional. ${{ runner.temp }}/qodana/results
upload-result Upload Qodana results as an artifact to the job. Optional. true
artifact-name Specify Qodana results artifact name, used for results uploading. Optional. qodana-report
cache-dir Directory to store Qodana cache. Optional. ${{ runner.temp }}/qodana/caches
use-caches Utilize GitHub caches for Qodana runs. Optional. true
primary-cache-key Set the primary cache key. Optional. qodana-2023.1-${{ github.ref }}-${{ github.sha }}
additional-cache-key Set the additional cache key. Optional. qodana-2023.1-${{ github.ref }}
cache-default-branch-only Upload cache for the default branch only. Optional. false
use-annotations Use annotation to mark the results in the GitHub user interface. Optional. true
pr-mode Analyze only changed files in a pull request. Optional. true

Issue Tracker

All the issues, feature requests, and support related to the Qodana Azure Pipelines extension are handled on YouTrack.

If you'd like to file a new issue, please use the link YouTrack | New Issue.

More Repositories

1

kotlin

The Kotlin Programming Language.
Kotlin
48,745
star
2

intellij-community

IntelliJ IDEA Community Edition & IntelliJ Platform
Java
17,135
star
3

compose-multiplatform

Compose Multiplatform, a modern UI framework for Kotlin that makes building performant and beautiful user interfaces easy and enjoyable.
Kotlin
16,179
star
4

JetBrainsMono

JetBrains Mono – the free and open-source typeface for developers
Shell
10,765
star
5

Exposed

Kotlin SQL Framework
Kotlin
8,296
star
6

ideavim

IdeaVim – A Vim engine for JetBrains IDEs
Kotlin
7,980
star
7

kotlin-native

Kotlin/Native infrastructure
Kotlin
7,026
star
8

ring-ui

A collection of JetBrains Web UI components
TypeScript
3,595
star
9

intellij-platform-plugin-template

Template repository for creating plugins for IntelliJ Platform
Kotlin
3,048
star
10

kotlinconf-app

KotlinConf Schedule Application
Kotlin
2,967
star
11

skija

Java bindings for Skia
Java
2,628
star
12

create-react-kotlin-app

Create React apps using Kotlin with no build configuration
JavaScript
2,480
star
13

projector-docker

Run JetBrains IDEs remotely with Docker
Shell
2,235
star
14

intellij-plugins

Open-source plugins included in the distribution of IntelliJ IDEA Ultimate and other IDEs based on the IntelliJ Platform
Java
2,002
star
15

svg-sprite-loader

Webpack loader for creating SVG sprites.
JavaScript
1,998
star
16

skiko

Kotlin Multiplatform bindings to Skia
C++
1,825
star
17

compose-multiplatform-ios-android-template

Compose Multiplatform iOS+Android Application project template
Kotlin
1,600
star
18

lets-plot

Multiplatform plotting library based on the Grammar of Graphics
Kotlin
1,559
star
19

MPS

JetBrains Meta programming System
JetBrains MPS
1,527
star
20

kotlin-web-site

The Kotlin programming language website
JavaScript
1,474
star
21

intellij-platform-gradle-plugin

Gradle plugin for building plugins for IntelliJ-based IDEs
Kotlin
1,426
star
22

kotlin-wrappers

Kotlin wrappers for popular JavaScript libraries
Kotlin
1,339
star
23

phpstorm-stubs

PHP runtime & extensions header files for PhpStorm
PHP
1,317
star
24

JetBrainsRuntime

Runtime environment based on OpenJDK for running IntelliJ Platform-based products on Windows, macOS, and Linux
Java
1,312
star
25

idea-gitignore

.ignore support plugin for IntelliJ IDEA
Kotlin
1,290
star
26

projector-server

Server-side library for running Swing applications remotely
Kotlin
1,246
star
27

intellij-sdk-docs

IntelliJ SDK Platform Documentation
Markdown
1,212
star
28

resharper-unity

Unity support for both ReSharper and Rider
C#
1,209
star
29

intellij-scala

Scala plugin for IntelliJ IDEA
Scala
1,192
star
30

xodus

Transactional schema-less embedded database used by JetBrains YouTrack and JetBrains Hub.
Java
1,180
star
31

kotless

Kotlin Serverless Framework
Kotlin
1,147
star
32

intellij-sdk-code-samples

Mirror of the IntelliJ SDK Docs Code Samples
Java
1,074
star
33

amper

Amper - a project configuration and build tool with a focus on the user experience and the IDE support
Kotlin
995
star
34

js-graphql-intellij-plugin

GraphQL language support for WebStorm, IntelliJ IDEA and other IDEs based on the IntelliJ Platform.
Java
879
star
35

android

Android Plugin for IntelliJ IDEA. This repository is a subset of https://git.jetbrains.org/?p=idea/android.git cut according to GitHub file size limitations.
Kotlin
863
star
36

projector-installer

Install, configure and run JetBrains IDEs with Projector Server on Linux or in WSL
Python
808
star
37

projector-client

Common and client-related code for running Swing applications remotely
Kotlin
806
star
38

Grammar-Kit

Grammar files support & parser/PSI generation for IntelliJ IDEA
Java
715
star
39

jewel

An implementation of the IntelliJ look and feels in Compose for Desktop
Kotlin
709
star
40

markdown

Markdown parser written in kotlin
Kotlin
691
star
41

Arend

The Arend Proof Assistant
Java
691
star
42

jediterm

Pure Java Terminal Emulator. Works with SSH and PTY.
Java
675
star
43

compose-multiplatform-template

Compose Multiplatform Application project template
Kotlin
623
star
44

lincheck

Framework for testing concurrent data structures
Kotlin
576
star
45

Nitra

Public Nitra repository
Nemerle
549
star
46

intellij-micropython

Plugin for MicroPython devices in PyCharm and IntelliJ
Python
506
star
47

compose-multiplatform-desktop-template

Compose Multiplatform Desktop Application project template
Kotlin
447
star
48

kotlin-playground

Self-contained component to embed in websites for running Kotlin code
JavaScript
440
star
49

lets-plot-kotlin

Grammar of Graphics for Kotlin
Kotlin
434
star
50

java-annotations

Annotations for JVM-based languages.
Kotlin
405
star
51

colorSchemeTool

Python
396
star
52

Qodana

📝 Source repository of Qodana Help
389
star
53

phpstorm-attributes

PhpStorm specific attributes
PHP
388
star
54

godot-support

C#
385
star
55

rd

Reactive Distributed communication framework for .NET, Kotlin, C++. Inspired by Rider IDE.
C#
385
star
56

pty4j

Pty for Java
Java
354
star
57

Unity3dRider

Unity JetBrains Rider integration
348
star
58

resharper-fsharp

F# support in JetBrains Rider
F#
328
star
59

phpstorm-workshop

Code for the PhpStorm workshop
PHP
287
star
60

web-types

JSON standard for documenting web component libraries for IDEs, documentation generators and other tools
TypeScript
280
star
61

awesome-pycharm

A curated list of resources for learning and using PyCharm, a Python IDE from JetBrains
280
star
62

gradle-changelog-plugin

Plugin for parsing and managing the Changelog in a "keep a changelog" style.
Kotlin
266
star
63

youtrack-mobile

A iOS and Android client for YouTrack
TypeScript
265
star
64

meta-runner-power-pack

A set of Meta-runners for TeamCity
PowerShell
256
star
65

inspection-plugin

Gradle plugin to launch IDEA inspections
Kotlin
256
star
66

ideolog

Interactive viewer for '.log' files.
Kotlin
254
star
67

jcef

A simple framework for embedding Chromium-based browsers into Java-based applications.
Java
245
star
68

kotlin-compiler-server

Server for executing kotlin code
Kotlin
241
star
69

gradle-idea-ext-plugin

Plugin to store IJ settings in gradle script
Groovy
233
star
70

resharper-rider-samples

Simple interactive exercises to help learn ReSharper and Rider
C#
225
star
71

php-timeline

Notable events of PHP history
222
star
72

la-clojure

Clojure plugin for IntelliJ IDEA
Java
220
star
73

jdk8u_jdk

Java
212
star
74

pest-intellij

The official Pest Plugin for PhpStorm / IntelliJ IDEA
Kotlin
197
star
75

youtrack-workflows

YouTrack Custom Workflow Repository
JavaScript
194
star
76

psiviewer

PSI Viewer for IntelliJ IDEA plugin development
Java
184
star
77

intellij-plugin-verifier

Compatibility verification tool for IntelliJ Platform plugins
Kotlin
178
star
78

resharper-rider-plugin

https://www.jetbrains.com/help/resharper/sdk/
PowerShell
175
star
79

rider-efcore

Entity Framework Core UI plugin for JetBrains Rider
Kotlin
174
star
80

svg-mixer

Node.js toolset for generating & transforming SVG images and sprites in modern way
JavaScript
173
star
81

qodana-cli

🔧 JetBrains Qodana’s official command line tool
Go
171
star
82

phpstorm-docker-images

Pre-configured Docker images used by PhpStorm team
Dockerfile
171
star
83

compose-for-web-demos

Historical repository of early Compose for Web effort.
170
star
84

kotlin-web-demo

Online mini-IDE for Kotlin
Kotlin
167
star
85

intellij-samples

Code that demonstrates various IntelliJ IDEA features
Java
167
star
86

jetbrains_guide

JetBrains Guides where Developer Advocacy and the community share ideas.
CSS
164
star
87

jdk8u_hotspot

C++
159
star
88

educational-plugin

Educational plugin to learn and teach programming languages such as Kotlin, Java, Python, JavaScript, and others right inside of JetBrains IntelliJ Platform based IDEs.
Kotlin
152
star
89

teamcity-messages

Python Unit Test Reporting to TeamCity
Python
139
star
90

lets-plot-skia

Skia frontend for Lets-Plot multiplatform plotting library.
Kotlin
137
star
91

ruby-type-inference

Dynamic definitions and types provider for ruby static analysis
Kotlin
137
star
92

YouTrackSharp

.NET Standard 2.0 Library to access YouTrack API.
C#
134
star
93

clion-remote

134
star
94

resharper-angularjs

ReSharper plugin for AngularJS support
JavaScript
134
star
95

UnrealLink

C++
132
star
96

golandtipsandtricks

This is an ever evolving repository for GoLand Tips&Tricks
Go
132
star
97

python-skeletons

The python-skeltons repo is deprecated: use PEP 484 and Typeshed instead
Python
132
star
98

phpstorm-phpstan-plugin

PHPStan plugin for PhpStorm
Java
131
star
99

clion-wsl

Shell
130
star
100

teamcity-docker-samples

TeamCity docker compose samples
Shell
128
star