Skip to content

Add codequality reports endpoint to graphql

Max Orefice requested to merge mo-add-codequality-to-graphql into master

Ref: #328257 (closed)

What does this MR do?

This MR exposes our code quality data at the pipeline level. This features is for GitLab Premium.

It includes the following items:

  • Adds new CodeQualityDegradationType type
  • Exposes code_quality_reports to PipelineType

Why are we doing this?

This new feature allows us to aggregate multiple code quality reports at the pipeline level.

The frontend will request the codequality data and we will return all the necessary data to build the code quality tab at the pipeline level.

Example query

GraphQL request Response 
{
project(fullPath:"root/test-codequality"){
  pipeline(iid:1){
    id
    codeQualityReports{
      count
      nodes {
        description
        severity
        fingerprint
        path
        line
      }
    }
  }
}
}
 
{
"data": {
  "project": {
    "pipeline": {
      "id": "gid://gitlab/Ci::Pipeline/107",
      "codeQualityReports": {
        "count": 5,
        "nodes": [
          {
            "description": "Method `new_array` has 12 arguments (exceeds 4 allowed). Consider refactoring.",
            "severity": "MAJOR",
            "fingerprint": "9b9389167bf5b213ad08bb923b791da0",
            "path": "codequality.rb",
            "line": 5
          },
          {
            "description": "Method `long_if` has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.",
            "severity": "MINOR",
            "fingerprint": "39462e3483bbf37de1461eb80c8ee892",
            "path": "codequality.rb",
            "line": 9
          },
          {
            "description": "Avoid deeply nested control flow statements.",
            "severity": "MAJOR",
            "fingerprint": "d2afc45d5244001e912f10ddd66d6d85",
            "path": "codequality.rb",
            "line": 18
          },
          {
            "description": "Avoid more than 4 levels of block nesting.",
            "severity": "MINOR",
            "fingerprint": "448350e60ccea4695ecfee2d2d6c081c",
            "path": "codequality.rb",
            "line": 18
          },
          {
            "description": "Avoid parameter lists longer than 5 parameters. [12/5]",
            "severity": "MINOR",
            "fingerprint": "e9c6020381c8ce64f21251b47d1dac67",
            "path": "codequality.rb",
            "line": 5
          }
        ]
      }
    }
  }
}
}

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Max Orefice

Merge request reports