CodeQualityToGitlab 1.0.0
dotnet tool install --global CodeQualityToGitlab --version 1.0.0
dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local CodeQualityToGitlab --version 1.0.0
#tool dotnet:?package=CodeQualityToGitlab&version=1.0.0
nuke :add-package CodeQualityToGitlab --version 1.0.0
dotnet_gitlab_code_quality
What does it do?
Gitlabs Code Quality Issue format is different from the format used by .Net to report code quality issues (Sarif 1.0 as of the time of writing). Reporting code quality issues in Gitlab is therefore not really possible. This tool aims to rectify this problem by offering three functions:
- Convert Microsoft Build time code quality issues into Gitlabs format
- Convert Roslynator issues into Gitlabs format
- Merge multiple Gitlab files into one file
Example:
I assume that you have your Project at c:\dev\myproject and you have build it, so that a codequality file exists at c:\dev\myproject\codeanalysis.sarif.json
Now we want to generate a Gitlab compatible file:
dotnet tool run cq sarif codeanalysis.sarif.json targetfile.json c:/dev
For Roslynator:
dotnet tool run cq roslynator roslynator.xml targetfile.json c:/dev
For merging:
dotnet tool run cq merge target.json source1.json source2.json
Note the third argument, it is used to report only the path relative to the repository, not the full local path. Now you can upload your file in Gitlab und you SHOULD be able to see it in the merge view Gotcha: Gitlab compares issues to the target of the merge. When there are no issues in the target branch, it will not display anything. So please run this tool on your main branch first then open a merge request to see it in the Gitlab UI.
All in one:
dotnet tool run cq transform '**/*.sarif.json' '**/roslynator.xml' gl-code-quality-report.json
This basically globs for the relevant files and merges them.
Gitlab Pipeline should look like this:
code_quality_job:
image: mcr.microsoft.com/dotnet/sdk:7.0
stage: test
script:
- 'dotnet build ./MySln.sln'
- 'dotnet tool run roslynator analyze ./MySln.sln -o roslynator.xml || true'
- 'dotnet tool run cq roslynator.xml gl-code-quality-report.json c:\dev'
artifacts:
paths:
- roslynator.xml
- gl-code-quality-report.json
expose_as: 'code_quality_reports'
reports:
codequality: gl-code-quality-report.json
rules:
- if: $CI_MERGE_REQUEST_ID
- if: $CI_COMMIT_REF_NAME == "release"
- if: $CI_COMMIT_REF_NAME == "develop"
when:
always
allow_failure: false
How to install?
For interactive usage
dotnet tool install --global CodeQualityToGitlab --version 0.1.1
for pipeline use a manifest:
How to contribute?
Make a PR in this repo.
Additional
While dotnet only outputs Sarif 1, other projects use Sarif 2. For convenience, this library supports both Sarif versions
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
This package has no dependencies.
Version | Downloads | Last updated |
---|---|---|
1.0.0 | 57,190 | 1/31/2024 |
0.9.0 | 22,362 | 11/17/2023 |
0.8.0 | 250 | 11/17/2023 |
0.6.0 | 7,145 | 5/2/2023 |
0.5.0 | 7,995 | 4/2/2023 |
0.4.1 | 3,883 | 3/13/2023 |
0.4.0 | 240 | 3/13/2023 |
0.3.3 | 1,273 | 12/29/2022 |
0.3.2 | 303 | 12/29/2022 |
0.3.1 | 287 | 12/29/2022 |
0.3.0 | 349 | 12/28/2022 |
0.2.0 | 326 | 12/28/2022 |
0.1.3 | 7,802 | 12/27/2022 |
0.1.2 | 291 | 12/27/2022 |
0.1.1 | 894 | 12/27/2022 |
0.1.0 | 312 | 12/27/2022 |