Show Code Analysis in PR
During a project build, compilers, code linters, and other tools produce warnings, errors etc. These results are not seen by a pull request author, unless they manually inspect the build logs.
Code Review Assistant analyzes build logs and shows compiler and code analysis results right in the pull request. So the developers do not miss issues and improve the pull request before merging:
Supported CI Servers
Currently, these CI servers are supported.
Bamboo
Jenkins
Please, tell us if you use another CI server.
Supported Analyzers
Currently, these analyzers are supported:
Missing support for a static analyzer? Tell us the analyzer and compiler you use in your build and we can consider supporting it in the future.
Unsupported analyzers and Checkstyle output format
Using a static code analysis tool that Code Review Assistant does not support? Many tools support Checkstyle XML as the output format, e.g. with a parameter like --reporter=checkstyle
.
Code Review Assistant supports Checkstyle XML, so even if a tool is not listed here, you can still use it if you print the analysis output as Checkstyle XML to the build log.
Setup with Bamboo
Initial Setup, Connecting to Bamboo (version 5.7+)
Ensure you have an Application link to Bamboo
Login into Bamboo with the user you want to use. The user needs āeditā permission on the build plans, in order to read configuration details.
Navigate to User-Avatar->Profile->Personal access token or https://{bamboo-domain}/profile/userAccessTokens.action
Create a access token with the āsame as userā permissions:
Go to Bitbucket: Bitbucket Administration ā Code Review Assistant
Add the created token to the configuration.
Save the settings and a 'Authenticatedā batch status should appear.
Initial Setup, Connecting to Bamboo (version 5.0 - 5.6)
Ensure you have an Application link to Bamboo
Go to Bitbucket Administration ā Code Review Assistant
Select the Bitbucket user you are logged in as. When you select another user, a bug in these versions prevents configure that user.
Click the Authentication link and grant Bitbucket to Bamboo.
Save the settings.
Repo Setup: Configure Build
You must run your analyzer tools for every branch or pull request, to see analyzer results in pull requests. Enable branch builds in Bamboo like this:
Go to the Build Plan Configuration ā Branches
Enable the option to create branch builds automatically. The best options is to create a build for each pull request. It ensures the pull request exists when the build completes:
Save the Settings.
Start adding some of the supported static analyzers to your build.
Bamboo Specs
As an alternative, configure branch builds with Bamboo Specs:
Bamboo Specs Java:
.planBranchManagement(new PlanBranchManagement()
.createForPullRequest()
.delete(new BranchCleanup()
.whenRemovedFromRepositoryAfterDays(7)
.whenInactiveInRepositoryAfterDays(14))
.notificationForCommitters()
.issueLinkingEnabled(false));
Bamboo Specs YAML:
branches:
create: for-pull-request
delete:
after-deleted-days: 7
after-inactive-days: 14
link-to-jira: true
Setup Jenkins (since version 5.6)
Initial Setup, Connecting to Bamboo (version 5.7+)
Jenkins is supported via the Bitbucket Server Integration plugin.
Install the Bitbucket Server Integration in Jenkins
Follow the configuration steps of the Bitbucket Server Integration, so that an application link from Bitbucket to Jenkins is established.
Login into Jemkins with the you want to use.
Navigate to userās configuration: Avatar->Configure
Create a new API token
Go to Bitbucket Administration ā Code Review Assistant
Add the user and created token to the configuration:
Save the settings and a 'Authenticatedā batch status should appear.
Initial Setup, Connecting to Jenkins (version 5.6)
Jenkins is supported via the Bitbucket Server Integration plugin.
Install the Bitbucket Server Integration in Jenkins
Follow the configuration steps of the Bitbucket Server Integration, so that an application link from Bitbucket to Jenkins is established.
Go to Bitbucket Administration ā Code Review Assistant
Select the Bitbucket user you are logged in as. When you select another user, a bug in these versions prevents configure that user.
Click the Authentication link and grant Bitbucket to Jenkins.
Save the settings.
Repo Setup: Configure Build
You must run your analyzer tools for every branch or pull request, to see analyzer results in pull requests. The easiest way to do this is using a Mutlibranch Pipeline project.
Create a Multibranch Pipeline project:
Configure the project as you need.
Enable option āBitbucket webhook triggerā: Jenkins will create a build for each branch or pull request:
Repo Setup: Enable Analysis
Go to Repository ā Repository Settings ā Code Review Assistant
Enable the log analysis:
Start adding some of the supported static analyzers to your build.
Create a pull request, and the Compiler and Code Analysis results should show up.
Example for a Jenkinsfile
to execute PMD:
pipeline {
agent any
stages {
stage('pmd') {
steps {
sh './mvnw pmd:pmd'
sh 'cat ./target/pmd.xml || echo "No PMD analytics generated"'
}
}
}
}
Add Merge Checks to Code Insights report (Optional)
Go to a Pull Request within the chosen repo that contains a Code Insights report.
Find it next to this icon :Report:on the right hand side of the Pull Request.Click on it and the CRA report will open up and contain a Report Key.
Copy your report key.Now go to Repository ā Repository Settings ā Code Insights
Paste your report key under Required report .
Configure Required status and Annotation requirements.
Click Add and the merge check is now been added to the Code Insights report. The Pull Request will be prevented from being merged because of the present annotations.
Run Static Code Analysis tools on changed files only (Optional)
For each static code analysis tool, you need to configure which files should be analyzed.
Often, these tools support file globs like **/*.js
. While this works, it is not as efficient as it could be, because only the changed files of a pull request diff require an analysis.
To only analyze changed files, fetch the diff of the pull request from Bitbucketās REST API during your CI build, and pass the changed files paths to your analyzer.
Hereās an example for Bamboo and PHP (the script requires jq - the JSON processor):
#!/usr/bin/env bash
changedfiles=$(curl -H 'Authorization: Bearer BITBUCKET_ACCESS_TOKEN' --silent \
http://BITBUCKET_URL/rest/api/1.0/projects/PROJECT_KEY/repos/REPO_SLUG/pull-requests/${bamboo.repository.pr.key}/changes \
| jq -r ".values[] | .path.toString" \
| grep -E "\.php$")
php phpcs.phar --basepath=. --report=checkstyle $changedfiles
Line 3 - 6: fetches the diff of the pull request from the
/changes
Bitbucket endpointReplace
BITBUCKET_ACCESS_TOKEN
with your HTTP access token for this repo/projectReplace
BITBUCKET_URL
,PROJECT_KEY
andREPO_SLUG
with your actual valuesFilters
*.php
files to only pass them to the PHP static analyzer
Line 7: calls the PHP static analyzer with the list of the changed PHP files only
The branches option āWhen a pull request is createdā must be enabled (see image below) to get the PR ID in a Bamboo build plan.
For Jenkins, env.CHANGE_ID
can be used to get the PR ID within a Jenkinsfile
.