code_quality.md 23.9 KB
Newer Older
1
---
2 3
stage: Verify
group: Testing
4
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
5 6 7
type: reference, howto
---

8
# Code Quality **(FREE)**
9

10
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3.
11
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
12

James Heimbuck's avatar
James Heimbuck committed
13
Ensuring your project's code stays simple, readable and easy to contribute to can be problematic. With the help of [GitLab CI/CD](../../../ci/README.md), you can analyze your
14
source code quality using GitLab Code Quality.
15 16 17

Code Quality:

18
- Uses [Engines](https://docs.codeclimate.com/docs/list-of-engines) supported by Code Climate, which are
19
  free and open source. Code Quality does not require a Code Climate
20
  subscription.
21
- Runs in [pipelines](../../../ci/pipelines/index.md) using a Docker image built in the
22
  [GitLab Code
23
  Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project using [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults).
24
- Can make use of a [template](#example-configuration).
Craig Norris's avatar
Craig Norris committed
25
- Is available by using [Auto Code Quality](../../../topics/autodevops/stages.md#auto-code-quality), provided by [Auto DevOps](../../../topics/autodevops/index.md).
James Heimbuck's avatar
James Heimbuck committed
26
- Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool).
27

28 29
## Code Quality Widget

30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3.
31 32
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.

33
Going a step further, GitLab can show the Code Quality report right
34
in the merge request widget area if a report from the target branch is available to compare to:
35

36
![Code Quality Widget](img/code_quality.png)
37

38 39 40
Watch a quick walkthrough of Code Quality in action:

<div class="video-fallback">
41
  See the video: <a href="https://www.youtube.com/watch?v=B32LxtJKo9M">Code Quality: Speed Run</a>.
42 43 44 45 46
</div>
<figure class="video-container">
  <iframe src="https://www.youtube.com/embed/B32LxtJKo9M" frameborder="0" allowfullscreen="true"> </iframe>
</figure>

47
NOTE:
48 49 50
For one customer, the auditor found that having Code Quality, SAST, and Container Scanning all automated in GitLab CI/CD was almost better than a manual review! [Read more](https://about.gitlab.com/customers/bi_worldwide/).

See also the Code Climate list of [Supported Languages for Maintainability](https://docs.codeclimate.com/docs/supported-languages-for-maintainability).
51

52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
## Code Quality in diff view **(ULTIMATE)**

> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267612) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.11.
> - [Deployed behind a feature flag](../../../user/feature_flags.md), disabled by default.

Changes to files in merge requests can cause Code Quality to fall if merged. In these cases,
an indicator is displayed (**{information-o}** **Code Quality**) on the file in the merge request's diff view. For example:

![Code Quality MR diff report](img/code_quality_mr_diff_report_v13_11.png)

To enable this feature, a GitLab administrator can run the following in a
[Rails console](../../../administration/operations/rails_console.md):

```ruby
# For the instance
Feature.enable(:codequality_mr_diff)
# For a single project
Feature.enable(:codequality_mr_diff, Project.find(<project id>))
```

72 73 74 75
## Use cases

For instance, consider the following workflow:

76 77 78 79
1. Your backend team member starts a new implementation for making a certain
   feature in your app faster.
1. With Code Quality reports, they analyze how their implementation is impacting
   the code quality.
Christie Lenneville's avatar
Christie Lenneville committed
80
1. The metrics show that their code degrades the quality by 10 points.
81 82 83 84 85 86
1. You ask a co-worker to help them with this modification.
1. They both work on the changes until Code Quality report displays no
   degradations, only improvements.
1. You approve the merge request and authorize its deployment to staging.
1. Once verified, their changes are deployed to production.

87 88 89
## Example configuration

This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker.
90
It requires GitLab 11.11 or later, and GitLab Runner 11.5 or later. If you are using
91
GitLab 11.4 or earlier, you can view the deprecated job definitions in the
92
[documentation archive](https://docs.gitlab.com/12.10/ee/user/project/merge_requests/code_quality.html#previous-job-definitions).
93

drew's avatar
drew committed
94
- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker).
Evan Read's avatar
Evan Read committed
95
- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently.
96

Amy Qualls's avatar
Amy Qualls committed
97
In either configuration, the runner must have enough disk space to handle generated Code Quality files. For example on the [GitLab project](https://gitlab.com/gitlab-org/gitlab) the files are approximately 7 GB.
98

99
Once you set up GitLab Runner, include the Code Quality template in your CI configuration:
100 101 102 103 104 105

```yaml
include:
  - template: Code-Quality.gitlab-ci.yml
```

106 107
The above example creates a `code_quality` job in your CI/CD pipeline which
scans your source code for code quality issues. The report is saved as a
108
[Code Quality report artifact](../../../ci/yaml/README.md#artifactsreportscodequality)
109
that you can later download and analyze.
110

111
It's also possible to override the URL to the Code Quality image by
112
setting the `CODE_QUALITY_IMAGE` CI/CD variable. This is particularly useful if you want
113
to lock in a specific version of Code Quality, or use a fork of it:
114

115
```yaml
116 117 118 119 120 121 122 123
include:
  - template: Code-Quality.gitlab-ci.yml

code_quality:
  variables:
    CODE_QUALITY_IMAGE: "registry.example.com/codequality-fork:latest"
```

124 125 126 127 128 129 130
In [GitLab 13.4 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/11100), you can override the [Code Quality environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables):

```yaml
variables:
  TIMEOUT_SECONDS: 1

include:
131
  - template: Code-Quality.gitlab-ci.yml
132 133
```

134 135 136 137 138 139 140 141 142 143 144 145
By default, report artifacts are not downloadable. If you need them downloadable on the
job details page, you can add `gl-code-quality-report.json` to the artifact paths like so:

```yaml
include:
  - template: Code-Quality.gitlab-ci.yml

code_quality:
  artifacts:
    paths: [gl-code-quality-report.json]
```

146
The included `code_quality` job is running in the `test` stage, so it needs to be included in your CI configuration, like so:
147 148

```yaml
Daniel's avatar
Daniel committed
149
stages:
150 151 152
  - test
```

153
NOTE:
154
This information is automatically extracted and shown right in the merge request widget.
155

156
WARNING:
157
On self-managed instances, if a malicious actor compromises the Code Quality job
158
definition they could execute privileged Docker commands on the runner
159 160 161
host. Having proper access control policies mitigates this attack vector by
allowing access only to trusted actors.

drew's avatar
drew committed
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182
### Set up a private runner for code quality without Docker-in-Docker

It's possible to configure your own runners and avoid Docker-in-Docker. You can use a
configuration that may greatly speed up job execution without requiring your runners
to operate in privileged mode.

This alternative configuration uses socket binding to share the Runner's Docker daemon
with the job environment. Be aware that this configuration [has significant considerations](../../../ci/docker/using_docker_build.md#use-docker-socket-binding)
to be consider, but may be preferable depending on your use case.

1. Register a new runner:

   ```shell
   $ gitlab-runner register --executor "docker" \
     --docker-image="docker:stable" \
     --url "https://gitlab.com/" \
     --description "cq-sans-dind" \
     --tag-list "cq-sans-dind" \
     --locked="false" \
     --access-level="not_protected" \
     --docker-volumes "/cache"\
183
     --docker-volumes "/builds:/builds"\
drew's avatar
drew committed
184 185 186 187 188 189 190 191 192 193 194 195
     --docker-volumes "/var/run/docker.sock:/var/run/docker.sock" \
     --registration-token="<project_token>" \
     --non-interactive
   ```

1. **Optional, but recommended:** Set the builds directory to `/tmp/builds`,
  so job artifacts are periodically purged from the runner host. If you skip
  this step, you must clean up the default builds directory (`/builds`) yourself.
  You can do this by adding the following two flags to `gitlab-runner register`
  in the previous step.

   ```shell
196 197
   --builds-dir "/tmp/builds"
   --docker-volumes "/tmp/builds:/tmp/builds" # Use this instead of --docker-volumes "/builds:/builds"
drew's avatar
drew committed
198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
   ```

   The resulting configuration:

   ```toml
   [[runners]]
     name = "cq-sans-dind"
     url = "https://gitlab.com/"
     token = "<project_token>"
     executor = "docker"
     builds_dir = "/tmp/builds"
     [runners.docker]
       tls_verify = false
       image = "docker:stable"
       privileged = false
       disable_entrypoint_overwrite = false
       oom_kill_disable = false
       disable_cache = false
       volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock", "/tmp/builds:/tmp/builds"]
       shm_size = 0
     [runners.cache]
       [runners.cache.s3]
       [runners.cache.gcs]
   ```

1. Apply two overrides to the `code_quality` job created by the template:

   ```yaml
   include:
     - template: Code-Quality.gitlab-ci.yml

   code_quality:
     services:            # Shut off Docker-in-Docker
     tags:
       - cq-sans-dind     # Set this job to only run on our new specialized runner
   ```

The end result is that:

- Privileged mode is not used.
- Docker-in-Docker is not used.
- Docker images, including all CodeClimate images, are cached, and not re-fetched for subsequent jobs.

With this configuration, the run time for a second pipeline is much shorter. For example
242 243
this [small change](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/diffs?commit_id=1e705607aef7236c1b20bb6f637965f3f3e53a46)
to an [open merge request](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/pipelines)
drew's avatar
drew committed
244 245 246 247 248 249 250 251 252 253 254 255
running Code Quality analysis ran significantly faster the second time:

![Code Quality sequential runs without DinD](img/code_quality_host_bound_sequential.png)

This configuration is not possible on `gitlab.com` shared runners. Shared runners
are configured with `privileged=true`, and they do not expose `docker.sock` into
the job container. As a result, socket binding cannot be used to make `docker` available
in the context of the job script.

[Docker-in-Docker](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker)
was chosen as an operational decision by the runner team, instead of exposing `docker.sock`.

256 257
### Disabling the code quality job

258 259
The `code_quality` job doesn't run if the `$CODE_QUALITY_DISABLED` CI/CD variable
is present. Please refer to the CI/CD variables [documentation](../../../ci/variables/README.md)
260 261
to learn more about how to define one.

262 263
To disable the `code_quality` job, add `CODE_QUALITY_DISABLED` as a custom CI/CD variable.
This can be done:
264

265
- For [the whole project](../../../ci/variables/README.md#custom-cicd-variables).
266 267 268
- For a single pipeline run:

  1. Go to **CI/CD > Pipelines**
269
  1. Click **Run pipeline**
270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288
  1. Add `CODE_QUALITY_DISABLED` as the variable key, with any value.

### Using with merge request pipelines

The configuration provided by the Code Quality template does not let the `code_quality` job
run on [pipelines for merge requests](../../../ci/merge_request_pipelines/index.md).

If pipelines for merge requests is enabled, the `code_quality:rules` must be redefined.

The template has these [`rules`](../../../ci/yaml/README.md#rules) for the `code quality` job:

```yaml
code_quality:
  rules:
    - if: '$CODE_QUALITY_DISABLED'
      when: never
    - if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
```

289
If you are using merge request pipelines, your `rules` (or [`workflow: rules`](../../../ci/yaml/README.md#workflow))
290 291 292 293 294 295 296 297 298 299
might look like this example:

```yaml
job1:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' # Run job1 in merge request pipelines
    - if: '$CI_COMMIT_BRANCH == "master"'                # Run job1 in pipelines on the master branch (but not in other branch pipelines)
    - if: '$CI_COMMIT_TAG'                               # Run job1 in pipelines for tags
```

300
To make these work together, you need to overwrite the code quality `rules`
301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
so that they match your current `rules`. From the example above, it could look like:

```yaml
include:
  - template: Code-Quality.gitlab-ci.yml

code_quality:
  rules:
    - if: '$CODE_QUALITY_DISABLED'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' # Run code quality job in merge request pipelines
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'      # Run code quality job in pipelines on the master branch (but not in other branch pipelines)
    - if: '$CI_COMMIT_TAG'                               # Run code quality job in pipelines for tags
```

316
## Configuring jobs using variables
317

318 319
The Code Quality job supports environment variables that users can set to
configure job execution at runtime.
320

321
For a list of available environment variables, see
322
[Environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables).
323 324 325 326 327 328 329 330

## Implementing a custom tool

It's possible to have a custom tool provide Code Quality reports in GitLab. To
do this:

1. Define a job in your `.gitlab-ci.yml` file that generates the
   [Code Quality report
331
   artifact](../../../ci/yaml/README.md#artifactsreportscodequality).
332
1. Configure your tool to generate the Code Quality report artifact as a JSON
333
   file that implements a subset of the [Code Climate
334
   spec](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types).
335 336 337

The Code Quality report artifact JSON file must contain an array of objects
with the following properties:
338 339 340 341 342

| Name                   | Description                                                                            |
| ---------------------- | -------------------------------------------------------------------------------------- |
| `description`          | A description of the code quality violation.                                           |
| `fingerprint`          | A unique fingerprint to identify the code quality violation. For example, an MD5 hash. |
343
| `severity`             | A severity string (can be `info`, `minor`, `major`, `critical`, or `blocker`).                          |
344 345 346 347 348 349 350 351 352 353
| `location.path`        | The relative path to the file containing the code quality violation.                   |
| `location.lines.begin` | The line on which the code quality violation occurred.                                 |

Example:

```json
[
  {
    "description": "'unused' is assigned a value but never used.",
    "fingerprint": "7815696ecbf1c96e6894b779456d330e",
354
    "severity": "minor",
355 356 357 358 359 360 361 362 363 364
    "location": {
      "path": "lib/index.js",
      "lines": {
        "begin": 42
      }
    }
  }
]
```

365
NOTE:
366 367 368
Although the Code Climate spec supports more properties, those are ignored by
GitLab.

369
## Code Quality reports
370

371
After the Code Quality job completes:
372

373 374
- Potential changes to code quality are shown directly in the merge request.
  The Code Quality widget in the merge request compares the reports from the base and head of the branch,
375
  then lists any violations that are resolved or created when the branch is merged.
376
- The full JSON report is available as a
Suzanne Selhorn's avatar
Suzanne Selhorn committed
377
  [downloadable artifact](../../../ci/pipelines/job_artifacts.md#download-job-artifacts)
378
  for the `code_quality` job.
379
- The full list of code quality violations generated by a pipeline is shown in the
380
  Code Quality tab of the Pipeline Details page. **(PREMIUM)**
381

382 383 384 385
### Generating an HTML report

In [GitLab 13.6 and later](https://gitlab.com/gitlab-org/ci-cd/codequality/-/issues/10),
it is possible to generate an HTML report file by setting the `REPORT_FORMAT`
386
CI/CD variable to `html`. This is useful if you just want to view the report in a more
387 388 389 390 391 392 393 394 395 396 397 398 399 400
human-readable format or to publish this artifact on GitLab Pages for even
easier reviewing.

```yaml
include:
  - template: Code-Quality.gitlab-ci.yml

code_quality:
  variables:
    REPORT_FORMAT: html
  artifacts:
    paths: [gl-code-quality-report.html]
```

401 402 403 404 405 406 407 408 409 410 411 412 413 414 415
It's also possible to generate both JSON and HTML report files by defining
another job and using `extends: code_quality`:

```yaml
include:
  - template: Code-Quality.gitlab-ci.yml

code_quality_html:
  extends: code_quality
  variables:
    REPORT_FORMAT: html
  artifacts:
    paths: [gl-code-quality-report.html]
```

416 417 418 419
## Extending functionality

### Using Analysis Plugins

420
Should there be a need to extend the default functionality provided by Code Quality, as stated in [Code Quality](#code-quality), [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) are available.
421 422 423 424 425 426 427 428 429 430 431 432

For example, to use the [SonarJava analyzer](https://docs.codeclimate.com/docs/sonar-java),
add a file named `.codeclimate.yml` containing the [enablement code](https://docs.codeclimate.com/docs/sonar-java#enable-the-plugin)
for the plugin to the root of your repository:

```yaml
version: "2"
plugins:
  sonar-java:
    enabled: true
```

433
This adds SonarJava to the `plugins:` section of the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template)
434 435 436
included in your project.

Changes to the `plugins:` section do not affect the `exclude_patterns` section of the
437
default `.codeclimate.yml`. See the Code Climate documentation for
438 439 440 441 442
[excluding files and folders](https://docs.codeclimate.com/docs/excluding-files-and-folders)
for more details.

Here's [an example project](https://gitlab.com/jheimbuck_gl/jh_java_example_project) that uses Code Quality with a `.codeclimate.yml` file.

443 444 445 446
## Use a Code Quality image hosted in a registry with untrusted certificates

If you set the `CODE_QUALITY_IMAGE` to an image that is hosted in a
Docker registry which uses a TLS certificate that is not trusted, such as
Evan Read's avatar
Evan Read committed
447
a self-signed certificate, you can see errors like the one below:
448 449 450 451 452 453 454 455 456 457 458

```shell
$ docker pull --quiet "$CODE_QUALITY_IMAGE"
Error response from daemon: Get https://gitlab.example.com/v2/: x509: certificate signed by unknown authority
```

To fix this, configure the Docker daemon to [trust certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates)
by putting the certificate inside of the `/etc/docker/certs.d`
directory.

This Docker daemon is exposed to the subsequent Code Quality Docker container in the
Evan Read's avatar
Evan Read committed
459
[GitLab Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.8.3-ee/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml#L41)
460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486
and should be to exposed any other containers in which you want to have
your certificate configuration apply.

### Docker

If you have access to GitLab Runner configuration, add the directory as a
[volume mount](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#volumes-in-the-runnersdocker-section). For example:

```toml
[[runners]]
  ...
  executor = "docker"
  [runners.docker]
    ...
    privileged = true
    volumes = ["/cache", "/etc/gitlab-runner/certs/gitlab.example.com.crt:/etc/docker/certs.d/gitlab.example.com/ca.crt:ro"]
```

Replace `gitlab.example.com` with the actual domain of the registry.

### Kubernetes

If you have access to GitLab Runner configuration and the Kubernetes cluster,
you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes.html#configmap-volumes):

1. Create a ConfigMap with the certificate:

Evan Read's avatar
Evan Read committed
487 488 489
   ```shell
   kubectl create configmap registry-crt --namespace gitlab-runner --from-file /etc/gitlab-runner/certs/gitlab.example.com.crt
   ```
490 491 492

1. Update GitLab Runner `config.toml` to specify the ConfigMap:

Evan Read's avatar
Evan Read committed
493 494 495 496 497 498 499 500 501 502 503 504
   ```toml
   [[runners]]
     ...
     executor = "kubernetes"
     [runners.kubernetes]
       image = "alpine:3.12"
       privileged = true
       [[runners.kubernetes.volumes.config_map]]
         name = "registry-crt"
         mount_path = "/etc/docker/certs.d/gitlab.example.com/ca.crt"
         sub_path = "gitlab.example.com.crt"
   ```
505 506 507

Replace `gitlab.example.com` with the actual domain of the registry.

508
## Troubleshooting
509

510 511 512 513 514
### Changing the default configuration has no effect

A common issue is that the terms `Code Quality` (GitLab specific) and `Code Climate`
(Engine used by GitLab) are very similar. You must add a **`.codeclimate.yml`** file
to change the default configuration, **not** a `.codequality.yml` file. If you use
515
the wrong filename, the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template)
516 517
is still used.

518
### No Code Quality report is displayed in a Merge Request
519

520
This can be due to multiple reasons:
521

522
- You just added the Code Quality job in your `.gitlab-ci.yml`. The report does not
523 524
  have anything to compare to yet, so no information can be displayed. It only displays
  after future merge requests have something to compare to.
Evan Read's avatar
Evan Read committed
525
- Your pipeline is not set to run the code quality job on your default branch. If there is no report generated from the default branch, your MR branch reports have nothing to compare to.
526
- If no [degradation or error is detected](https://docs.codeclimate.com/docs/maintainability#section-checks),
527
  nothing is displayed.
528 529
- The [`artifacts:expire_in`](../../../ci/yaml/README.md#artifactsexpire_in) CI/CD
  setting can cause the Code Quality artifact(s) to expire faster than desired.
530
- The widgets use the pipeline of the latest commit to the target branch. If commits are made to the default branch that do not run the code quality job, this may cause the Merge Request widget to have no base report for comparison.
531
- If you use the [`REPORT_STDOUT` environment variable](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables), no report file is generated and nothing displays in the merge request.
532
- Large `gl-code-quality-report.json` files (esp. >10 MB) are [known to prevent the report from being displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/2737).
533 534 535 536
  As a work-around, try removing [properties](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types)
  that are [ignored by GitLab](#implementing-a-custom-tool). You can:
  - Configure the Code Quality tool to not output those types.
  - Use `sed`, `awk` or similar commands in the `.gitlab-ci.yml` script to
537
    edit the `gl-code-quality-report.json` before the job completes.
538

539
### Only a single Code Quality report is displayed, but more are defined
540

541 542
GitLab only uses the Code Quality artifact from the latest created job (with the largest job ID).
If multiple jobs in a pipeline generate a code quality artifact, those of earlier jobs are ignored.
543
To avoid confusion, configure only one job to generate a `gl-code-quality-report.json`.
544 545 546

### Rubocop errors

Evan Read's avatar
Evan Read committed
547
When using Code Quality jobs on a Ruby project, you can encounter problems running Rubocop.
548 549 550 551 552 553 554 555 556
For example, the following error can appear when using either a very recent or very old version
of Ruby:

```plaintext
/usr/local/bundle/gems/rubocop-0.52.1/lib/rubocop/config.rb:510:in `check_target_ruby':
Unknown Ruby version 2.7 found in `.ruby-version`. (RuboCop::ValidationError)
Supported versions: 2.1, 2.2, 2.3, 2.4, 2.5
```

Evan Read's avatar
Evan Read committed
557
This is caused by the default version of Rubocop used by the check engine not covering
558
support for the Ruby version in use.
Evan Read's avatar
Evan Read committed
559 560

To use a custom version of Rubocop that
561 562 563 564
[supports the version of Ruby used by the project](https://docs.rubocop.org/rubocop/compatibility.html#support-matrix),
you can [override the configuration through a `.codeclimate.yml` file](https://docs.codeclimate.com/docs/rubocop#using-rubocops-newer-versions)
created in the project repository.

Evan Read's avatar
Evan Read committed
565
For example, to specify using Rubocop release **0.67**:
566 567 568 569 570 571 572 573

```yaml
version: "2"
plugins:
  rubocop:
    enabled: true
    channel: rubocop-0-67
```
574 575 576 577 578

### No Code Quality appears on merge requests when using custom tool

If your merge requests do not show any code quality changes when using a custom tool,
ensure that the line property is an `integer`.