Intro

Some time ago JetBrains announced the release of Qodana, the code quality platform for CI.

I decided to use it in a project I’d been working on to control and guarantee code quality.

Problem

All the documentation examples don’t imply that the project can be a sub-folder in a monorepo. My first attempt at Qodana usage failed because of that, I couldn’t build my backend and frontend that live as sub-folders in the same repo.

Eventually, I made it work, the result YAML file for GitHub Actions is below.

Solution

qodana.yml

name: "[PR] Qodana"
on:
  pull_request:
    types: [ synchronize, opened, reopened, ready_for_review ]

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

jobs:
  qodana-backend:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the project
        uses: actions/checkout@v3

      - name: Skip the backend scan
        id: skip-scan
        uses: fkirc/skip-duplicate-actions@master
        with:
          paths: '["backend/**"]'

      - name: Scan the project
        if: steps.skip-scan.outputs.should_skip != 'true'
        uses: JetBrains/qodana-action@v2022.2.2
        timeout-minutes: 20
        with:
          # https://github.com/jetbrains/qodana-cli#options-1
          args: --project-dir,backend,--baseline,qodana.sarif.json
          results-dir: ${{ runner.temp }}/qodana/results-backend
          artifact-name: qodana-report-backend
          cache-dir: ${{ runner.temp }}/qodana/caches-backend
          additional-cache-hash: ${{ github.sha }}-backend
          pr-mode: false # otherwise, it adds the --changes flag and the check fails

  qodana-frontend:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the project
        uses: actions/checkout@v3

      - name: Skip the frontend scan
        id: skip-scan
        uses: fkirc/skip-duplicate-actions@master
        with:
          paths: '["frontend/**"]'

      - name: Scan the project
        if: steps.skip-scan.outputs.should_skip != 'true'
        uses: JetBrains/qodana-action@v2022.2.2
        timeout-minutes: 5
        with:
          # https://github.com/jetbrains/qodana-cli#options-1
          args: --project-dir,frontend,--baseline,qodana.sarif.json
          results-dir: ${{ runner.temp }}/qodana/results-frontend
          artifact-name: qodana-report-frontend
          cache-dir: ${{ runner.temp }}/qodana/caches-frontend
          additional-cache-hash: ${{ github.sha }}-frontend
          pr-mode: false # otherwise, it adds the --changes flag and the check fails

Explanation

  • The action runs only for Pull Requests when they are opened, reopened, synced or marked as ready for review (draft PRs are skipped).
  • The action uses the concurrency setting to cancel previous runs when a newer version of code is pushed to the branch.
  • To understand why fkirc/skip-duplicate-actions@master is used, see Skip unnecessary builds on GitHub actions
  • --project-dir,backend & --project-dir,frontend are used to switch the Qodana project directory. In that directory I have qodana.yaml & qodana.sarif.json files.
  • --baseline,qodana.sarif.json is used to set up the baseline for the Qodana scan.
  • results-dir, artifact-name, cache-dir, and additional-cache-hash are used to add the -backend and the -frontend postfixes to separate 2 steps that are executed in the same job. Otherwise, they clash with each other.
  • pr-mode: true is the default value that adds to args --changes,--commit,CI<SHA>. However --changes raises an exception when it’s used in a sub-folder (see the found bugs). That’s the reason why pr-mode is set to false.

Found bugs

Further reading