GitLab's Code Quality analysis template can be a convenient tool, but the
default CodeClimate-based solution has some significant drawbacks, and was
recently deprecated. This post, part 1 of a series, explores the security,
performance, and usability issues with the default Code Quality template, and
why its deprecation not a significant loss. Future parts of this series will
explore a more flexible, more adaptable, and more capable approach.
This post describes an alternative to the built-in GitLab Code Quality duplicate
or similar code analysis, which uses Code Climate. It details four significant
issues observed with the Code Climate analysis and an assessment of alternative
tools for duplication analysis. This lead to the creation of a new project using
PMD Copy/Paste Detector (CPD)
that returns a GitLab Code Quality formatted report.
GitLab continues to migrate Static Application Security Testing (SAST) to
Semgrep, and makes this available to all GitLab tiers. This analysis only
includes the rules that GitLab manages, but there are many more available in the
Semgrep Rules project. This post
details how to combine the two to get a more comprehensive analysis.
Bin Tester v4.0.0 was released today with several noteworthy changes, including
changing the function exports, changing the argument to the test functions,
adding TypeScript type declarations, and deprecating support for Node 14 and 19.
There are some cases where the expected outcome of a CI job script is failure.
One prominent use case is the testing of tools and container images that are
intended for CI-based analyses. This post details techniques for GitLab CI
scripts that allow the job to pass when the script fails to accurately reflect
the expected result.
Google Chrome's Lighthouse tool is a great resource in the browser and has
become the standard for basic performance and best-practice metrics on websites.
While useful in the browser, a good continuous integration (CI) pipeline
includes all the testing practical to identify any issues as early as possible.
To that end, this post details how to run Lighthouse via the CLI in GitLab CI
and collect a GitLab metrics report so any changes are reported in merge
requests.
Aaron Goldenthal