Skip to content

Fix status desc + add report status for CodeQualityReportsComparerType

What does this MR do and why?

This merge request updates CodeQualityReportsComparerType to:

  1. Fix description of status field under report field with the correct logic behind the field.
  2. Add a new status field under codequality_reports_comparer field to represent actual report status.

What does each status field represent?

1️⃣ The first status field represent Gitlab::Ci::Reports::CodequalityReportsComparer#status method, which is used to determine the comparison status between between two codequality reports (i.e. the codequality report of the base_pipeline of a merge request, and the codequality report of the head_pipeline of the same merge request).

2️⃣ On the other hand, the second status field represent the parsing/generation status of the compared codequality report, that is, whether the report is still being parsed, or if it had finished parsing, or if the merge request has no codequality reports.

I understand there might be some confusion as both seem quite related, but they're not.

Please see the issue and this discussion for more information.

Resolves #429527 (closed).

Feature flag

Please also note that, all changes in this merge request are behind sast_reports_in_inline_diff feature flag (roll-out issue).

How to set up and validate locally

  • Enable Code Quality in one of the projects you have.
  • Create a merge request with some degraded code, e.g. Add the following code in a Ruby file:
class SomeClass
  def badName
    if something
      test
      end
  end
end
  • Wait until the Code Quality report is generated.
  • Try to load the merge request security reports via GraphQL using the query below in graphql-explorer:
query getMRCodequalityReports {
  project(fullPath: "PROJECT_FULL_PATH") {
    mergeRequest(iid: "MERGE_REQUEST_ID") {
      title
      codequalityReportsComparer {
        status
        report {
          status
          newErrors {
            description
            fingerprint
            severity
            filePath
            line
            webUrl
            engineName
          }
          resolvedErrors {
            description
            fingerprint
            severity
            filePath
            line
            webUrl
            engineName
          }
          existingErrors {
            description
            fingerprint
            severity
            filePath
            line
            webUrl
            engineName
          }
          summary {
            errored
            resolved
            total
          }
        }
      }
    }
  }
}

Do not forget to replace MERGE_REQUEST_ID with the merge request id, and PROJECT_FULL_PATH with the :namespace/:project path of your project.

  • Verify status under codequalityReportsComparer returns PARSED.
  • Verify status under report returns FAILED (to indicate codequality degradations are found).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Ahmed Hemdan

Merge request reports

Loading