Early Access Program for Qodana, a New Static Analysis and Quality Management Tool by JetBrains, Is Open
“We must run as fast as we can, just to stay in place” – Lewis Carroll
Qodana is a new product from JetBrains that brings the “smarts” of JetBrains IDEs directly into your CI Pipeline.
PhpStorm and our other JetBrains IDEs are renowned for their ability to understand your code. They can track declarations, check references and types, and collect possible execution paths. Thanks to all this static analysis, you are able to rename and move things around safely, get appropriate code completion, or be warned with a message saying “hey, this won’t run” from the code inspection as you are editing your code.
Having all this while you are working in the editor is extremely helpful, but modern CI-centric workflows require having a reliable quality gate in your build pipeline. The multitude of tools being actively developed and used clearly support this statement.
It was technically possible to run JetBrains IDE inspections for the whole project in headless batch mode well before the CI era. However, integrating an IDE into the CI pipeline as a typical linter proved difficult. Our users have been requesting help in this area for quite some time and have actively tried to implement solutions themselves, and some have even published custom images in Docker Hub to help the community. It was hard to address many of the problems without full access to the IDE codebase, and the practice also raised some legal concerns because the IDE licenses did not explicitly allow such usage.
Qodana is the solution
Qodana comprises two main parts: a nicely packaged GUI-less IntelliJ IDEA engine tailored for use in a CI pipeline as a typical “linter” tool, and an interactive web-based reporting UI.
It makes it easy to set up workflows to get an overview of the project quality, set quality targets, and track progress on them. You can quickly adjust the list of checks applied for the project and include or remove directories from the analysis.
The example above shows how to exclude a source directory or inspection category from the analysis. Another way to configure this is to use the
qodana.yaml file. See the details in our user guide.
Demo of popular projects
We’ve created a playground for you to see Qodana in action for popular projects: Laravel, Doctrine ORM, PHPUnit, and WordPress. Although the code in these projects may run on millions of machines daily, with the help of Qodana you can easily see what can be improved. It doesn’t mean that the code is bad, it just means that the technologies are evolving, the surroundings are changing, and we need to keep up.
In the example report above that was run on WordPress, you can see that there are 99 cases in 34 files where regular expressions can be simplified. You can click Open in IDE and apply quick-fixes to these regular expressions. As a result, the next developer who works with these files will be able to spend less time trying to work out why this
\> symbol is included and whether it is redundant or not.
To open the sandbox playground use the following link https://qodana.beta.teamcity.com/ and select the Login as guest option to explore the UI integrated into the JetBrains cloud CI, TeamCity. You can use the Qodana tab to see what problems it found, browse the list of inspections that it ran, and try out the different options for yourself. Once you have an idea of how it works and what you can do with it, then it’s time to take the next step and try Qodana on your own project.
Using Qodana on your project
Qodana is packed into a ready-to-use Docker image. You can run it:
- By manually invoking it on your projects.
- By integrating it into your CI gateway.
- Using GitHub Actions.
- On JetBrains TeamCity standalone and Cloud.
Pull the image from Docker Hub:
docker pull jetbrains/qodana
Run the command below, replacing source-folder with your project’s root path and open the URL printed in the command line output to view the report.
docker run -it -v <source-folder>/:/data/project/ \ -p 8080:8080 jetbrains/qodana --show-report
Qodana can run on any CI tool, but for simplicity let’s take a look at how you can use it with GitHub Actions.
The user guide describes a simple, fully functional GitHub Actions workflow that uses the Docker image. Integration into other CIs can be achieved in a similar manner. You can control the execution by providing conditions via
qodana.yaml and pass the results in JSON format to further steps in your pipeline.
If you have your own installation of TeamCity, you can install the Qodana plugin from JetBrains Marketplace. After extending your build with Qodana, you’ll get the following capabilities:
- An interactive report in a separate build tab.
- Compare problems and checks applied between builds.
- Report discovered problems as standard TeamCity tests so that you can assign investigations to the responsible team members.
- Use flexible build failure conditions.
- View aggregate statistics for static code analysis metrics.
The screenshot above shows a report for failed inspections grouped by type. In this example, 17 problems related to PhpHierarchyChecksInpections were grouped together. You can also choose grouping by file or module, or create a separate assignable failed “test” for every problem that is found.
Read more about the Qodana TeamCity plugin in the user guide.
If you don’t have TeamCity yet but would like to give it a try, you can quickly and easily create a TeamCity Cloud instance. Once you’ve done that, contact us at email@example.com and we will install the latest version of the Qodana plugin in your instance.
We are working on a public roadmap to let you see in advance where things are going. Right now we’re working on polishing all the features described above and developing many more, for example, revision/branch comparison, high-level quality targets, an inspection profile exchange, cross-project analysis for code duplication, third-party license monitoring, and security checks including taint analysis.
Try it now
JetBrains Qodana is now available under an Early Access Program (EAP). During the EAP users will have full access to Qodana Docker, Qodana TeamCity Plugin, and Qodana GitHub Application free of charge. While we try to keep EAP releases stable, they have not undergone the same degree of testing as a full public release. There can be flaws and there will be rapidly evolving changes in the UI and configurations.
Detailed instructions on how to start using Qodana are available in our documentation. We will be grateful for any feedback, and any ideas are welcome! Contact us at firstname.lastname@example.org or via our issue tracker.