pytest-gitlab-codequality
Advanced tools
Collects warnings while testing and generates a GitLab Codequality Report.
Pytest plugin that generates a GitLab Codequality Report file from the warnings emitted when running the tests.
| Terminal | GitLab |
|---|---|
 |  |
If you run GitLab Premium or Ultimate, you should even see the warnings right next to the code in the diff view of merge requests. The official documentation contains more information and screenshots.
Install the plugin using a package manager of your choice
pip install pytest-gitlab-codequality
then specify the output location for the report using the --gitlab-codequality-report option
pytest --gitlab-codequality-report=pytest-warnings.json
Finally, tell GitLab about them during CI
# .gitlab-ci.yml
pytest:
stage: test
image: python
script:
- pip install -r requirements.txt # Or however you install your dependencies
- python -m pytest --gitlab-codequality-report=pytest-warnings.json
# The three lines below are required in order for the warnings to show up!
artifacts:
reports:
codequality: pytest-warnings.json
Some warnings are only surfaced during runtime, so static analyzers do not always catch them. The screenshots at the top of this document contain the example of a questionably configured SQLAlchemy model. Tests are a cheap way to surface such issues.
While you may run the tests locally and see these warnings there, you also might overlook them or don't know whether they were introduced by your changes or were already present before. Either way, I think it makes sense to explicitly surface and track them during code review instead of burying them in the CI logs that nobody looks at when the tests pass. And that is exactly why this plugin was created.
FAQs
Collects warnings while testing and generates a GitLab Codequality Report.
We found that pytest-gitlab-codequality demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.