CodeQualityToGitlab 1.0.0

dotnet tool install --global CodeQualityToGitlab --version 1.0.0                
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local CodeQualityToGitlab --version 1.0.0                
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=CodeQualityToGitlab&version=1.0.0                
nuke :add-package CodeQualityToGitlab --version 1.0.0                

dotnet_gitlab_code_quality

What does it do?

Gitlabs Code Quality Issue format is different from the format used by .Net to report code quality issues (Sarif 1.0 as of the time of writing). Reporting code quality issues in Gitlab is therefore not really possible. This tool aims to rectify this problem by offering three functions:

  • Convert Microsoft Build time code quality issues into Gitlabs format
  • Convert Roslynator issues into Gitlabs format
  • Merge multiple Gitlab files into one file

Example:

I assume that you have your Project at c:\dev\myproject and you have build it, so that a codequality file exists at c:\dev\myproject\codeanalysis.sarif.json

Now we want to generate a Gitlab compatible file:

dotnet tool run cq sarif codeanalysis.sarif.json targetfile.json c:/dev

For Roslynator:

dotnet tool run cq roslynator roslynator.xml targetfile.json c:/dev

For merging:

dotnet tool run cq merge target.json source1.json source2.json

Note the third argument, it is used to report only the path relative to the repository, not the full local path. Now you can upload your file in Gitlab und you SHOULD be able to see it in the merge view Gotcha: Gitlab compares issues to the target of the merge. When there are no issues in the target branch, it will not display anything. So please run this tool on your main branch first then open a merge request to see it in the Gitlab UI.

All in one:

dotnet tool run cq transform  '**/*.sarif.json'  '**/roslynator.xml' gl-code-quality-report.json

This basically globs for the relevant files and merges them.

Gitlab Pipeline should look like this:

code_quality_job:
  image: mcr.microsoft.com/dotnet/sdk:7.0
  stage: test
  script:
    - 'dotnet build ./MySln.sln'
    - 'dotnet tool run roslynator analyze ./MySln.sln -o roslynator.xml  || true' 
    - 'dotnet tool run cq roslynator.xml gl-code-quality-report.json c:\dev'
  artifacts:
    paths:
      - roslynator.xml
      - gl-code-quality-report.json
    expose_as: 'code_quality_reports'
    reports:
      codequality: gl-code-quality-report.json
  
  rules:
    - if: $CI_MERGE_REQUEST_ID
    - if: $CI_COMMIT_REF_NAME == "release"
    - if: $CI_COMMIT_REF_NAME == "develop"
  when:
    always
  allow_failure: false

How to install?

For interactive usage

dotnet tool install --global CodeQualityToGitlab --version 0.1.1

for pipeline use a manifest:

How to contribute?

Make a PR in this repo.

Additional

While dotnet only outputs Sarif 1, other projects use Sarif 2. For convenience, this library supports both Sarif versions

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
1.0.0 72,830 1/31/2024
0.9.0 24,731 11/17/2023
0.8.0 258 11/17/2023
0.6.0 7,668 5/2/2023
0.5.0 8,427 4/2/2023
0.4.1 3,888 3/13/2023
0.4.0 245 3/13/2023
0.3.3 1,279 12/29/2022
0.3.2 309 12/29/2022
0.3.1 293 12/29/2022
0.3.0 357 12/28/2022
0.2.0 332 12/28/2022
0.1.3 8,007 12/27/2022
0.1.2 299 12/27/2022
0.1.1 965 12/27/2022
0.1.0 320 12/27/2022