Show Code Analysis in PR

Owned by Roman Stoffel
Last updated: Jun 28, 2023 by Sue Rocha
6 min read

During a project build, compilers, code linters, and other tools produce warnings, errors etc. These results are not seen by a pull request author, unless they manually inspect the build logs.
Code Review Assistant analyzes build logs and shows compiler and code analysis results right in the pull request. So the developers do not miss issues and improve the pull request before merging:

Supported CI Servers

Currently, these CI servers are supported.

  • Bamboo

  • Jenkins

  • Please, tell us if you use another CI server.

Supported Analyzers

Currently, these analyzers are supported:

Missing support for a static analyzer? Tell us the analyzer and compiler you use in your build and we can consider supporting it in the future.

Unsupported analyzers and Checkstyle output format

Using a static code analysis tool that Code Review Assistant does not support? Many tools support Checkstyle XML as the output format, e.g. with a parameter like --reporter=checkstyle.

Code Review Assistant supports Checkstyle XML, so even if a tool is not listed here, you can still use it if you print the analysis output as Checkstyle XML to the build log.

Setup with Bamboo

Initial Setup, Connecting to Bamboo (version 5.7+)

  1. Ensure you have an Application link to Bamboo

  2. Login into Bamboo with the user you want to use. The user needs ‘edit’ permission on the build plans, in order to read configuration details.

  3. Navigate to User-Avatar->Profile->Personal access token or https://{bamboo-domain}/profile/userAccessTokens.action

  4. Create a access token with the ‘same as user’ permissions:

     

  5. Go to Bitbucket: Bitbucket Administration → Code Review Assistant

  6. Add the created token to the configuration.

  7. Save the settings and a 'Authenticated’ batch status should appear.

Initial Setup, Connecting to Bamboo (version 5.0 - 5.6)

  1. Ensure you have an Application link to Bamboo

  2. Go to Bitbucket Administration → Code Review Assistant

    1. Select the Bitbucket user you are logged in as. When you select another user, a bug in these versions prevents configure that user.

    2. Click the Authentication link and grant Bitbucket to Bamboo.

    3. Save the settings.

Repo Setup: Configure Build

You must run your analyzer tools for every branch or pull request, to see analyzer results in pull requests. Enable branch builds in Bamboo like this:

  1. Go to the Build Plan Configuration → Branches

  2. Enable the option to create branch builds automatically. The best options is to create a build for each pull request. It ensures the pull request exists when the build completes:

     

  3. Save the Settings.

  4. Start adding some of the supported static analyzers to your build.

Bamboo Specs

As an alternative, configure branch builds with Bamboo Specs:

Bamboo Specs Java:

.planBranchManagement(new PlanBranchManagement() .createForPullRequest() .delete(new BranchCleanup() .whenRemovedFromRepositoryAfterDays(7) .whenInactiveInRepositoryAfterDays(14)) .notificationForCommitters() .issueLinkingEnabled(false));

Bamboo Specs YAML:

branches: create: for-pull-request delete: after-deleted-days: 7 after-inactive-days: 14 link-to-jira: true

Setup Jenkins (since version 5.6)

Initial Setup, Connecting to Bamboo (version 5.7+)

Jenkins is supported via the Bitbucket Server Integration plugin.

  1. Install the Bitbucket Server Integration in Jenkins

  2. Follow the configuration steps of the Bitbucket Server Integration, so that an application link from Bitbucket to Jenkins is established.

  3. Login into Jemkins with the you want to use.

    1. Navigate to user’s configuration: Avatar->Configure

    2. Create a new API token

  4. Go to Bitbucket Administration → Code Review Assistant

  5. Add the user and created token to the configuration:

  6. Save the settings and a 'Authenticated’ batch status should appear.

Initial Setup, Connecting to Jenkins (version 5.6)

Jenkins is supported via the Bitbucket Server Integration plugin.

  1. Install the Bitbucket Server Integration in Jenkins

  2. Follow the configuration steps of the Bitbucket Server Integration, so that an application link from Bitbucket to Jenkins is established.

  3. Go to Bitbucket Administration → Code Review Assistant

    1. Select the Bitbucket user you are logged in as. When you select another user, a bug in these versions prevents configure that user.

    2. Click the Authentication link and grant Bitbucket to Jenkins.

    3. Save the settings.

Repo Setup: Configure Build

You must run your analyzer tools for every branch or pull request, to see analyzer results in pull requests. The easiest way to do this is using a Mutlibranch Pipeline project.

  1. Create a Multibranch Pipeline project:

  2. Configure the project as you need.

  3. Enable option “Bitbucket webhook trigger”: Jenkins will create a build for each branch or pull request:

Repo Setup: Enable Analysis

  1. Go to Repository → Repository Settings → Code Review Assistant

  2. Enable the log analysis:

  3. Start adding some of the supported static analyzers to your build.

  1. Create a pull request, and the Compiler and Code Analysis results should show up.

Example for a Jenkinsfile to execute PMD:

pipeline { agent any stages { stage('pmd') { steps { sh './mvnw pmd:pmd' sh 'cat ./target/pmd.xml || echo "No PMD analytics generated"' } } } }

Add Merge Checks to Code Insights report (Optional)

  1. Go to a Pull Request within the chosen repo that contains a Code Insights report.
    Find it next to this icon on the right hand side of the Pull Request.

  2. Click on it and the CRA report will open up and contain a Report Key.
    Copy your report key.

  3. Now go to Repository → Repository Settings → Code Insights

  4. Paste your report key under Required report .

  5. Configure Required status and Annotation requirements.

  6. Click Add and the merge check is now been added to the Code Insights report. The Pull Request will be prevented from being merged because of the present annotations.

Run Static Code Analysis tools on changed files only (Optional)

For each static code analysis tool, you need to configure which files should be analyzed.

Often, these tools support file globs like **/*.js. While this works, it is not as efficient as it could be, because only the changed files of a pull request diff require an analysis.

To only analyze changed files, fetch the diff of the pull request from Bitbucket’s REST API during your CI build, and pass the changed files paths to your analyzer.

Here’s an example for Bamboo and PHP (the script requires jq - the JSON processor):

  • Line 3 - 6: fetches the diff of the pull request from the /changes Bitbucket endpoint

    • Replace BITBUCKET_ACCESS_TOKEN with your HTTP access token for this repo/project

    • Replace BITBUCKET_URL, PROJECT_KEY and REPO_SLUG with your actual values

    • Filters *.php files to only pass them to the PHP static analyzer

  • Line 7: calls the PHP static analyzer with the list of the changed PHP files only

The branches option “When a pull request is created“ must be enabled (see image below) to get the PR ID in a Bamboo build plan.

For Jenkins, env.CHANGE_ID can be used to get the PR ID within a Jenkinsfile.