Qodana 2024.3 Help

Inspect Python code

To inspect your Python codebase, depending on your Qodana license, you can employ the following linters:

Linter name

Suitable Qodana licenses

Qodana for Python

Ultimate and Ultimate Plus

Qodana Community for Python

Community

Here is the list of technologies and features supported by both linters.

Supported technologies and features

Qodana for Python

Qodana Community for Python

Python, CSS, HTML, JSON and JSON5, RELAX NG, XML, YAML, shell scripts, MongoDB, MySQL, Oracle, PostgreSQL, SQL, SQL Server, Django, Google App Engine, Jupyter, Pyramid

Baseline

Quality gate

License audit

Quick-fix

Vulnerability checker

Install project dependencies

You can install project dependencies using the bootstrap key, for example:

bootstrap: | pip install -r requirements.txt

Inspect your code

Here are several configuration snippets showing how you can inspect Python code.

  1. On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value. If you are using a Qodana Cloud instance other than https://qodana.cloud/, override it by declaring the QODANA_ENDPOINT environment variable.

  2. On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.

  3. To inspect the main and master branches, as well as release branches and the pull requests coming to your repository, save this workflow configuration to the .github/workflows/code_quality.yml file:

    name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - master # The 'master' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2024.3 env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

Here is the Jenkins Pipeline configuration.

pipeline { environment { QODANA_TOKEN=credentials('qodana-token') } agent { docker { args ''' -v "${WORKSPACE}":/data/project --entrypoint="" ''' image 'jetbrains/qodana-<python|community>:2024.3' } } stages { stage('Qodana') { steps { sh '''qodana''' } } } }

In this configuration, the environment block defines the QODANA_TOKEN variable to invoke the project token generated in Qodana Cloud and contained in the qodana-token global credentials. The project token is required by paid Qodana linters, and is optional for using the Community linters.

Qodana provides two options for local analysis of your code. Qodana CLI is the easiest option to start. Alternatively, you can use the Docker command from the Docker image tab.

Assuming that you have already installed Qodana CLI on your machine, you can run this command in the project root directory:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ -l jetbrains/qodana-<python|community>:2024.3

Here, the QODANA_TOKEN variable refers to the project token.

To start, pull the image from Docker Hub (only necessary to get the latest version):

docker pull jetbrains/qodana-<python|community>:2024.3

Start local analysis with source-directory pointing to the root of your project and QODANA_TOKEN referring to the project token:

docker run \ -v <source-directory>/:/data/project/ \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-<python|community>:2024.3
Last modified: 11 December 2024