[DEPRECATED] GitHub Pull Requests

If you have our GitHub PR integration enabled, when opening up a pull request, we'll run our 10-point maintainability assessment and post a status update in GitHub notifying you of any new code quality issues that have been introduced.

Once you've setup test coverage reporting, you can use our test coverage statuses to ensure that all PRs meet your team's specific coverage standards.

In addition to our in-house maintainability checks, you can optionally enable open source plugins to run checks against your code.

Our browser extension ensures code quality and test coverage data is constantly visible throughout your development workflow, so your team can get, discuss, and act on all of this information without leaving GitHub. By clicking over to Files Changed in GitHub, you'll be able to view the static analysis and test coverage results right in-line.

Teams should use their judgment to validate and invalidate issues found by Code Climate. For these cases, Code Climate allows developers to mark any issue with one of 3 different statuses:

  • confirmed - a legitimate issue that should be addressed
  • invalid - is a false-positive
  • wontfix - a legitimate issue, but it does not need to be addressed at this time

For more information on changing issue statuses, please see this doc.

Ineligible Pull Requests

Though we hope to expand our pull request integration in the future, note that we currently do NOT support:

  • Pull requests against branches other than your default branch.
  • Pull requests from repositories not hosted on GitHub.com. Our PR integration currently does not support pull requests from SCM's such as Bitbucket or GitHub Enterprise.
  • For PR integration with on-prem SCM's, check out Code Climate: Enterprise.

Show me how

  1. From your Dashboard, mouse over the repository's name and click Settings.
  1. Select the Integrations tab.
  2. Next to GitHub Pull Requests, click Edit.
  1. In a different browser window/tab, browse to GitHub.

Ensure you are logged into GitHub as a user that has access and sufficient privileges to the repository.

  1. Install Code Climate's webhook. This hook is what notifies Code Climate to automatically run a new analysis whenever you perform various operations in GitHub, such as push a new commit to your default branch or open a pull request.
  2. In GitHub, go to your repo's Settings > Webhooks.
  3. Add a webhook to send an event to Code Climate each time you open a PR. The webhook URL will be https://codeclimate.com/webhooks. Note: make sure Send me everything is selected:
  1. Next, in order for Code Climate to have the appropriate permissions to interact with your pull requests, a GitHub OAuth token must be generated. Start by browsing to: https://github.com/settings/tokens
  2. In GitHub, click Generate new token.

Note: GitHub may prompt for your password before allowing you to proceed.

  1. Name the token (anything you like, as long as no other GitHub token currently shares this name). Ensure that the repo:status scope is checked.. Click Generate token.
  1. Click the "copy to clipboard" button.
  1. Return to the Code Climate page you browsed to in Step 3. Paste the token into the OAuth Token text box. Ensure the page's other checkboxes are enabled.
  1. Click Save.
  2. To verify the GitHub data is valid, click Test Service (this will post a test issue to your repository). If a green message appears at the top of the screen, all is well. If a red error message is displayed, see Troubleshooting below.

Troubleshooting

If you are seeing a red error message after clicking Test Service:

  • Ensure there are no leading or trailing spaces around the token that you provided to Code Climate.
  • Ensure you generated the token as a GitHub user that has access to the repository. If you have multiple GitHub users, double-check that you're logged into GitHub as the appropriate user.
  1. Once the PR integration is enabled, our test coverage statuses will be enabled by default. However, you'll need to configure test coverage in order to see those statuses populate.

Does Code Climate require Read/Write access to my GitHub repositories?

Though optional, there are a number of benefits to providing Code Climate with read/write access to your repositories. These benefits include the ability to:

In short, this is the best overall Code Climate experience and the one that we recommend.

However, if this is not an option for you, it's possible to limit Code Climate to having read-only access. Keep in mind that there are a few extra setup steps to configure this, as described below. In addition, you will unfortunately not be able to use all of our features -- this is not by design but is primarily a result of the way GitHub permissions are handled.

GitHub Linking

When signing up for Code Climate, you have the option of creating either a GitHub-linked user or a stand-alone user. Since GitHub-linking automatically grants us the Repositories permission in GitHub, if you're looking to restrict Code Climate to read-only access, you'll want to skip linking and instead create a stand-alone Code Climate user by not authenticating with GitHub.

Are you already GitHub-linked? If so, you can remove this link at anytime.

SSH Keys

There are two different ways to add a private repository to Code Climate. To limit us to having read-only access, ensure you use the method which requires manually entering the repository's URI. During this process, you'll be prompted to handle an SSH key. If you add our public key directly to the repository in GitHub, that will grant Code Climate read/write access. To instead grant us read-only access, add the key to a GitHub machine user that has read-only access to the repository. Doing so will, in turn, restrict Code Climate to having read-only access.

Note: Machine users can only be created on GitHub organization accounts, not on GitHub user accounts (what's the difference?). This, unfortunately, means that if your repository is owned by a user account in GitHub, it's not possible to limit Code Climate's access to being read-only.

GitHub Integrations

We have two GitHub integrations: one for GitHub pull requests and another for GitHub Issues. Since both integrations require you to create a GitHub personal access token, ensure that the token does not have read/write access:

  • GitHub Pull Requests: The token should be generated by any user that has GitHub permissions to access the repository (it is not necessary to generate the token as a GitHub machine user). When generating the token, ensure that only the repo:status scope is selected.

  • GitHub Issues: The token should be generated by a GitHub machine user that has read-only access to the repository. When generating the token, ensure the repo scope is selected.

[DEPRECATED] GitHub Pull Requests