How to enforce code quality gates in GitHub Actions

Sara Verdi
Sara Verdi
Graphite software engineer


Note

This guide explains this concept in vanilla Git. For Graphite documentation, see our CLI docs.


Enforcing code quality gates in your GitHub Actions workflows ensures that only code meeting specific quality standards is merged into your codebase. This guide will cover how to set up and automate quality gates, implement quality checks on pull requests, and integrate Graphite Automations to accelerate your code review workflow.

Code quality gates are predefined criteria that code must meet before it can be merged into the main branch. They help maintain a high standard of code quality, reduce bugs, and improve maintainability. Common criteria include:

  • Code coverage: Ensuring a certain percentage of code is covered by automated tests.
  • Static analysis: Running tools to identify potential code issues (e.g., linting errors, security vulnerabilities).
  • Unit tests: Verifying that existing and new code passes all relevant tests.

To enforce quality gates in GitHub Actions, follow these steps:

Create a new file in your repository under .github/workflows/quality-gate.yml. This YAML file will define the actions to run your quality checks.

Terminal
name: Quality Gate
on:
pull_request:
branches:
- main
jobs:
quality-check:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Install dependencies
run: npm install
- name: Run linting
run: npm run lint
continue-on-error: false # Fail the job if linting fails
- name: Run tests
run: npm test
continue-on-error: false # Fail the job if tests fail

In this example, the workflow is triggered on pull requests targeting the main branch. It checks out the code, sets up Node.js, installs dependencies, and runs linting and tests.

Make sure to define your linting and testing scripts in your package.json. Here’s an example:

Terminal
{
"scripts": {
"lint": "eslint .",
"test": "jest"
}
}

This configuration assumes you’re using ESLint for linting and Jest for testing. You can adjust these commands based on your project's requirements.

To enforce a code coverage gate, you can use a tool like Jest with a coverage reporter. Update your test script in package.json:

Terminal
{
"scripts": {
"lint": "eslint .",
"test": "jest --coverage"
}
}

In your GitHub Actions workflow, you can check the coverage percentage:

Terminal
- name: Check code coverage
run: |
coverage=$(cat ./coverage/coverage-summary.json | jq '.total.lines.pct')
echo "Code Coverage: $coverage%"
if (( $(echo "$coverage < 80" | bc -l) )); then
echo "Code coverage is below 80%"
exit 1
fi

This step reads the code coverage percentage from the generated report and fails the workflow if it is below the specified threshold (e.g., 80%).

Graphite Automations can significantly improve your code quality enforcement by automating code review tasks and ensuring that your team's standards are consistently applied. Here's how to incorporate Graphite Automations into your workflow:

  1. Access Graphite Automations:

    • Navigate to the Automations section in the Graphite web app's sidebar. This is where you can create and manage automation rules for your repositories.
  2. Create Automation Rules:

    • Click on "Create rule": Start setting up a new automation rule.
    • Specify the repository: Choose the repository where you want the automation to apply. Ensure it's one of your synced repositories.
    • Define filter triggers:
      • Configure conditions: Set up conditions that target pull requests (PRs) requiring code quality enforcement. You can filter based on attributes like:
        • Author: Apply rules to PRs from specific team members.
        • File paths: Use glob patterns (e.g., **/critical-module/**) to target changes in specific directories or files.
        • Labels or branch names: Trigger actions based on existing labels or branch naming conventions.
    • Set actions:
      • Add reviewers or assignees: Automatically assign code reviewers or teams to PRs that meet your criteria.
      • Add labels: Apply labels such as needs-quality-review or critical to categorize PRs for easier tracking.
      • Leave comments: Post automated comments with reminders about code quality guidelines or checklists that reviewers should follow.
      • Notify via slack: Send notifications to specific team members or channels when a PR requires immediate attention.
      • Post a GIF: Add a bit of fun to the process by posting a motivational GIF when a PR is fully approved.

By leveraging Graphite Automations, you can enforce code quality standards more effectively without manual intervention.

To test your quality gates, create a new pull request with code that violates your quality checks (e.g., introduce a linting error or reduce code coverage). The workflow should trigger automatically, and you should see the results in the pull request checks.

After setting up your quality gates, continuously monitor the results and iterate on your configuration. You can adjust thresholds for coverage, expand your linting rules, or add additional quality checks as needed.

Enforcing code quality gates in GitHub Actions is important for maintaining high standards in your codebase. By automating these checks and integrating Graphite Automations, you can streamline your development process, enhance collaboration, and ensure that only quality code is merged into your main branch.

For more information on GitHub Actions and code quality checks, you can refer to the following resources:

This setup not only ensures that your team adheres to code quality standards but also creates a more robust and maintainable codebase.

Graphite
Git stacked on GitHub

Stacked pull requests are easier to read, easier to write, and easier to manage.
Teams that stack ship better software, faster.

Or install our CLI.
Product Screenshot 1
Product Screenshot 2