Enabling Code coverage will show you coverage metrics like Line Coverage, Branch Coverage, Condition Coverage, and, Composite Coverage. The Analyzer also looks at lines of code that were never executed by any tests and raises actionable issues for them.

This section covers steps to get started with the test-coverage Analyzer. Please make sure to read the general configuration guide first.

Configuration - .deepsource.toml

To enable the Test coverage Analyzer, make sure you have it enabled in your .deepsource.toml configuration file. This can be done by adding the following entry:

[[analyzers]]
name = "test-coverage"
enabled = true

Setup Test Coverage

The analysis begins as soon as the Analyzer receives a valid coverage report. To do this, you can hook up the DeepSource CLI with your test CI and send the coverage report as soon as the tests finishes.

Set up DEEPSOURCE_DSN environment variable

DSN is used to associate the coverage artifact to the repository. This needs to be configured before sending a coverage artifact for analysis.

To look up the DSN:

  • Go to the Settings page of the repository dashboard in DeepSource
  • Go to the Code Coverage Section
  • Click on Copy button to copy your DSN.

Once you get the DSN, please make sure you store it as an environment variable named DEEPSOURCE_DSN in your CI’s environment.

Installing DeepSource CLI in your CI enviroment

curl https://deepsource.com/cli | sh

This command will create a bin directory in the command’s current working directory($PWD/$0). deepsource executable will be present inside bin. We would use this executable for our CLI to DeepSource from now.

Reporting coverage artifact using the cli

This is the final step. Once you have the Test coverage reports generated. You can send it to DeepSource using the CLI.

Here’s how the command looks like:

./bin/deepsource report --analyzer test-coverage --key <key> --value-file <absolute-path-of-the-coverage report>

In the above command, <key> is the language for which you’d be sending the coverage report.

  • List of supported languages and coverage formats can be found here.
  • Please refer ‘report’ command of CLI documentation if you want to read more on the command usage.

Please make sure you always run the above cli report command from the root of your repo. This will make sure that the filepaths in the test reports are handled to take care directories from your CI if they are present.

Failing to do that might result in issues not getting raised for your project. You’d still be able to see the metrics.

The maximum allowed size for the coverage report file is 20 MB.

Submitting Multiple coverage reports

DeepSource supports merging coverage reports implicitly. If you have multiple CI pipelines generating partial coverage reports, send them as soon as they are generated under the same key name. DeepSource will combine all of them to prepare a final result. For example, if two CI pipelines test platform-specific parts of a module, you can report both the artifacts, and DeepSource will implicitly combine the results of the reports.

You’ll notice a newly updated check every time you submit a new artifact. There’s no time limit for sending multiple coverage reports.

The JaCoCo and Clover coverage formats report metrics for individual methods and may not contain data about the individual covered lines in the methods.

For such cases, DeepSource uses a max operation on the reported metrics to calculate the aggregate report. So if parts of certain methods are covered in different coverage reports, the reported line coverage for that method may be lower than the actual line coverage.

For example, if one report covers the top 25% lines for a method, and another report covers the bottom 25% lines for the same method, since there is no way of knowing if both the lines in the reports are different, DeepSource will report the coverage to be 25% even though it might be 50%. This is only a limitation for JaCoCo and Clover coverage formats at the moment.

Reporting coverage from tests running in Docker container

Running tests inside a Docker container is a widely used practice in the software development community since it provides a consistent environment to run the application.

But, at the same time it also adds isolation and therefore, the test coverage reports generated inside the container are not accessible to the outside environment i.e. the CI systems on which the testing pipeline is running.

However, the following two methods can be used to report the test coverage data to DeepSource.

Inside the Docker container

For reporting test coverage to DeepSource from inside the container which runs tests, just pass some environment variables to the container using the --env/-e flag.

docker run -e DEEPSOURCE_DSN -e GITHUB_ACTIONS -e GITHUB_REF -e GITHUB_SHA ...

docker run -e DEEPSOURCE_DSN -e USER -e TRAVIS_PULL_REQUEST_SHA ...

# Export the latest git commit hash as an environment variable
export GIT_COMMIT_SHA=$(git --no-pager rev-parse HEAD | tr -d '\n')

# Pass the exported environment variable to the container in which tests
# need to be run
docker run -e DEEPSOURCE_DSN -e GIT_COMMIT_SHA ...

Outside the Docker container

The test coverage report can also be reported by copying it from the Docker container in which tests are run to a shared directory which the host can also access.

# Creating a directory to store test coverage data in the host
# This directory will be mounted in the docker container as well
mkdir shared_coverage

# Run the Docker container which runs tests
# The `-v` flag sets up a bindmount volume that links the ~/coverage directory
# from inside the container to the ~/shared_coverage directory on the host machine.
docker run --name=test -v "~/shared_coverage:$HOME/coverage" ...

# Report the test coverage report stored in the shared directory to DeepSource
./bin/deepsource report --analyzer test-coverage --key python --value-file
./shared_coverage/coverage.xml

In the Dockerfile of the container which runs test, make sure that the generated test coverage report is moved to the shared directory.

# In the container Dockerfile
mv coverage.xml ~/coverage

Automating Test Coverage Tracking with CI

If you’re using a CI to run your tests, the recommended way to use the Test Coverage Analyzer is by automating the coverage reporting from your CI. This should be done in the scripts that are running your tests.

These are the things that you’d need to take care of:

  1. Enable the test-coverage Analyzer in your repository’s .deepsource.toml file.
  2. Make sure that your CI is checking out the same commit and not making a merge commit. Failing to do this would cause the coverage report to be associated with the merge commit, and DeepSource would never pick it up for a run.
  3. Install the DeepSource CLI. This would be needed to report the coverage artifact.
  4. DeepSource DSN for the repository. This is needed to identify the repository for which the coverage report is being sent. The CLI looks for the DSN

Do not add the DEEPSOURCE_DSN variable as part of any publicly visible configuration file. It contains sensitive information.

The sections below contain boilerplate config for different CI providers. Please refer to the CLI installation section to learn more about the CLI’s report command used in the examples.

With Travis CI

  1. On Travis CI, go to Settings > Environment Variables and add a DEEPSOURCE_DSN environment variable with the DSN copied above as its value.

  2. Add this to .travis.yml:

    after_success:
  # Phase: Tests have finished and a test coverage report is available

  # Install the deepsource CLI
  - curl https://deepsource.io/cli | sh

  # From the root directory, run the report coverage command
  - ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

With Circle CI

  1. On Circle CI, go to Settings > Environment Variables and add a DEEPSOURCE_DSN environment variable with the DSN copied above as its value.

  2. Add the following step in .circleci/config.yml:

    - run:
  name: Report results to DeepSource
  command: |
    # Tests have finished and a test coverage report is available

    # Install the deepsource CLI
    curl https://deepsource.io/cli | sh

    # From the root directory, run the report coverage command
    ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

With GitHub Actions

  1. On GitHub, navigate to the main page of the repository. Under your repository name, click “Settings”. In the left sidebar, click Secrets.

    • Type DEEPSOURCE_DSN in the “Name” input box.
    • Add the value copied above.

  2. When you checkout code, ensure that you use pull request HEAD commit instead of merge commit:

    GitHub actions make a merge commit during checkout unless it is asked not to do it. If you’re using GitHub actions, please make sure you make the following change in your checkout action.

      - uses: actions/checkout@v3
    with:
      ref: ${{ github.event.pull_request.head.sha }}

  3. Add the following step in .github/workflows/main.yml:

  - name: Report results to DeepSource
    run: |
    # Tests have finished and a test coverage report is available

    # Install deepsource CLI
      curl https://deepsource.io/cli | sh

    # From the root directory, run the report coverage command
      ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

    env:
      DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}

With GitHub Actions CI using OIDC

You can also use OIDC to authenticate and send the coverage report to DeepSource, without using the DSN. Here are the steps to do that:

  1. Make sure your GitHub Actions workflow is not making a merge commit during checkout. You can do this by using the ref input in the actions/checkout step:
- uses: actions/checkout@v3
  with:
    ref: ${{ github.event.pull_request.head.sha }}
  1. Add required permission to get the OIDC token in your workflow:
permissions:
  id-token: write  # Required to get the OIDC token

Reference: GitHub Actions permissions

  1. Pass --use-oidc flag to the deepsource report command while sending the coverage report:

This will use the workflow’s OIDC token to get a temporary DSN for the repository and send the coverage report to DeepSource.

  - name: Report results to DeepSource
    run: |
    # Tests have finished and a test coverage report is available

    # Install deepsource CLI
      curl https://deepsource.io/cli | sh

    # From the root directory, run the report coverage command
      ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report --use-oidc

With GitLab CI

  1. Navigate to the project page of the repository on GitLab. Under project settings, in the sidebar, click on “CI/CD”. Expand the variable section, and add the following:

    • Type: “Variable”`
    • Key: DEEPSOURCE_DSN
    • Value: The DSN value copied above
    • State: Protected (Yes)
    • Masked: Yes
    • Scope: All Environments

  2. Add the following under the test job in .gitlab-ci.yml:

    test:
  script:
    # Tests have finished and a test coverage report is available

    # Install deepsource CLI
    - curl https://deepsource.io/cli | sh

    # From the root directory, run the report coverage command
    - ./bin/deepsource report --analyzer test-coverage --key python --value file ./path/to/report

With Heroku CI

  1. Navigate to the app’s Settings tab in the Heroku Dashboard and then add the Config Variables:

    • KEY: DEEPSOURCE_DSN
    • VALUE: The DSN value copied above

  2. Run the following commands:

    # Tests have finished and a test coverage report is available

# Install deepsource CLI
- curl https://deepsource.io/cli | sh

# From the root directory, run the report coverage command for DeepSource to analyze it
- ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

With Azure Pipelines

  1. Set a secret variable for the repository’s DSN to be used in the pipeline.

    • Name: DEEPSOURCE_DSN
    • Value: The DSN value for your repository on DeepSource

  2. Add the following script in the pipeline(s) running tests for the repository:

    # Add this after the script to run tests, which also generates a coverage report
- script: |
  # Install deepsource CLI
  curl -sSL https://deepsource.io/cli | sh

  # From the root directory, run the report coverage command for DeepSource to analyze it
  ./bin/deepsource report --analyzer test-coverage --value-file ./path/to/report

displayName: "Report coverage results to DeepSource"
env:
DEEPSOURCE_DSN: $(DEEPSOURCE_DSN)

In case of pull requests, Azure DevOps can make a merge commit that doesn’t belong to the Repo’s actual GIT tree. You can let DeepSource know about the correct commit OID of PR it should associate the coverage report to by setting the following environment variable.

env:
GIT_COMMIT_SHA: $(System.PullRequest.SourceCommitId)