Code coverage

This page covers CI-specific configuration for reporting test coverage to DeepSource. For initial setup steps, see the Track code coverage getting-started guide.

Reporting coverage from tests running in Docker container

Running tests inside a Docker container is a widely used practice in the software development community since it provides a consistent environment to run the application.

But, at the same time it also adds isolation and therefore, the test coverage reports generated inside the container are not accessible to the outside environment i.e. the CI systems on which the testing pipeline is running.

However, the following two methods can be used to report the test coverage data to DeepSource.

Inside the Docker container

For reporting test coverage to DeepSource from inside the container which runs tests, just pass some environment variables to the container using the --env/-e flag.

docker run -e DEEPSOURCE_DSN -e GITHUB_ACTIONS -e GITHUB_REF -e GITHUB_SHA ...

docker run -e DEEPSOURCE_DSN -e USER -e TRAVIS_PULL_REQUEST_SHA ...

# Export the latest git commit hash as an environment variable
export GIT_COMMIT_SHA=$(git --no-pager rev-parse HEAD | tr -d '\n')

# Pass the exported environment variable to the container in which tests
# need to be run
docker run -e DEEPSOURCE_DSN -e GIT_COMMIT_SHA ...

Outside the Docker container

The test coverage report can also be reported by copying it from the Docker container in which tests are run to a shared directory which the host can also access.

# Creating a directory to store test coverage data in the host
# This directory will be mounted in the docker container as well
mkdir shared_coverage

# Run the Docker container which runs tests
# The `-v` flag sets up a bindmount volume that links the ~/coverage directory
# from inside the container to the ~/shared_coverage directory on the host machine.
docker run --name=test -v "~/shared_coverage:$HOME/coverage" ...

# Report the test coverage report stored in the shared directory to DeepSource
./bin/deepsource report --analyzer test-coverage --key python --value-file
./shared_coverage/coverage.xml

In the Dockerfile of the container which runs test, make sure that the generated test coverage report is moved to the shared directory.

# In the container Dockerfile
mv coverage.xml ~/coverage

Automating Test Coverage Tracking with CI

If you're using a CI to run your tests, the recommended way to use the Test Coverage Analyzer is by automating the coverage reporting from your CI. This should be done in the scripts that are running your tests.

These are the things that you'd need to take care of:

1. Enable the test-coverage Analyzer in your repository settings (or in your .deepsource.toml file).
2. Make sure that your CI is checking out the same commit and not making a merge commit. Failing to do this would cause the coverage report to be associated with the merge commit, and DeepSource would never pick it up for a run.
3. Install the DeepSource CLI. This would be needed to report the coverage artifact.
4. DeepSource DSN for the repository. This is needed to identify the repository for which the coverage report is being sent. The CLI looks for the DSN

The sections below contain boilerplate config for different CI providers. Please refer to the CLI documentation to learn more about the CLI's report command used in the examples.

With Travis CI

1. On Travis CI, go to Settings > Environment Variables and add a DEEPSOURCE_DSN environment variable with the DSN copied above as its value.

2. Add this to .travis.yml:

   after_success:
     # Phase: Tests have finished and a test coverage report is available
   
     # Install the deepsource CLI
     - curl https://deepsource.io/cli | sh
   
     # From the root directory, run the report coverage command
     - ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

With Circle CI

1. On Circle CI, go to Settings > Environment Variables and add a DEEPSOURCE_DSN environment variable with the DSN copied above as its value.

2. Add the following step in .circleci/config.yml:

   - run:
     name: Report results to DeepSource
     command: |
       # Tests have finished and a test coverage report is available
   
       # Install the deepsource CLI
       curl https://deepsource.io/cli | sh
   
       # From the root directory, run the report coverage command
       ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

With GitHub Actions

1. On GitHub, navigate to the main page of the repository. Under your repository name, click "Settings". In the left sidebar, click Secrets.

   • Type DEEPSOURCE_DSN in the "Name" input box.
   • Add the value copied above.

2. When you checkout code, ensure that you use pull request HEAD commit instead of merge commit:

   GitHub actions make a merge commit during checkout unless it is asked not to do it. If you're using GitHub actions, please make sure you make the following change in your checkout action.

     - uses: actions/checkout@v3
       with:
         ref: ${{ github.event.pull_request.head.sha }}

3. Add the following step in .github/workflows/main.yml:

  - name: Report results to DeepSource
    run: |
    # Tests have finished and a test coverage report is available

    # Install deepsource CLI
      curl https://deepsource.io/cli | sh

    # From the root directory, run the report coverage command
      ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

    env:
      DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}

With GitHub Actions CI using OIDC

You can also use OIDC to authenticate and send the coverage report to DeepSource, without using the DSN. Here are the steps to do that:

1. Make sure your GitHub Actions workflow is not making a merge commit during checkout. You can do this by using the ref input in the actions/checkout step:

- uses: actions/checkout@v3
  with:
    ref: ${{ github.event.pull_request.head.sha }}

2. Add required permission to get the OIDC token in your workflow:

permissions:
  id-token: write  # Required to get the OIDC token

Reference: GitHub Actions permissions

3. Pass --use-oidc flag to the deepsource report command while sending the coverage report:

This will use the workflow's OIDC token to get a temporary DSN for the repository and send the coverage report to DeepSource.

  - name: Report results to DeepSource
    run: |
    # Tests have finished and a test coverage report is available

    # Install deepsource CLI
      curl https://deepsource.io/cli | sh

    # From the root directory, run the report coverage command
      ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report --use-oidc

With GitLab CI

1. Navigate to the project page of the repository on GitLab. Under project settings, in the sidebar, click on "CI/CD". Expand the variable section, and add the following:

   • Type: "Variable"`
   • Key: DEEPSOURCE_DSN
   • Value: The DSN value copied above
   • State: Protected (Yes)
   • Masked: Yes
   • Scope: All Environments

2. Add the following under the test job in .gitlab-ci.yml:

   test:
     script:
       # Tests have finished and a test coverage report is available
   
       # Install deepsource CLI
       - curl https://deepsource.io/cli | sh
   
       # From the root directory, run the report coverage command
       - ./bin/deepsource report --analyzer test-coverage --key python --value file ./path/to/report

With Heroku CI

1. Navigate to the app's Settings tab in the Heroku Dashboard and then add the Config Variables:

   • KEY: DEEPSOURCE_DSN
   • VALUE: The DSN value copied above

2. Run the following commands:

   # Tests have finished and a test coverage report is available
   
   # Install deepsource CLI
   - curl https://deepsource.io/cli | sh
   
   # From the root directory, run the report coverage command for DeepSource to analyze it
   - ./bin/deepsource report --analyzer test-coverage --key python --value-file ./path/to/report

With Azure Pipelines

1. Set a secret variable for the repository's DSN to be used in the pipeline.

   • Name: DEEPSOURCE_DSN
   • Value: The DSN value for your repository on DeepSource

2. Add the following script in the pipeline(s) running tests for the repository:

   # Add this after the script to run tests, which also generates a coverage report
   - script: |
     # Install deepsource CLI
     curl -sSL https://deepsource.io/cli | sh
   
     # From the root directory, run the report coverage command for DeepSource to analyze it
     ./bin/deepsource report --analyzer test-coverage --value-file ./path/to/report
   
   displayName: "Report coverage results to DeepSource"
   env:
   DEEPSOURCE_DSN: $(DEEPSOURCE_DSN)

env:
GIT_COMMIT_SHA: $(System.PullRequest.SourceCommitId)

Submitting Multiple coverage reports

DeepSource supports merging coverage reports implicitly. If you have multiple CI pipelines generating partial coverage reports, send them as soon as they are generated under the same key name. DeepSource will combine all of them to prepare a final result. For example, if two CI pipelines test platform-specific parts of a module, you can report both the artifacts, and DeepSource will implicitly combine the results of the reports.

You'll notice a newly updated check every time you submit a new artifact. There's no time limit for sending multiple coverage reports.