Automated Code Review / Codeql / lgtm.com

Couple of days back, during one of my morning reading sessions, came across codeql, seemed an interesting query language! From there, somehow landed onto lgtm.com. This tool integrates code review in the PR process. Good to keep this tool in your back pocket and see if it can be integrated for automated code review or in the build / deployment pipeline down the line. It somehow seems suitable for home-grown / small projects but could be just my opinion. This blog is just a first attempt at the tool.

I created a basic console app and pushed it up to a github repository:

Once the code is in the repo, enter the Github public repository Url in the lgtm dashboard and click follow:

Note: First time, I used my github account to login and gave lgtm access to my github account and your github repository must be public to perform lgtm analysis!

After build and analysis is over,  get an email about the analysis:

Since I added a few dubious lines, I want to check if they are captured in the analysis and see the following:

Futile Conditional:

If-statement with an empty then-branch and no else-branch.

There is a query console too where you can fire queries:

Query result:

There are a lot of query examples based on which you can write your own queries:

You can enable PR review on a repo:

For automated code review to happen, give lgtm the permission to the repo:

Provide access in GITHUB:

PR review enabled:

Create a pr with fix for the issues raised by lgtm:

lgtm fires its code analysis on the new pr and can be seen in github:

Once analysis is over, can check the results:

Now, ready to merge my new branch to main:

Nice history in Github after merge:

Get an email with the details of the commit and subsequent result with lgtm url:

If you click the lgtm link, you should see the details of the pr changes:

I couldn't see the analysis fire again but so good so far!