shields icon indicating copy to clipboard operation
shields copied to clipboard
verified publisher icon badges

Code Climate is now "Qlty Cloud" (qlty.sh)

Open bkdotcom opened this issue 5 months ago • 10 comments

📋 Description

Appears Code Climate has rebranded.

Their New URL is now https://qlty.sh

Example Badges:
Maintainability https://qlty.sh/gh/USERNAME/projects/PROJECTNAME/maintainability.svg Code Coverage: https://qlty.sh/gh/USERNAME/projects/PROJECTNAME/coverage.svg

not sure if the api / means of progmatically getting the values for the badges has changed

🔗 Data

  • https://docs.qlty.sh/api-reference/api-overview/introduction
  • https://docs.qlty.sh/api-reference/initial-api-endpoints/metrics/get-project-metrics

🎤 Motivation

Code Climate is/was a popular analysis service currently supported by shields.io

bkdotcom avatar Jul 05 '25 14:07 bkdotcom

official announcement for the change

As for the API, it seems to differ from existing code and requires us to contact qlty for authenticate tokens as well.

I sent them a message and will update as things progress.

jNullj avatar Jul 05 '25 20:07 jNullj

The existing CodeClimate badges do appear to still be working

- https://img.shields.io/codeclimate/coverage/codeclimate/codeclimate

I think one thing to consider here is whether existing projects will be automatically migrated over.

If its a straight migration and we could keep all the existing badges with a switch to a new API, then you can view qlty as a replacement for CodeClimate.

If existing/legacy projects haven't been migrated over (i.e: I can't just replace my API call to https://api.codeclimate.com/v1/repos?github_slug=codeclimate%2Fcodeclimate with a call to Qlty and get the same results back) then I'd be inclined to just see these as two different services, in which case..

  • Maybe make new badges for Qlty (if they have a sufficiently stable API and offer a decent rate limit, etc). Consider it on its own merits
  • Keep the existing CodeClimate badges for as long as they work and retire them if and when the API shuts down

Couple of bits that jump out to me here on rate limits...

Firstly, https://docs.qlty.sh/api-reference/api-overview/introduction#rate-limiting says

The rate limit is 1,000 requests per hour per workspace

I don't really know what "per workspace" means here, but I wonder if this indicates that an API key only lets you see data related to your own account i.e: there's no public data on offer?

Secondly, using data from https://metrics.shields.io/d/aESRBSjmz/services in the last hour (today is a Sunday) we processed 416 requests at the origin for CodeClimate badges. The CodeClimate badges require 2 API calls to get all the data so we probably did 832 requests to CodeClimate's API in the last hour at a non-peak time.

chris48s avatar Jul 06 '25 09:07 chris48s

Just an update. I contacted Qlty they pointed me at the right place to ask for an API key. I sent a mail with some details and questions.

Will update once we have an answer to one of the questions mentioned here.

jNullj avatar Jul 08 '25 19:07 jNullj

Hello! I'm the CEO of Qlty and happy to help with this.

I am actually wondering if we might be able to simplify and sidestep the API entirely. Right now we render public SVG and PNG badges at predictable URLs. If we exposed the same data powering the badge as JSON (without an API access key, for public repos only), would that provide what you need?

e.g. https://qlty.sh/gh/USERNAME/projects/PROJECTNAME/coverage.json

brynary avatar Jul 08 '25 20:07 brynary

I don't think that should be an issue on it's own, but I would like to also hear opinion one of our senior devs as I don't think i saw something similar done in the past. I also have two questions:

  • Will that path stay open in the long term? We don't want to add a badge with an API that might be short lived.
  • Will we be able to call it without being blocked by some kind of rate limit? maybe some protection service like cloudflare not take our requests kindly.

Here is an example from ruby-oauth/oauth2:

https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg test https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.json At the moment not exposed

https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/coverage.svg test https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/coverage.json At the moment not exposed

I assume, and correct me if I'm wrong here the JSON would look similar to { label: 'maintainability', message: 'A' } & { label: 'coverage', message: '99%' }

jNullj avatar Jul 09 '25 21:07 jNullj

Yes, that is approxiamtely what I am proposing. We would be able to provide a simple spec for a JSON representation of a badge, and it should be as reliable as any JSON API we would provide.

brynary avatar Jul 10 '25 14:07 brynary

Thanks. Having a custom endpoint for this sounds good. Particularly if there is a public endpoint that returns data for any public projects and we don't need to implement auth to call it. In general, our guidance says we should use documented public APIs but what we really care about is using APIs that we're allowed to use and that aren't going to change under us.

There's a few other projects where we use a special endpoint just for badges. For example coderabbit, coverity, docs.rs etc.

chris48s avatar Jul 12 '25 12:07 chris48s

An alternative would be to scratch the SVG of the public qlty.sh badges. It's not our preferred approach in terms of performance and maintainability, but we already do this in a number of places via BaseSvgScrapingService.

PyvesB avatar Sep 28 '25 08:09 PyvesB

@brynary can we go forward with the JSON API? as it seems to be a preferred method. I'm thankful for you offering us an endpoint we can use, please let me know if the offer to add this endpoint is still valid.

jNullj avatar Sep 28 '25 16:09 jNullj

It looks like the old Code Climate API was sunset a week ago. https://api.codeclimate.com/v1/repos?github_slug=codeclimate%2Fcodeclimate and similar endpoints are now redirecting to the qlty.sh documentation. This means that all existing Code Climate badges have broken.

As far as I can tell, projects haven't been migrated over. Hitting the new qlty.sh API with public projects that were previously integrated with Code Climate returns 500 "Internal Server Error" responses. The docs have mentions of "If you are already using Code Climate Quality, please contact us for migration assistance", suggesting this requires users to onboard onto a brand new service.

We're essentially in the present case:

If existing/legacy projects haven't been migrated over (i.e: I can't just replace my API call to https://api.codeclimate.com/v1/repos?github_slug=codeclimate%2Fcodeclimate with a call to Qlty and get the same results back) then I'd be inclined to just see these as two different services, in which case.. Maybe make new badges for Qlty (if they have a sufficiently stable API and offer a decent rate limit, etc). Consider it on its own merits Keep the existing CodeClimate badges for as long as they work and retire them if and when the API shuts down

I'll submit a PR for deprecating Code Climate badges. Anyone can feel free to contribute new qlty.sh badges, either by leveraging BaseSvgScrapingService, or waiting until we get news about the new API @brynary mentioned.

PyvesB avatar Nov 02 '25 14:11 PyvesB