codeclimate-config
Configure Code Climate Quality (now Qlty) for repository-wide quality gates - duplication, complexity, similar-code, exclude_patterns. Covers both legacy `.codeclimate.yml` (Code Climate Velocity / GitHub integration) and the new `.qlty/qlty.toml` per the Qlty platform migration.
codeclimate-config
Code Climate Quality has rebranded as Qlty (the docs.codeclimate.com URL now 301-redirects to docs.qlty.sh per the Qlty docs). This skill configures both:
When to use
Step 1 - Install (Qlty CLI path)
# macOS / Linux
curl https://qlty.sh | sh
# Windows (PowerShell)
powershell -c "iwr https://qlty.sh | iex"Per the Qlty quickstart, CLI verifies via gh attestation verify if downloaded from GitHub releases.
Step 2 - Initialize config
qlty initGenerates .qlty/qlty.toml baseline scoped to detected file types.
Step 3 - Legacy .codeclimate.yml
For teams still on the GitHub Code Climate App:
version: "2"
plugins:
duplication:
enabled: true
config:
languages:
javascript:
mass_threshold: 50
python:
mass_threshold: 32
ruby:
mass_threshold: 18
fixme:
enabled: true
structure:
enabled: true
exclude_patterns:
- "config/"
- "db/"
- "dist/"
- "features/"
- "**/node_modules/"
- "script/"
- "**/spec/"
- "**/test/"
- "**/tests/"
- "**/vendor/"
- "**/*_test.go"
- "**/*.d.ts"Excluding **/test/** is required - qa-test-review owns test-code hygiene; qa-code-quality scopes production only.
Step 4 - Qlty .qlty/qlty.toml
Per the Qlty quickstart structure:
config_version = "0"
[[source]]
name = "default"
default = true
[[plugin]]
name = "eslint"
[[plugin]]
name = "ruff"
[[plugin]]
name = "shellcheck"
# Per-tool exclude patterns
[[exclude]]
file_patterns = [
"node_modules/**",
"dist/**",
"**/*.test.ts",
"**/*.spec.ts",
"tests/**",
"vendor/**",
]Discover available plugins:
qlty plugins list
qlty plugins enable eslintStep 5 - Run analysis
# Lint changed files (default)
qlty check
# Lint everything
qlty check --all
# Just one tool
qlty check --all --filter=shellcheck
# Detect smells (duplication + complexity)
qlty smells --all
# Export top-complexity hotspots
qlty metrics --all --max-depth=2 --sort complexity --limit 10Step 6 - CI gate
# GitHub Actions
- name: Qlty install
run: curl https://qlty.sh | sh
- name: Qlty check
run: qlty check --upstream main
env:
QLTY_TOKEN: ${{ secrets.QLTY_TOKEN }}--upstream main scopes results to only the diff vs main - matches the "new issues only" workflow Qlty's PR feedback uses (per Qlty docs section "Preventing new issues from merging").
Anti-patterns
| Anti-pattern | Why it fails | Fix |
|---|---|---|
| Scan tests + production with same thresholds | Tests fail duplication checks (deliberate AAA repetition); team disables tool | Exclude **/tests/**, **/spec/** (Steps 3 - 4) |
Set duplication mass_threshold to default in brownfield | Hundreds of pre-existing duplications block all PRs | Use --upstream diff scope OR raise threshold initially + ratchet down |
Mix legacy .codeclimate.yml + new .qlty/qlty.toml | Both tools find different issues; PR comments contradict | Pick one platform; legacy .codeclimate.yml is consumed by Code Climate Velocity / GitHub App, .qlty/qlty.toml by Qlty CLI |
| Enable every plugin upfront | Noisy first PR scares team | Start with 2-3 plugins; add quarterly |
| Run only post-merge | No PR feedback loop | Run on PR (Step 6) |