diff options
author | Toine Siebelink <toine.siebelink@est.tech> | 2021-01-11 14:39:38 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-01-11 14:39:38 +0000 |
commit | a3c45cab5d3a268c16410f4962b18043b7c04bad (patch) | |
tree | dd9cf3cfe506a4bcbfdd3fe44376de38e01c2071 | |
parent | fa56d71bb94d88f657a9d73fb91c3036220f32ab (diff) | |
parent | 9f93f7960c97642a79ed30b84d5127017ed9fc73 (diff) |
Merge "Introduce spotbug plugin"
-rw-r--r-- | cps-bom/pom.xml | 5 | ||||
-rwxr-xr-x | cps-dependencies/pom.xml | 6 | ||||
-rw-r--r-- | cps-parent/pom.xml | 68 | ||||
-rw-r--r-- | pom.xml | 1 | ||||
-rw-r--r-- | spotbugs/pom.xml | 28 | ||||
-rw-r--r-- | spotbugs/src/main/resources/spotbugs-exclude.xml | 27 |
6 files changed, 135 insertions, 0 deletions
diff --git a/cps-bom/pom.xml b/cps-bom/pom.xml index 520a484153..7d023a5912 100644 --- a/cps-bom/pom.xml +++ b/cps-bom/pom.xml @@ -51,6 +51,11 @@ <artifactId>checkstyle</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.onap.cps</groupId> + <artifactId>spotbugs</artifactId> + <version>${project.version}</version> + </dependency> </dependencies> </dependencyManagement> </project>
\ No newline at end of file diff --git a/cps-dependencies/pom.xml b/cps-dependencies/pom.xml index a77deff98a..cf744e8890 100755 --- a/cps-dependencies/pom.xml +++ b/cps-dependencies/pom.xml @@ -23,6 +23,7 @@ <modelmapper.version>2.3.8</modelmapper.version> <spock-core.version>2.0-M2-groovy-3.0</spock-core.version> <spock-spring.version>1.3-groovy-2.5</spock-spring.version> + <spotbugs.version>4.2.0</spotbugs.version> <springboot.version>2.3.3.RELEASE</springboot.version> <springfox.version>3.0.0</springfox.version> <swagger.version>2.1.4</swagger.version> @@ -109,6 +110,11 @@ <artifactId>postgresql</artifactId> <version>${testcontainers.version}</version> </dependency> + <dependency> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs</artifactId> + <version>${spotbugs.version}</version> + </dependency> </dependencies> </dependencyManagement> </project> diff --git a/cps-parent/pom.xml b/cps-parent/pom.xml index 97dba3a7a2..d3470df25d 100644 --- a/cps-parent/pom.xml +++ b/cps-parent/pom.xml @@ -26,7 +26,11 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <releaseNexusPath>/content/repositories/releases/</releaseNexusPath> <repository.name>nexus3.onap.org:10001/onap/cps-service</repository.name> + <spotbugs-maven-plugin.version>4.1.3</spotbugs-maven-plugin.version> <spring-boot-maven-plugin.version>2.3.3.RELEASE</spring-boot-maven-plugin.version> + <spotbugs.slf4j.version>1.8.0-beta4</spotbugs.slf4j.version> + <spotbugs.bug-pattern.version>1.5.0</spotbugs.bug-pattern.version> + <spotbugs.version>4.2.0</spotbugs.version> <swagger-codegen-maven-plugin.version>3.0.18</swagger-codegen-maven-plugin.version> <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath> <tag.version>${project.version}</tag.version> @@ -197,6 +201,66 @@ </to> </configuration> </plugin> + <plugin> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <version>${spotbugs-maven-plugin.version}</version> + <dependencies> + <dependency> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs</artifactId> + <version>${spotbugs.version}</version> + </dependency> + <dependency> + <groupId>${project.groupId}</groupId> + <artifactId>spotbugs</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <!-- The SpotBugs Maven plugin uses SLF4J 1.8 beta 2 --> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-simple</artifactId> + <version>${spotbugs.slf4j.version}</version> + </dependency> + </dependencies> + <configuration> + <plugins> + <plugin> + <groupId>jp.skypencil.findbugs.slf4j</groupId> + <artifactId>bug-pattern</artifactId> + <version>1.5.0</version> + </plugin> + </plugins> + <!-- + Enables analysis which takes more memory but finds more bugs. + If you run out of memory, changes the value of the effort element + to 'Low'. + --> + <effort>Max</effort> + <!-- Reports all bugs (other values are medium and max) --> + <threshold>Low</threshold> + <!-- Build doesn't fail if problems are found --> + <failOnError>false</failOnError> + <!-- References the excluded rules --> + <excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile> + <!-- Produces XML report --> + <xmlOutput>true</xmlOutput> + <!-- Configures the directory in which the XML report is created --> + <xmlOutputDirectory>${project.build.directory}/spotbugs</xmlOutputDirectory> + </configuration> + <executions> + <!-- + Ensures that SpotBugs inspects source code when project is compiled. + --> + <execution> + <id>analyze-compile</id> + <phase>compile</phase> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin> </plugins> </pluginManagement> <plugins> @@ -360,6 +424,10 @@ </execution> </executions> </plugin> + <plugin> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + </plugin> </plugins> </build> </project>
\ No newline at end of file @@ -34,5 +34,6 @@ <module>cps-rest</module>
<module>cps-ri</module>
<module>checkstyle</module>
+ <module>spotbugs</module>
</modules>
</project>
diff --git a/spotbugs/pom.xml b/spotbugs/pom.xml new file mode 100644 index 0000000000..133c4f7319 --- /dev/null +++ b/spotbugs/pom.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>org.onap.cps</groupId> + <artifactId>spotbugs</artifactId> + <version>0.0.1-SNAPSHOT</version> + + <properties> + <nexusproxy>https://nexus.onap.org</nexusproxy> + <releaseNexusPath>/content/repositories/releases/</releaseNexusPath> + <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath> + </properties> + + <distributionManagement> + <repository> + <id>ecomp-releases</id> + <name>ECOMP Release Repository</name> + <url>${nexusproxy}${releaseNexusPath}</url> + </repository> + <snapshotRepository> + <id>ecomp-snapshots</id> + <name>ECOMP Snapshot Repository</name> + <url>${nexusproxy}${snapshotNexusPath}</url> + </snapshotRepository> + </distributionManagement> +</project>
\ No newline at end of file diff --git a/spotbugs/src/main/resources/spotbugs-exclude.xml b/spotbugs/src/main/resources/spotbugs-exclude.xml new file mode 100644 index 0000000000..c46270c1cd --- /dev/null +++ b/spotbugs/src/main/resources/spotbugs-exclude.xml @@ -0,0 +1,27 @@ +<FindBugsFilter> + <Match> + <Or> + <!-- Anonymous inner classes are very common. --> + <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON" /> + + <!-- We use static slf4j Logger (this rule is from KengoTODA/findbugs-slf4j jp.skypencil.findbugs.slf4:bug-pattern) --> + <Bug pattern="SLF4J_LOGGER_SHOULD_BE_NON_STATIC" /> + + <!-- Guava 25.1+ uses the Checker Framework's @Nullable which SpotBugs doesn't handle correctly, even though it's + supposed to; see https://github.com/spotbugs/spotbugs/issues/743 --> + <Bug pattern="NP_NONNULL_PARAM_VIOLATION" /> + <Bug pattern="NP_NULL_PARAM_DEREF" /> + <Bug pattern="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE" /> + <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE" /> + + <!-- https://github.com/spotbugs/spotbugs/issues/511. Strict reading of Object.equals() contract means that + evenever equals() behaviour is defined, all implementations need to adhere to it. The only reason + to override the method (assuming correct API design, of course) is to provide a more efficient + implementation. This rule would be forcing a @SuppressFBWarnings on perfectly compliant classes. --> + <Bug pattern="EQ_DOESNT_OVERRIDE_EQUALS"/> + + <!-- https://github.com/spotbugs/spotbugs/issues/756. spotbugs does not grok Java 11's try-with-resources --> + <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"/> + </Or> + </Match> +</FindBugsFilter> |