No PMD or Checkstyle configuration files (relying on plugin defaults)

[sfloess]

Problem

The pom.xml configures PMD and Checkstyle plugins but provides no custom configuration files. This means the project relies entirely on plugin defaults, which may not align with project coding standards.

Current Configuration

PMD (pom.xml lines 259-274)

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-pmd-plugin</artifactId>
    <version>3.25.0</version>
    <configuration>
        <printFailingErrors>true</printFailingErrors>
        <failOnViolation>true</failOnViolation>
        <minimumTokens>100</minimumTokens>  <!-- Only for CPD -->
    </configuration>
    <!-- NO rulesetFiles specified -->
</plugin>

Missing: pmd-ruleset.xml or pmd.xml

Checkstyle (pom.xml lines 278-287)

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-checkstyle-plugin</artifactId>
    <version>3.6.0</version>
    <configuration>
        <configLocation>google_checks.xml</configLocation>  <!-- ✅ Uses Google style -->
        <consoleOutput>true</consoleOutput>
        <failOnViolation>true</failOnViolation>
    </configuration>
</plugin>

Uses: Google's Checkstyle configuration (bundled with plugin)
Missing: Custom checkstyle.xml to override Google defaults

SpotBugs (pom.xml lines 238-255)

<plugin>
    <groupId>com.github.spotbugs</groupId>
    <artifactId>spotbugs-maven-plugin</artifactId>
    <configuration>
        <excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>  <!-- ✅ HAS custom config -->
    </configuration>
</plugin>

Has: spotbugs-exclude.xml (customized)

Impact

PMD: No Custom Rules

Current Behavior:

• Uses PMD's default ruleset (all categories: best practices, code style, design, etc.)
• May enforce rules the project doesn't care about
• May miss rules the project wants enforced

Problem:

• No project-specific rules (e.g., "prefer StringUtil.requireNonBlank over Objects.requireNonNull for strings")
• Can't disable noisy rules (e.g., rules that conflict with project style)
• All-or-nothing enforcement (can't tune severity levels)

Checkstyle: Google Style Only

Current Behavior:

• Enforces Google Java Style Guide verbatim
• Works, but may not match jcommons conventions

Example Conflicts:

• Google wants 2-space indents; project might prefer 4
• Google has specific import order; project might have different needs
• Google enforces specific JavaDoc style

Note: google_checks.xml is a reasonable baseline, but projects usually customize it.

Comparison

Tool	Has Config	Customized	Status
SpotBugs	✅ Yes	✅ Yes	GOOD - Has spotbugs-exclude.xml
Checkstyle	✅ Yes	❌ No	OK - Uses google_checks.xml (standard)
PMD	❌ No	❌ No	POOR - Fully default, no customization

Missing Files

PMD Ruleset

Recommended location: pmd-ruleset.xml at project root

Example minimal configuration:

<?xml version="1.0"?>
<ruleset name="jcommons-pmd-rules"
         xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 
                             https://pmd.sourceforge.io/ruleset_2_0_0.xsd">
    <description>PMD rules for jcommons library</description>

    <!-- Use standard rulesets -->
    <rule ref="category/java/bestpractices.xml"/>
    <rule ref="category/java/codestyle.xml">
        <!-- Exclude rules that conflict with project style -->
        <exclude name="AtLeastOneConstructor"/>  <!-- Utility classes use private constructor -->
    </rule>
    <rule ref="category/java/design.xml"/>
    <rule ref="category/java/errorprone.xml"/>
    <rule ref="category/java/multithreading.xml"/>
    <rule ref="category/java/performance.xml"/>
    <rule ref="category/java/security.xml"/>
</ruleset>

Checkstyle Customization (Optional)

If Google style doesn't match project conventions:

<?xml version="1.0"?>
<!DOCTYPE module PUBLIC
    "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
    "https://checkstyle.org/dtds/configuration_1_3.dtd">

<module name="Checker">
    <!-- Import Google checks as baseline -->
    <property name="baselineFile" value="google_checks.xml"/>
    
    <!-- Override specific rules -->
    <module name="TreeWalker">
        <module name="Indentation">
            <property name="basicOffset" value="4"/>  <!-- Override Google's 2 -->
        </module>
    </module>
</module>

Recommendations

Immediate: Add PMD Ruleset (Required)

1. Create pmd-ruleset.xml with project-specific rules
2. Update pom.xml:

<configuration>
    <rulesets>
        <ruleset>pmd-ruleset.xml</ruleset>
    </rulesets>
    <printFailingErrors>true</printFailingErrors>
    <failOnViolation>true</failOnViolation>
</configuration>

Optional: Customize Checkstyle

If Google style doesn't match project needs:

1. Create checkstyle.xml extending Google's baseline
2. Update pom.xml: <configLocation>checkstyle.xml</configLocation>

Document Standards

Add to CONTRIBUTING.md:

## Code Quality

This project uses multiple static analysis tools:
- **PMD**: Custom ruleset in `pmd-ruleset.xml`
- **Checkstyle**: Google Java Style Guide (with customizations in `checkstyle.xml`)
- **SpotBugs**: Exclusions in `spotbugs-exclude.xml`

Run locally:
```bash
mvn pmd:check checkstyle:check spotbugs:check

## Verification
```bash
# After adding pmd-ruleset.xml
mvn pmd:check

# Check what rules are active
mvn pmd:pmd
cat target/pmd.xml

Related

• Part of production quality audit
• Code quality tooling configuration
• Similar to spotbugs-exclude.xml approach (which is done correctly)