Add static code analysis (#53)

jfrog · Nov 11, 2023 · 3f1a212 · 3f1a212
1 parent 856ecd4
commit 3f1a212
Show file tree

Hide file tree

Showing 7 changed files with 103 additions and 9 deletions.
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -0,0 +1,42 @@
+name: "Static Analysis"
+
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - '**'
+  pull_request:
+
+permissions:
+  checks: write
+
+jobs:
+  spotbugs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      # Install required tools
+      - name: Set up Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: "temurin"
+          java-version: "8"
+
+      # Run tests
+      - name: Run Spotbugs
+        run: ./gradlew clean spotbugs
+
+      # Show Spotbugs report
+      - name: Show Spotbugs report
+        uses: jwgmeligmeyling/spotbugs-github-action@master
+        with:
+          path: "build/reports/spotbugs/main/spotbugs.xml"
+        if: failure()
+
+      # Stop Gradle daemon
+      - name: Stop Gradle
+        run: ./gradlew --stop
+        if: always()
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -18,7 +18,6 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
-          submodules: true
           ref: ${{ github.event.pull_request.head.sha }}
       # Install required tools
       - name: Set up Java

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -15,19 +15,31 @@ To build the plugin sources, please follow these steps:
 ./gradlew clean build
 ```
 
-
 To build the code without running the tests, add to the "clean build" command the "-x test" option, for example:
+
 ```
 ./gradlew clean build -x test -x functionalTest
 ```
+
 ---
 
 # 🧪 Testing the plugin
 
+### Static code analysis
+
+In order to run the static code analysis, execute the following command:
+
+```bash
+./gradlew clean spotBugs
+```
+
+### Unit and integration tests
+
 In order to run tests, you should have an Artifactory instance running.
 
 The tests try to access with default values ('localHost:8081', 'admin', 'password')
 overriding those values can be done by using environment variables:
+
 ```bash
 export BITESTS_PLATFORM_URL='http://localhost:8081'
 export BITESTS_PLATFORM_USERNAME=admin
@@ -42,10 +54,14 @@ exeport BITESTS_ARTIFACTORY_VIRTUAL_REPO='some-virtual-repo'
 ```bash
 ./gradlew clean check
 ```
-* The above command run both unit and integration tests.
+
+- The above command run both unit and integration tests.
 
 ### Debugging the tests/plugin with the following command:
+
 ```
 ./gradlew aP -Dorg.gradle.jvmargs=-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005
 ```
-After running the above command, you should start a remote debugging session on port 5005 and wait until the code reaches the break point.
+
+After running the above command, you should start a remote debugging session on port 5005 and wait until the code
+reaches the break point.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -8,19 +8,21 @@ plugins {
     id("com.gradle.plugin-publish") version "1.2.0"
     id("io.github.gradle-nexus.publish-plugin") version "1.3.0"
     id("signing")
+    id("com.github.spotbugs-base") version "4.8.0"
 }
 
 repositories {
     mavenCentral()
 }
 
-val buildInfoVersion = "2.41.6"
+val buildInfoVersion = "2.41.7"
 val fileSpecsVersion = "1.1.2"
 val commonsLangVersion = "3.12.0"
 val commonsIoVersion = "2.11.0"
 val commonsTxtVersion = "1.10.0"
 val testNgVersion = "7.5.1"
 val httpclientVersion = "4.5.14"
+val spotBugsVersion = "4.8.1"
 
 tasks.compileJava {
     sourceCompatibility = "1.8"
@@ -60,6 +62,10 @@ dependencies {
     "functionalTestImplementation"("commons-io", "commons-io", commonsIoVersion)
     "functionalTestImplementation"("org.apache.httpcomponents", "httpclient", httpclientVersion)
     "functionalTestImplementation"(project(mapOf("path" to ":")))
+
+    // Static code analysis
+    spotbugs("com.github.spotbugs", "spotbugs", spotBugsVersion)
+    implementation("com.github.spotbugs", "spotbugs-annotations", spotBugsVersion)
 }
 
 pluginBundle {
@@ -102,7 +108,7 @@ tasks.named<Jar>("jar") {
     exclude("META-INF/*.RSA", "META-INF/*.SF", "META-INF/*.DSA")
 }
 
-tasks.matching{ task -> task.name.contains("PluginMarker") }.configureEach {
+tasks.matching { task -> task.name.contains("PluginMarker") }.configureEach {
     enabled = false
 }
 
@@ -170,3 +176,25 @@ val functionalTestTask = tasks.register<Test>("functionalTest") {
 tasks.check {
     dependsOn(functionalTestTask)
 }
+
+tasks.register<com.github.spotbugs.snom.SpotBugsTask>("spotBugs") {
+    classDirs = files(sourceSets.main.get().output)
+    sourceDirs = files(sourceSets.main.get().allSource.srcDirs)
+    auxClassPaths = files(sourceSets.main.get().compileClasspath)
+
+    reports {
+        create("text") {
+            outputLocation.set(file("$buildDir/reports/spotbugs/main/spotbugs.txt"))
+        }
+        create("html") {
+            outputLocation.set(file("$buildDir/reports/spotbugs/main/spotbugs.html"))
+            setStylesheet("fancy-hist.xsl")
+        }
+        create("xml") {
+            outputLocation.set(file("$buildDir/reports/spotbugs/main/spotbugs.xml"))
+        }
+    }
+    excludeFilter.set(
+            file("${projectDir}/spotbugs-filter.xml")
+    )
+}
diff --git a/spotbugs-filter.xml b/spotbugs-filter.xml
@@ -0,0 +1,9 @@
+<FindBugsFilter>
+    <!-- Handling EI_EXPOSE_REP and EI_EXPOSE_REP2 is memory-intensive due to the need for cloning large maps. -->
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP"/>
+    </Match>
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP2"/>
+    </Match>
+</FindBugsFilter>
diff --git a/src/main/java/org/jfrog/gradle/plugin/artifactory/task/ArtifactoryTask.java b/src/main/java/org/jfrog/gradle/plugin/artifactory/task/ArtifactoryTask.java
@@ -2,6 +2,7 @@
 
 import com.google.common.collect.ArrayListMultimap;
 import com.google.common.collect.Multimap;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.lang3.StringUtils;
 import org.gradle.api.*;
 import org.gradle.api.artifacts.Configuration;
@@ -54,6 +55,8 @@ public class ArtifactoryTask extends DefaultTask {
     private final Map<String, Boolean> flags = new HashMap<>();
     // Is this task initiated from a build server
     private boolean ciServerBuild = false;
+
+    @SuppressFBWarnings(value = "PA_PUBLIC_PRIMITIVE_ATTRIBUTE", justification = "Input field should be public")
     @Input
     public boolean skip = false;
 

diff --git a/src/main/java/org/jfrog/gradle/plugin/artifactory/utils/PublicationUtils.java b/src/main/java/org/jfrog/gradle/plugin/artifactory/utils/PublicationUtils.java
@@ -356,9 +356,6 @@ private static void extractMavenArtifacts(ArtifactoryTask destination, String pu
     private static void createPublishArtifactInfoAndAddToDeployDetails(MavenArtifact artifact, ArtifactoryTask destination, MavenPublication mavenPublication, String publicationName) {
         File file = artifact.getFile();
         DeployDetails.Builder builder = createArtifactBuilder(file, publicationName);
-        if (builder == null) {
-            return;
-        }
         PublishArtifactInfo artifactInfo = new PublishArtifactInfo(
                 mavenPublication.getArtifactId(), artifact.getExtension(),
                 artifact.getExtension(), artifact.getClassifier(),