Skip to content

Use SpotBugs to spot bugs. #1552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
3 of 6 tasks
sprocter opened this issue Sep 26, 2018 · 3 comments · Fixed by #1757
Closed
3 of 6 tasks

Use SpotBugs to spot bugs. #1552

sprocter opened this issue Sep 26, 2018 · 3 comments · Fixed by #1757
Assignees
@lwrage @sprocter
Labels
category:releng
Milestone
2.4.1

Comments

@sprocter
Copy link
Contributor

sprocter commented Sep 26, 2018
edited by lwrage
Loading

Summary

We should use SpotBugs to find issues with OSATE code, and if those issues are severe enough, block pull requests that introduce them.

Tasks

  • Install / configure SpotBugs
  • Add installation to Oomph
  • Add configuration to Oomph
  • Announce SpotBugs usage / enforcement timeline on OSATE discussion list
  • Add SpotBugs to Maven build
  • Begin rejecting buggy pull requests

child of #1570
@lwrage lwrage added this to the 2.4 milestone Oct 25, 2018
@lwrage
Copy link
Contributor

lwrage commented Oct 26, 2018

For Jenkins we will need the Jenkins Warnings plugin.

@lwrage lwrage modified the milestones: 2.4.0, 2.4.1 Feb 19, 2019
@lwrage lwrage mentioned this issue Mar 23, 2019
Merged
@ghost ghost added review and removed in progress labels Mar 23, 2019
@lwrage
Copy link
Contributor

lwrage commented Mar 26, 2019

Observations:

  • Running Spotbugs on the build server adds about 20min to the build.
  • Goal spotbugs:spotbugs is needed for build without failing, bind to verify phase
  • Security plugin added via pom configuration, manually in dev environment
  • Most warnings are false positives
  • Focus on >= medium confidence, >= troubling (>=14)
  • Run security only?

@sprocter
Copy link
Contributor Author

Is the restriction to security bugs only for performance reasons? If so, I'd be fine with that for the pull request builder, but I think we may want to run the full set for the nightly build.

@ghost ghost removed the review label Mar 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lwrage lwrage

@sprocter sprocter

Labels
category:releng
Projects
None yet
Milestone
2.4.1
Development

Successfully merging a pull request may close this issue.

Add spotbugs to build osate/osate2
2 participants
@lwrage @sprocter