Skip to content

Use SpotBugs to spot bugs. #1552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
3 of 6 tasks
sprocter opened this issue Sep 26, 2018 · 3 comments · Fixed by #1757
Closed
3 of 6 tasks

Use SpotBugs to spot bugs. #1552

sprocter opened this issue Sep 26, 2018 · 3 comments · Fixed by #1757
Assignees
Milestone

Comments

@sprocter
Copy link
Contributor

sprocter commented Sep 26, 2018

Summary

We should use SpotBugs to find issues with OSATE code, and if those issues are severe enough, block pull requests that introduce them.

Tasks

  • Install / configure SpotBugs
  • Add installation to Oomph
  • Add configuration to Oomph
  • Announce SpotBugs usage / enforcement timeline on OSATE discussion list
  • Add SpotBugs to Maven build
  • Begin rejecting buggy pull requests

child of #1570

@lwrage
Copy link
Contributor

lwrage commented Oct 26, 2018

For Jenkins we will need the Jenkins Warnings plugin.

@lwrage lwrage modified the milestones: 2.4.0, 2.4.1 Feb 19, 2019
@ghost ghost added review and removed in progress labels Mar 23, 2019
@lwrage
Copy link
Contributor

lwrage commented Mar 26, 2019

Observations:

  • Running Spotbugs on the build server adds about 20min to the build.
  • Goal spotbugs:spotbugs is needed for build without failing, bind to verify phase
  • Security plugin added via pom configuration, manually in dev environment
  • Most warnings are false positives
  • Focus on >= medium confidence, >= troubling (>=14)
  • Run security only?

@sprocter
Copy link
Contributor Author

Is the restriction to security bugs only for performance reasons? If so, I'd be fine with that for the pull request builder, but I think we may want to run the full set for the nightly build.

@ghost ghost removed the review label Mar 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants