GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → spotbugs → spotbugs-gradle-plugin

spotbugs / spotbugs-gradle-plugin

Licence: Apache-2.0 license
plugins.gradle.org/plugin/com.github.spotbugs

Programming Languages

groovy
2714 projects
java
68154 projects - #9 most used programming language
kotlin
9241 projects

Labels

gradle-pluginhacktoberfestspotbugsspotbugs-plugin

Projects that are alternatives of or similar to spotbugs-gradle-plugin

jacoco-gradle-testkit-plugin
Gradle plugin for JaCoCo code coverage in tests using Gradle TestKit
Stars: ✭ 37 (-72.99%)
Mutual labels:  gradle-plugin
graalvm-native-image-plugin
A Gradle plugin which creates a native executable via GraalVM's native-image. This is a thin wrapper of the native-image command.
Stars: ✭ 90 (-34.31%)
Mutual labels:  gradle-plugin
gradle-cpd-plugin
Gradle plugin to find duplicate code using PMDs copy/paste detection (= CPD).
Stars: ✭ 88 (-35.77%)
Mutual labels:  gradle-plugin
gradle-flatbuffers-plugin
Gradle plugin for generating code from Google FlatBuffers schemas
Stars: ✭ 20 (-85.4%)
Mutual labels:  gradle-plugin
gradle-grammar-kit-plugin
Gradle plugin for generating lexers (with JFlex) and BNF parsers (with Grammar-Kit) for IntelliJ language plugins
Stars: ✭ 76 (-44.53%)
Mutual labels:  gradle-plugin
dmn-check
A tool which performs static analyses on Decision Model Notation (DMN) files to detect bugs
Stars: ✭ 34 (-75.18%)
Mutual labels:  gradle-plugin
codeartifact-gradle-plugin
Codeartifact gradle plugin
Stars: ✭ 14 (-89.78%)
Mutual labels:  gradle-plugin
GradleMongoPlugin
Gradle plugin for running a managed instance of Mongo.
Stars: ✭ 48 (-64.96%)
Mutual labels:  gradle-plugin
kuberig
Deploy to Kubernetes/OpenShift by leveraging your developer skills - no yaml required!
Stars: ✭ 31 (-77.37%)
Mutual labels:  gradle-plugin
kmp-fatframework-cocoa
A Gradle plugin to generate and publish an iOs FatFramework or XCFramework on Kotlin Multiplatform projects.
Stars: ✭ 26 (-81.02%)
Mutual labels:  gradle-plugin
Android-So-Handler
支持APK包中所有System.Load/LoadLibrary加载的So库文件(Maven、aar文件引入三方库、源码引入的so文件),对So文件进行7z压缩与云端下发,完成apk瘦身
Stars: ✭ 64 (-53.28%)
Mutual labels:  gradle-plugin
Versionberg
Gradle plugin for versioning your library/application on every git commit
Stars: ✭ 78 (-43.07%)
Mutual labels:  gradle-plugin
gradle-semantic-build-versioning
Gradle plugin to generate version-numbers and tags using semantic versioning
Stars: ✭ 19 (-86.13%)
Mutual labels:  gradle-plugin
blowdryer
Keep your gradle builds dry 干
Stars: ✭ 22 (-83.94%)
Mutual labels:  gradle-plugin
gradle-j2cl-plugin
Gradle J2CL Plugin
Stars: ✭ 18 (-86.86%)
Mutual labels:  gradle-plugin
badass-runtime-plugin
Create a custom runtime image of your non-modular application
Stars: ✭ 143 (+4.38%)
Mutual labels:  gradle-plugin
java-quality-checks
No description or website provided.
Stars: ✭ 33 (-75.91%)
Mutual labels:  spotbugs
boost
Boost Maven and Gradle plugins for MicroProfile development
Stars: ✭ 27 (-80.29%)
Mutual labels:  gradle-plugin
gradle-plugin-starter
Gradle plugin template project
Stars: ✭ 34 (-75.18%)
Mutual labels:  gradle-plugin
TinyPngPlugin
TinyPng gradle plugin for android
Stars: ✭ 240 (+75.18%)
Mutual labels:  gradle-plugin
View All Similar Projects ➔

SpotBugs Gradle Plugin

This is the official Gradle Plugin to run SpotBugs on Java and Android project.

Coverage Status Debt Gradle Plugin Portal

Goal

This Gradle plugin is designed to solve the following problems in the legacy plugin:

  • Remove any dependency on the Gradle's internal API
  • Solve mutability problem for the build contains multiple projects and/or sourceSet
  • Native Support for the Parallel Build
  • Native Support for the Android project
  • Missing user document about how to use extension and task

Usage

Apply to your project

Apply the plugin to your project. Refer the Gradle Plugin portal about the detail of installation procedure.

Configure SpotBugs Plugin

Configure spotbugs extension to configure the behaviour of tasks:

spotbugs {
    ignoreFailures = false
    showStackTraces = true
    showProgress = true
    effort = 'default'
    reportLevel = 'default'
    visitors = [ 'FindSqlInjection', 'SwitchFallthrough' ]
    omitVisitors = [ 'FindNonShortCircuit' ]
    reportsDir = file("$buildDir/spotbugs")
    includeFilter = file("include.xml")
    excludeFilter = file("exclude.xml")
    baselineFile = file("baseline.xml")
    onlyAnalyze = [ 'com.foobar.MyClass', 'com.foobar.mypkg.*' ]
    maxHeapSize = '1g'
    extraArgs = [ '-nested:false' ]
    jvmArgs = [ '-Duser.language=ja' ]
}
with Kotlin DSL 
spotbugs {
    ignoreFailures.set(false)
    showStackTraces.set(true)
    showProgress.set(true)
    effort.set(com.github.spotbugs.snom.Effort.DEFAULT)
    reportLevel.set(com.github.spotbugs.snom.Confidence.DEFAULT)
    visitors.set(listOf("FindSqlInjection", "SwitchFallthrough"))
    omitVisitors.set(listOf("FindNonShortCircuit"))
    reportsDir.set(file("$buildDir/spotbugs"))
    includeFilter.set(file("include.xml"))
    excludeFilter.set(file("exclude.xml"))
    baselineFile.set(file("baseline.xml"))
    onlyAnalyze.set(listOf("com.foobar.MyClass", "com.foobar.mypkg.*"))
    maxHeapSize.set("1g")
    extraArgs.set(listOf("-nested:false"))
    jvmArgs.set(listOf("-Duser.language=ja"))
}

Configure spotbugsPlugin to apply any SpotBugs plugin:

dependencies {
    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0'
}
with Kotlin DSL 
dependencies {
    spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0")
}

Configure spotbugs to choose your favorite SpotBugs version:

dependencies {
    spotbugs 'com.github.spotbugs:spotbugs:4.7.1'
}
with Kotlin DSL 
dependencies {
    spotbugs("com.github.spotbugs:spotbugs:4.7.1")
}

Apply to Java project

Apply this plugin with the java plugin to your project, then SpotBugsTask will be generated for each existing sourceSet.

If you want to create and configure SpotBugsTask by own, apply the base plugin (com.github.spotbugs-base) instead, then it won't create tasks automatically.

Apply to Android project

TBU

Configure the SpotBugsTask

Configure SpotBugsTask directly, to set task-specific properties.

// Example to configure HTML report
spotbugsMain {
    reports {
        html {
            required = true
            outputLocation = file("$buildDir/reports/spotbugs/main/spotbugs.html")
            stylesheet = 'fancy-hist.xsl'
        }
    }
}
with Kotlin DSL 
tasks.spotbugsMain {
    reports.create("html") {
        required.set(true)
        outputLocation.set(file("$buildDir/reports/spotbugs.html"))
        setStylesheet("fancy-hist.xsl")
    }
}

SpotBugs version mapping

By default, this Gradle Plugin uses the SpotBugs version listed in this table.

You can change SpotBugs version by the toolVersion property of the spotbugs extension or the spotbugs configuration.

Gradle Plugin SpotBugs
5.0.13 4.7.3
5.0.12 4.7.2
5.0.9 4.7.1
5.0.7 4.7.0
5.0.4 4.5.3
5.0.3 4.5.2
5.0.2 4.5.1
4.7.10 4.5.0
4.7.8 4.4.2
4.7.5 4.4.1
4.7.3 4.4.0
4.7.2 4.3.0
4.6.1 4.2.1
4.5.0 4.1.1
4.4.4 4.0.6
4.4.2 4.0.5
4.0.7 4.0.2
4.0.0 4.0.0

Refer the version in the build script

From v4, the spotbugs.toolVersion is changed from String to Provider<String>, so use get() or other methods to refer to the actual version.

dependencies {
    compileOnly "com.github.spotbugs:spotbugs-annotations:${spotbugs.toolVersion.get()}"
}
with Kotlin DSL 
dependencies {
    compileOnly("com.github.spotbugs:spotbugs-annotations:${spotbugs.toolVersion.get()}")
}

Development

Setup

  • development requires java 11 or higher to be installed
  • The CI server uses ubuntu-latest docker image, but you should be able to develop on any linux/unix based OS.
  • before creating commits
    • read https://www.conventionalcommits.org/en
    • Optionally create the following script in your .git/hooks directory and name it commit.msg. This will ensure that your commits follow the covential commits pattern.
#!/usr/bin/env python
import re, sys, os

#turn off the traceback as it doesn't help readability
sys.tracebacklimit = 0

def main():
    # example:
    # feat(apikey): added the ability to add api key to configuration
    pattern = r'(build|ci|docs|feat|fix|perf|refactor|style|test|chore|revert)(\([\w\-]+\))?:\s.*'
    filename = sys.argv[1]
    ss = open(filename, 'r').read()
    m = re.match(pattern, ss)
    if m == None: raise Exception("Conventional commit validation failed. Did you forget to add one of the allowed prefixes? (build|ci|docs|feat|fix|perf|refactor|style|test|chore|revert)")

if __name__ == "__main__":
    main()
  • when running gradle, do so using the gradlew script in this directory

Signing Artifacts

Since version 4.3, when we publish artifacts we now sign them. This is designed so that the build will still pass if you don't have the signing keys available, this way pull requests and forked repos will still work as before.

Before github workflow can sign the artifacts generated during build, we first need to generate pgp keys (you will have to do this again when the key expires. once a year is a good timeframe) and upload them to the servers. See https://www.gnupg.org/faq/gnupg-faq.html#starting_out for more details.

That means github needs the following secrets:

SIGNING_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----..."
SIGNING_PASSWORD = password

where secrets.SIGNING_KEY is the in-memory ascii-armored keys (you get this by running gpg --armor --export-secret-keys <EMAIL>) and secrets.SIGNING_PASSWORD is the password you used when generating the key.

Gradle is configured to use these to generate the private key in memory so as to minimize our risk of the keys being found and used by someone else.

Copyright

Copyright © 2019-present SpotBugs Team

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].