Skip to content

Commit

Permalink
Merge branch 'master' into sq-10
Browse files Browse the repository at this point in the history
  • Loading branch information
gtoison committed Aug 27, 2024
2 parents e5207d6 + 26126d8 commit a8f3f67
Show file tree
Hide file tree
Showing 18 changed files with 225 additions and 235 deletions.
30 changes: 3 additions & 27 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,41 +18,19 @@ jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
# previous LTS version
- SONAR_SERVER_VERSION: 7.9
SONAR_PLUGIN_API_VERSION: 7.9
SONAR_PLUGIN_API_GROUPID: org.sonarsource.sonarqube
SONAR_JAVA_VERSION: 5.13.1.18282
SONAR_SERVER_JAVA_VERSION: 11
# current LTS version
- SONAR_SERVER_VERSION: 8.9.9.56886
SONAR_PLUGIN_API_VERSION: 8.9.9.56886
SONAR_PLUGIN_API_GROUPID: org.sonarsource.sonarqube
SONAR_JAVA_VERSION: 6.15.1.26025
SONAR_SERVER_JAVA_VERSION: 11
- SONAR_SERVER_VERSION: 9.7.0.61563
SONAR_PLUGIN_API_VERSION: 9.11.0.290
SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
SONAR_JAVA_VERSION: 7.14.0.30229
SONAR_SERVER_JAVA_VERSION: 11
# 9.9 LTS
- SONAR_SERVER_VERSION: 9.9.0.65466
SONAR_PLUGIN_API_VERSION: 9.14.0.375
SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
SONAR_JAVA_VERSION: 7.16.0.30901
SONAR_SERVER_JAVA_VERSION: 17
# 10.x
- SONAR_SERVER_VERSION: 10.4.0.87286
SONAR_PLUGIN_API_VERSION: 10.6.0.2114
SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
SONAR_JAVA_VERSION: 7.30.1.34514
SONAR_SERVER_JAVA_VERSION: 17
- SONAR_SERVER_VERSION: 10.6.0.92116
SONAR_PLUGIN_API_VERSION: 10.7.0.2191
SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
SONAR_JAVA_VERSION: 8.0.1.36337
SONAR_SERVER_JAVA_VERSION: 17
# https://mvnrepository.com/artifact/org.sonarsource.sonarqube/sonar-core
# https://mvnrepository.com/artifact/org.sonarsource.api.plugin/sonar-plugin-api
Expand All @@ -79,9 +57,7 @@ jobs:
run: |
./mvnw verify -B -e -V \
-Dsonar.server.version=${{ matrix.SONAR_SERVER_VERSION }} \
-Dsonar-plugin-api.version=${{ matrix.SONAR_PLUGIN_API_VERSION }} \
-Dsonar-plugin-api.groupId=${{ matrix.SONAR_PLUGIN_API_GROUPID }} \
-Dsonar-java.version=${{ matrix.SONAR_JAVA_VERSION }}
-Dsonar-plugin-api.version=${{ matrix.SONAR_PLUGIN_API_VERSION }}
deploy:
runs-on: ubuntu-latest
needs: build
Expand Down Expand Up @@ -131,7 +107,7 @@ jobs:
uses: ./.github/actions/sonar-update-center
with:
prop-file: findbugs.properties
description: Use SpotBugs 4.8.5, sb-contrib 7.6.4, and findsecbugs 1.13.0
description: Use SpotBugs 4.8.6, sb-contrib 7.6.4, and findsecbugs 1.13.0
minimal-supported-sq-version: 9.9
latest-supported-sq-version: LATEST
changelog-url: https://github.com/spotbugs/sonar-findbugs/releases/tag/${{ github.event.release.tag_name }}
Expand Down
8 changes: 2 additions & 6 deletions .github/workflows/sonarqube.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,8 @@ jobs:
runs-on: ubuntu-latest
env:
# previous LTS version
SONAR_SERVER_VERSION: 8.9.9.56886
SONAR_PLUGIN_API_VERSION: 8.9.9.56886
SONAR_PLUGIN_API_GROUPID: org.sonarsource.sonarqube
SONAR_JAVA_VERSION: 6.15.1.26025
SONAR_SERVER_VERSION: 9.9.0.65466
SONAR_PLUGIN_API_VERSION: 9.14.0.375
steps:
- name: Decide the ref to check out
uses: haya14busa/action-cond@v1
Expand Down Expand Up @@ -63,8 +61,6 @@ jobs:
./mvnw org.jacoco:jacoco-maven-plugin:prepare-agent verify sonar:sonar -B -e -V -DskipITs \
-Dsonar.server.version=${{ env.SONAR_SERVER_VERSION }} \
-Dsonar-plugin-api.version=${{ env.SONAR_PLUGIN_API_VERSION }} \
-Dsonar-plugin-api.groupId=${{ env.SONAR_PLUGIN_API_GROUPID }} \
-Dsonar-java.version=${{ env.SONAR_JAVA_VERSION }} \
-Dsonar.projectKey=com.github.spotbugs:sonar-findbugs-plugin \
-Dsonar.organization=spotbugs \
-Dsonar.host.url=https://sonarcloud.io \
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,4 +74,5 @@ Findbugs Plugin version|Embedded SpotBugs/Findbugs version|Embedded Findsecbugs
4.2.7 | 4.8.3 (SpotBugs) | 1.12.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
4.2.8 | 4.8.3 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
4.2.9 | 4.8.4 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
4.2.10-SNAPSHOT | 4.8.5 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
4.2.10 | 4.8.6 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
4.3.0-SNAPSHOT | 4.8.6 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 17|9.9~|8.0.1.36337
4 changes: 2 additions & 2 deletions generate_profiles/BuildXmlFiles.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ import groovy.json.JsonSlurper;

@Grapes([

@Grab(group='com.github.spotbugs', module='spotbugs', version='4.8.5'),
@Grab(group='com.github.spotbugs', module='spotbugs', version='4.8.6'),
@Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.6.4'),
@Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.13.0')]
)


FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.8.5')
FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.8.6')
CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.6.4')
FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.13.0')

Expand Down
86 changes: 61 additions & 25 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

<groupId>com.github.spotbugs</groupId>
<artifactId>sonar-findbugs-plugin</artifactId>
<version>4.2.10-SNAPSHOT</version>
<version>4.3.0-SNAPSHOT</version>
<packaging>sonar-plugin</packaging>

<name>SonarQube SpotBugs Plugin</name>
Expand Down Expand Up @@ -52,17 +52,16 @@
Also need to update profiles, see ./generate_profiles/README.md for detail.
Update the version table and the rules count badge in README.md
-->
<spotbugs.version>4.8.5</spotbugs.version>
<spotbugs.version>4.8.6</spotbugs.version>
<sbcontrib.version>7.6.4</sbcontrib.version>
<findsecbugs.version>1.13.0</findsecbugs.version>

<jdk.min.version>1.8</jdk.min.version>
<surefire.version>3.2.5</surefire.version>
<failsafe.version>3.2.5</failsafe.version>
<sonar.server.version>7.9</sonar.server.version>
<sonar-plugin-api.version>7.9.6</sonar-plugin-api.version>
<sonar-plugin-api.groupId>org.sonarsource.sonarqube</sonar-plugin-api.groupId>
<sonar-java.version>5.14.0.18788</sonar-java.version>
<sonar.server.version>9.9.0.65466</sonar.server.version>
<sonar-plugin-api.version>9.14.0.375</sonar-plugin-api.version>
<sonar-java.version>8.0.1.36337</sonar-java.version>

<sonar-orchestrator.version>4.9.0.1920</sonar-orchestrator.version>

Expand Down Expand Up @@ -138,7 +137,7 @@
</dependency>

<dependency>
<groupId>${sonar-plugin-api.groupId}</groupId>
<groupId>org.sonarsource.api.plugin</groupId>
<artifactId>sonar-plugin-api</artifactId>
<version>${sonar-plugin-api.version}</version>
<scope>provided</scope>
Expand All @@ -155,7 +154,44 @@
<groupId>org.sonarsource.java</groupId>
<artifactId>sonar-java-plugin</artifactId>
<version>${sonar-java.version}</version>
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>org.sonarsource.java</groupId>
<artifactId>external-reports</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.analyzer-commons</groupId>
<artifactId>sonar-xml-parsing</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.analyzer-commons</groupId>
<artifactId>sonar-analyzer-commons</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks-aws</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-jsp</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.analyzer-commons</groupId>
<artifactId>sonar-performance-measure</artifactId>
</exclusion>
<exclusion>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-surefire</artifactId>
</exclusion>
<!--<exclusion>
<groupId>org.sonarsource.java</groupId>
<artifactId>jdt-package</artifactId>
</exclusion>-->
</exclusions>
</dependency>

<!-- unit tests -->
Expand Down Expand Up @@ -394,6 +430,7 @@
<pluginClass>org.sonar.plugins.findbugs.FindbugsPlugin</pluginClass>
<useChildFirstClassLoader>false</useChildFirstClassLoader>
<requiredForLanguages>java,scala,jsp,clojure,kotlin</requiredForLanguages>
<skipDependenciesPackaging>true</skipDependenciesPackaging>
</configuration>
</plugin>
<plugin>
Expand All @@ -410,7 +447,7 @@
<configuration>
<rules>
<requireFilesSize>
<maxsize>32000000</maxsize>
<maxsize>42000000</maxsize>
<minsize>8000000</minsize>
<files>
<file>${project.build.directory}/${project.build.finalName}.jar</file>
Expand All @@ -432,22 +469,21 @@
<goal>shade</goal>
</goals>
<configuration>
<artifactSet>
<includes>
<include>commons-io:commons-io</include>
<include>org.codehaus.sonar:sonar-channel</include>
</includes>
</artifactSet>
<relocations>
<relocation>
<pattern>org.apache.commons.io</pattern>
<shadedPattern>shaded.io</shadedPattern>
</relocation>
<relocation>
<pattern>org.sonar.channel</pattern>
<shadedPattern>shaded.channel</shadedPattern>
</relocation>
</relocations>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ApacheNoticeResourceTransformer">
<addHeader>false</addHeader>
</transformer>
</transformers>
<filters>
<filter>
<artifact>*:*</artifact>
<excludes>
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
</excludes>
</filter>
</filters>
<createDependencyReducedPom>false</createDependencyReducedPom>
</configuration>
</execution>
Expand Down
55 changes: 20 additions & 35 deletions src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,14 @@
import org.sonar.api.config.PropertyDefinition;
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.scan.filesystem.PathResolver;
import org.sonar.api.utils.Version;
import org.sonar.plugins.findbugs.classpath.ClasspathLocator;
import org.sonar.plugins.findbugs.classpath.DefaultClasspathLocator;
import org.sonar.plugins.findbugs.rules.FbContribRulesDefinition;
import org.sonar.plugins.findbugs.rules.FindSecurityBugsRulesDefinition;
import org.sonar.plugins.findbugs.rules.FindbugsRulesDefinition;
import org.sonar.plugins.findbugs.xml.Bug;
import org.sonar.plugins.findbugs.xml.FindBugsFilter;
import org.sonar.plugins.findbugs.xml.Match;
import org.sonar.plugins.java.Java;
import org.sonar.plugins.java.api.JavaResourceLocator;

import com.thoughtworks.xstream.XStream;

Expand All @@ -81,22 +78,22 @@ public class FindbugsConfiguration {
private final FileSystem fileSystem;
private final Configuration config;
private final ActiveRules activeRules;
private final JavaResourceLocator javaResourceLocator;
private final ClasspathLocator classpathLocator;

public FindbugsConfiguration(FileSystem fileSystem, Configuration config, ActiveRules activeRules,
JavaResourceLocator javaResourceLocator) {
ClasspathLocator classpathLocator) {
this.fileSystem = fileSystem;
this.config = config;
this.activeRules = activeRules;
this.javaResourceLocator = javaResourceLocator;
this.classpathLocator = classpathLocator;
}

public File getTargetXMLReport() {
return new File(fileSystem.workDir(), "findbugs-result.xml");
}

public void initializeFindbugsProject(Project findbugsProject) throws IOException {
initializeFindbugsProject(findbugsProject, new DefaultClasspathLocator(javaResourceLocator));
initializeFindbugsProject(findbugsProject, classpathLocator);
}

void initializeFindbugsProject(Project findbugsProject, ClasspathLocator classpathLocator) throws IOException {
Expand Down Expand Up @@ -155,11 +152,11 @@ public IllegalStateException buildMissingCompiledCodeException() {
message.append("\nsonar.java.binaries was set to " + config.get(SONAR_JAVA_BINARIES).orElse(null));
}

if (javaResourceLocator.classpath().isEmpty()) {
if (classpathLocator.classpath().isEmpty()) {
message.append("\nSonar JavaResourceLocator.classpath was empty");
}

if (javaResourceLocator.classFilesToAnalyze().isEmpty()) {
if (classpathLocator.classFilesToAnalyze().isEmpty()) {
message.append("\nSonar JavaResourceLocator.classFilesToAnalyze was empty");
}

Expand Down Expand Up @@ -263,7 +260,7 @@ private List<File> buildClassFilesToAnalyze(ClasspathLocator classpathLocator) t
return buildClassFilesToAnalyzePre98();
} else {
// It's probably redundant to use javaResourceLocator.classFilesToAnalyze() here, we'll get all the binaries later
List<File> classFilesToAnalyze = new ArrayList<>(javaResourceLocator.classFilesToAnalyze());
List<File> classFilesToAnalyze = new ArrayList<>(classpathLocator.classFilesToAnalyze());

addClassFilesFromClasspath(classFilesToAnalyze, binaryDirs);

Expand All @@ -281,12 +278,12 @@ private List<File> buildClassFilesToAnalyze(ClasspathLocator classpathLocator) t
}

private List<File> buildClassFilesToAnalyzePre98() throws IOException {
List<File> classFilesToAnalyze = new ArrayList<>(javaResourceLocator.classFilesToAnalyze());
List<File> classFilesToAnalyze = new ArrayList<>(classpathLocator.classFilesToAnalyze());

boolean hasScalaOrKotlinFiles = fileSystem.hasFiles(fileSystem.predicates().hasLanguages("scala", "kotlin"));
boolean hasJspFiles = fileSystem.hasFiles(fileSystem.predicates().hasLanguage("jsp"));

Collection<File> classpath = javaResourceLocator.classpath();
Collection<File> classpath = classpathLocator.classpath();

// javaResourceLocator.classFilesToAnalyze() only contains .class files from Java sources
if (hasScalaOrKotlinFiles) {
Expand Down Expand Up @@ -444,7 +441,7 @@ public boolean isAnalyzeTests() {

public static List<PropertyDefinition> getPropertyDefinitions(Context context) {
String subCategory = "FindBugs";
List<PropertyDefinition> properties = Arrays.asList(
return Arrays.asList(
PropertyDefinition.builder(FindbugsConstants.EFFORT_PROPERTY)
.defaultValue(FindbugsConstants.EFFORT_DEFAULT_VALUE)
.category(Java.KEY)
Expand Down Expand Up @@ -505,27 +502,15 @@ public static List<PropertyDefinition> getPropertyDefinitions(Context context) {
.name("Only Analyze")
.description("To analyze only the given files (in FQCN, comma separted) / package patterns")
.type(PropertyType.STRING)
.build()
);

if (context.getSonarQubeVersion().isGreaterThanOrEqual(Version.create(9, 8))) {
// The sonar-java plugin API only has the methods to get the test binaries/classpath starting with SonarQube 9.8
// For clarity we hide the property in earlier versions because it would have no effect (tests are not analyzed)
properties = new ArrayList<>(properties);
properties.add(
PropertyDefinition.builder(FindbugsConstants.ANALYZE_TESTS)
.defaultValue(Boolean.toString(FindbugsConstants.ANALYZE_TESTS_VALUE))
.category(Java.KEY)
.subCategory(subCategory)
.name("Analyze tests")
.description("Look for bugs in the project test code")
.onQualifiers(Qualifiers.PROJECT)
.type(PropertyType.BOOLEAN)
.build()
);
}

return properties;
.build(),
PropertyDefinition.builder(FindbugsConstants.ANALYZE_TESTS)
.defaultValue(Boolean.toString(FindbugsConstants.ANALYZE_TESTS_VALUE))
.category(Java.KEY)
.subCategory(subCategory)
.name("Analyze tests")
.description("Look for bugs in the project test code")
.onQualifiers(Qualifiers.PROJECT)
.type(PropertyType.BOOLEAN)
.build());
}

}
2 changes: 2 additions & 0 deletions src/main/java/org/sonar/plugins/findbugs/FindbugsPlugin.java
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.sonar.api.Plugin;
import org.sonar.api.batch.fs.FilePredicate;
import org.sonar.api.batch.fs.FilePredicates;
import org.sonar.plugins.findbugs.classpath.DefaultClasspathLocator;
import org.sonar.plugins.findbugs.language.Jsp;
import org.sonar.plugins.findbugs.language.scala.Scala;
import org.sonar.plugins.findbugs.profiles.FindbugsProfile;
Expand Down Expand Up @@ -69,6 +70,7 @@ public void define(Context context) {
FindbugsProfile.class,

FindbugsRulesPluginsDefinition.class,
DefaultClasspathLocator.class,
ByteCodeResourceLocator.class));
}
}
Loading

0 comments on commit a8f3f67

Please sign in to comment.