Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ezienecker/static-code-review-plugin

A plugin which comments the found bugs (by static code analyzer) to your merge request
https://github.com/ezienecker/static-code-review-plugin

code-analysis findbugs hacktoberfest spotbugs spotbugs-maven-plugin static-analysis static-code-analysis

Last synced: 9 days ago
JSON representation

A plugin which comments the found bugs (by static code analyzer) to your merge request

Host: GitHub
URL: https://github.com/ezienecker/static-code-review-plugin
Owner: ezienecker
License: apache-2.0
Created: 2019-09-21T07:28:03.000Z (over 5 years ago)
Default Branch: develop
Last Pushed: 2022-10-02T14:55:28.000Z (about 2 years ago)
Last Synced: 2023-07-03T10:42:25.651Z (over 1 year ago)
Topics: code-analysis, findbugs, hacktoberfest, spotbugs, spotbugs-maven-plugin, static-analysis, static-code-analysis
Language: Kotlin
Homepage:
Size: 63.5 KB
Stars: 5
Watchers: 2
Forks: 2
Open Issues: 3
Metadata Files:
- Readme: README.adoc
- Changelog: CHANGELOG.adoc
- License: LICENSE

Awesome Lists containing this project

README

        = Static Code Review Plugin

image::https://img.shields.io/github/license/ezienecker/static-code-review-plugin.svg[License]

image::https://travis-ci.com/ezienecker/static-code-review-plugin.svg?branch=develop["Build Status", link="https://travis-ci.com/ezienecker/static-code-review-plugin"]

image::https://img.shields.io/maven-central/v/de.manuzid/static-code-review-plugin.svg?label=Maven%20Central["Maven Central", link="https://search.maven.org/search?q=g:%22de.manuzid%22%20AND%20a:%22static-code-review-plugin%22"]

This plugin asks within a merge request for the changed files and analyzes the code with the help of static code analyzer (currently https://spotbugs.github.io/[SpotBugs] and https://arturbosch.github.io/detekt/[Detekt] but more are planned). The found bugs are then commented to the corresponding code location.

== Usage

Add the following to your `pom.xml`

[source,xml]

....

    

        

            de.manuzid

            static-code-review-plugin

            2.0.0

            

                

                    verify

                    

                        report

                    

                

            

        

    

....

Execute the following command to run the plugin

[source,bash]

....

mvn verify -DprojectId=$CI_PROJECT_ID  \

    -DmergeRequestIid=$CI_MERGE_REQUEST_IID  \

    -Dauth.token=$GITLAB_AUTH_TOKEN

....

To exclude analyzer use the `exclusion` tag

[source,xml]

....

    de.manuzid

    static-code-review-plugin

    2.0.0

    

        

            spotbugs

        

    

    

        

            verify

            

                report-detekt

            

        

    

....

=== Samples

* https://gitlab.com/manuzid/static-code-review-plugin-sample-java[Java Sample]

* https://gitlab.com/manuzid/static-code-review-plugin-sample-kotlin[Kotlin Sample]

== Configuration

=== Required

|===

|Property |Default |Description

|gitUrl |If GitHub is activated: `https://api.github.com`, otherwise `https://gitlab.com/` |The URL of the GitLab server

3+|One of the two must be given, either the `projectId` or `repository`

This depends on whether GitLab or GitHub is selected as the Git server.

GitLab needs the `projectId` and GitHub the `repository` name.

|projectId |None |The project in the form of an Integer(ID) or String(path)

|repository |None |Is a combination of `owner` und `repository`.

`Owner` is the account owner of the repository. The name is not case-sensitive.

`Repository` is the name of the repository. The name is not case-sensitive.

|mergeRequestIid |None |The internal ID of the merge request

|static-code-review.skip |false |If true, execution will be skipped entirely.

|isGitHub |false |If false then GitLab is selected as the Git server, otherwise GitHub is the Git server.

3+|One of the two must be given, either the `auth.token` or the basic auth (`auth.username` & `auth.password`).

Note that none of them must be protected, otherwise they cannot be read by the plugin.

|auth.token |None |The private token to use for access to the GitLab API

|auth.username |None |The username for basic auth with the GitLab server.

|auth.password |None |The password for basic auth with the GitLab server.

|===

=== Optional

|===

|Property |Default |Description

|proxy.serverAddress |None |The URI of the proxy server.

|proxy.username |None |The username for basic auth with the proxy server.

|proxy.password |None |The password for basic auth with the proxy server.

|applicationSources |`src/main/java` |Application/Library sources.

|exclusions |empty list |A list of strings containing the analyzers to be excluded.

|exclusion |None |Analyzer that should be excluded. Valid values: `spotbugs`, `detekt`

3+|SpotBugs Settings

|compiledClasses |`classes` |Compiled Application/Library sources.

|priorityThresholdLevel |3 |It specifies the confidence/priority threshold for reporting issues. 1 = High, 2 = Normal, 3 = Low, 4 = Ignored, 5 = Experimental.

|===

== Goal

=== Report

Used to run static code review plugin

== Hints

* Configuration Output

To be able to check at runtime how the plugin is configured, you need to run the maven command with debug output (`-X`).

[source,bash]

....

mvn verify -X -DprojectId=$CI_PROJECT_ID  \

    -DmergeRequestIid=$CI_MERGE_REQUEST_IID  \

    -Dauth.token=$GITLAB_AUTH_TOKEN

....

Then look for the following line `[DEBUG] Configuring mojo 'de.manuzid:static-code-review-plugin` and

you should see the following output.

[source,bash]

....

[DEBUG] Configuring mojo 'de.manuzid:static-code-review-plugin:1.1.0:report-detekt' with basic configurator -->

[DEBUG]   (f) applicationSourcePath = src/main/kotlin

[DEBUG]   (f) authToken = 

[DEBUG]   (f) compiledClassPath = classes

[DEBUG]   (f) exclusions = [detekt]

[DEBUG]   (f) gitUrl = https://gitlab.com/

[DEBUG]   (f) mergeRequestIid = 1

[DEBUG]   (f) project = MavenProject: de.manuzid:static-code-review-plugin-sample-kotlin:1.0.0 @ /Users/manuzid/public-projects/static-code-review-plugin-sample/static-code-review-plugin-sample-kotlin/pom.xml

[DEBUG]   (f) projectId = 17068115

[DEBUG]   (f) skip = false

[DEBUG] -- end configuration --

....

* Detekt Configuration

In order to resolve the path to the file to be commented on correctly, it is mandatory that the `applicationSources` is

specified when analyzing Kotlin files.

== Releasing

Creating a new release involves the following steps:

. `./mvnw gitflow:release-start gitflow:release-finish`

. `git push origin master`

. `git push --tags`

. `git push origin develop`