Community
Participate
Working Groups
It would be nice to have a spotbugs report as part of the build in every jdt.ui module. We could exclude issues that are known to be "false positive" in the report and in the long run switch to make introduction of new issues fail the build. I created a sample configuration just for the org.eclipse.jdt.ui module at https://git.eclipse.org/r/c/jdt/eclipse.jdt.ui/+/166059. As sample configuration it only takes into account this single module but does not fail (using <failOnError>false</failOnError> configuration). It still produces output that you can see in the build log or in the working folder of the build in the output files. So in addition it just needs a suitable jenkins plugin configuration to pick up the resulting report file in xml format to be presented in ci. I do not have the right to do that but it is pretty easy. In the gerrit I put two configurations, one in the report section and one in build section. Depending on the goal we might only need one of them.
If the intent is not to have it failing on errors (likely because there are already issues being flagged even now), wouldn't it make more sense to create a separate job for it, and only integrate it once we get all the existing issues ?
Hi Roland, we can easily do it this way if you prefer that. Just run it separately using the configuration in the reporting section. Of course in a way more useful is it imho to generate the report always so that you can get a detailed list of issues that have been added with every gerrit. If you like you can set measures that make the build fail when exceeded based on the level and number of issues. That is easily possible. The only disadvantage of this approach is that it adds to the build time that is already very long on jdt.ui. So if another step extending the build time is not acceptable a report as part of the integration build would be an improvement too. Best regards, Carsten
Is there anybody with the right to add a jenkins plugin to add a problems report so that you can see what I am talking about? The jenkins cofiguration is Pipeline based, right?
(In reply to Carsten Hammer from comment #2) > Hi Roland, > we can easily do it this way if you prefer that. Just run it separately > using the configuration in the reporting section. > Of course in a way more useful is it imho to generate the report always so > that you can get a detailed list of issues that have been added with every > gerrit. If you like you can set measures that make the build fail when > exceeded based on the level and number of issues. > That is easily possible. The only disadvantage of this approach is that it > adds to the build time that is already very long on jdt.ui. So if another > step extending the build time is not acceptable a report as part of the > integration build would be an improvement too. > Best regards, > Carsten I see there's ways to exclude certain issue types and files, and set limits but it would have been nice to have a way to feed a baseline report, and fail if any additional issues are discovered. Just wondering how likely people are to fix things whether this is a separate job, or integrated. I think any committer would be able to modify an existing job or create a new one. Most are pipeline based. Adding Dani and Noopur to hear what they think of this.
There are different ways to run it. I sometimes run jobs where I do not want the execution being part of the normal build by explicitly calling "spotbugs:spotbugs". You can additionally run much more if you want e.g.: "pmd:pmd pmd:cpd spotbugs:spotbugs org.owasp:dependency-check-maven:check ..." For pmd you can of course setup an exclusion file. You need the jenkins "Warnings Next Generation Plug-in" and maybe some dependencies: https://plugins.jenkins.io/warnings-ng/ It is really not difficult to setup in a straight forward way. Of course it gets more difficult if you want to implement something not yet available. For the Quality gates refering to a reference analysis build I think parts of your ideas are already there ready to use. See https://github.com/jenkinsci/warnings-ng-plugin/blob/master/doc/Documentation.md#quality-gate-configuration
Adding Sravan who will have some idea on this.
(In reply to Carsten Hammer from comment #3) > Is there anybody with the right to add a jenkins plugin to add a problems > report so that you can see what I am talking about? The jenkins cofiguration > is Pipeline based, right? The Jenkins configuration for jdt ui gerrit job is free style. JDT leads can create a new job if required. to add new plugins you need to request foundation via bugzilla.
We discussed it with Dani and here are a few suggestions: - Failing the builds in the initial phase after integration is not recommended. We can do so after the reports are stable and we see useful results from these reports. - It will be good to have these reports if someone volunteers to look at them and take action. - Adding it to the build or keeping it as a separate job will depend on the extra load/time on the build due to this. Please specify the additional resources required for the build. - Please check any license requirements for using it. - Start the spotbugs integration in platform.ui first. Once that it done, we can include it in jdt.ui. Hence, moving the bug to Platform UI.
(In reply to Noopur Gupta from comment #8) > We discussed it with Dani and here are a few suggestions: > - Adding it to the build or keeping it as a separate job will depend on the > extra load/time on the build due to this. Please specify the additional > resources required for the build. Not that much, depending on RAM & CPU available. The full run over our product with 3.983.414 Java lines needs ~15 - 20 minutes (~250.000 - 200.000 LOC / minute). *Entire* platform aggregator repo has 8.537.313 Java lines, so divide it by the ~20 repositories we have and we will get ~400.000 lines that could be scanned in ~1.5 - 2 minutes in average. This will be additional overhead on each build in average. ( find ./ -name '*.java' -print0 | xargs -0 cat ) | wc -l > - Please check any license requirements for using it. Nothing needed, it is free to use for everyone, https://spotbugs.github.io/.
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/167056
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.text/+/167059
I created platform.ui gerrit to provide spotbugs report. Now I need someone to be able to add the jenkins plugin to be able to add a graphical report. Should I create a separate bugzilla to request "Warnings Next Generation Plug-in" for jenkins? Whom to address in bugzilla?
(In reply to Carsten Hammer from comment #12) > I created platform.ui gerrit to provide spotbugs report. Now I need someone > to be able to add the jenkins plugin to be able to add a graphical report. > Should I create a separate bugzilla to request "Warnings Next Generation > Plug-in" for jenkins? Whom to address in bugzilla? You need to raise a bug against eclipse foundation with ci-jenkins as cub component
(In reply to Sravan Kumar Lakkimsetti from comment #13) > (In reply to Carsten Hammer from comment #12) > > I created platform.ui gerrit to provide spotbugs report. Now I need someone > > to be able to add the jenkins plugin to be able to add a graphical report. > > Should I create a separate bugzilla to request "Warnings Next Generation > > Plug-in" for jenkins? Whom to address in bugzilla? > > You need to raise a bug against eclipse foundation with ci-jenkins as cub > component Thanks! Found that this seems to be already there since https://bugs.eclipse.org/bugs/show_bug.cgi?id=548278 has been fixed. Next step would be to configure it to read the xml files to create a graphical representation of the report. Is anybody with the needed rights willing to give it a try? You only need to add the plugin stub to the build configuration and maybe check that the xml output file pattern for spotbugs is matching the realy output in the build path.
(In reply to Carsten Hammer from comment #14) > (In reply to Sravan Kumar Lakkimsetti from comment #13) > > (In reply to Carsten Hammer from comment #12) > > > I created platform.ui gerrit to provide spotbugs report. Now I need someone > > > to be able to add the jenkins plugin to be able to add a graphical report. > > > Should I create a separate bugzilla to request "Warnings Next Generation > > > Plug-in" for jenkins? Whom to address in bugzilla? > > > > You need to raise a bug against eclipse foundation with ci-jenkins as cub > > component > > Thanks! Found that this seems to be already there since > https://bugs.eclipse.org/bugs/show_bug.cgi?id=548278 has been fixed. > > Next step would be to configure it to read the xml files to create a > graphical representation of the report. > > Is anybody with the needed rights willing to give it a try? You only need to > add the plugin stub to the build configuration and maybe check that the xml > output file pattern for spotbugs is matching the realy output in the build > path. Warnings-ng was added to egit and jgit jipps. we need to get this added to eclipse.platform jipp. Can you please raise a bug to get this added? if it succeeds we need to get this jdt, equinox and pde jipps as well
created https://bugs.eclipse.org/bugs/show_bug.cgi?id=565704
Now it is available: https://bugs.eclipse.org/bugs/show_bug.cgi?id=565704 Can anyone remove the old plugin configuration (parsing maven errors) and add a new one for spotbugs, java, maven, ...?
Just some quick feedback on the gerrit change. It might make more sense to have the setting as a separate profile, activated by some property that's not enabled by default. This way, it keeps a default run lighter-weight. It might have been nice to push such a thing to the eclipse-platform-parent and just override various settings with properties but maybe we should try this out on a project basis before going that far.
(In reply to Carsten Hammer from comment #17) > Now it is available: > https://bugs.eclipse.org/bugs/show_bug.cgi?id=565704 > > Can anyone remove the old plugin configuration (parsing maven errors) and > add a new one for spotbugs, java, maven, ...? I added new plugin configuration to platform.ui and platform text. please check it out
(In reply to Sravan Kumar Lakkimsetti from comment #19) > (In reply to Carsten Hammer from comment #17) > > Now it is available: > > https://bugs.eclipse.org/bugs/show_bug.cgi?id=565704 > > > > Can anyone remove the old plugin configuration (parsing maven errors) and > > add a new one for spotbugs, java, maven, ...? > > I added new plugin configuration to platform.ui and platform text. please > check it out Thanks @Sravan! You find sample output at https://ci.eclipse.org/platform/job/eclipse.platform.text-Gerrit/3106/spotbugs/ @Roland We can put the configuration into the topmost parent pom and use a profile. I expect that for modules without errors we are going to change failonerror=true - so maybe not repeating the configuration at all will not be that important. For a multimodule project with different nesting levels addressing the path to the exlusion file in a relative way can be difficult.
What has to be done now to move forward?
@michael istria @Roland Can you please help Carsten here?
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/167414
Just as a follow-up regarding SpotBugs in JDT, running the spotbugs profile on every module takes the run from about 1m30s locally (with -DskipTests -Dlongnotexistingproperty), to around 8 minutes. So given that running on all of JDT would be the goal, we should have it in a separate job for now.
Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/167414 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=a1e60125eb12f1be551a34e29d7d65d41cb0b584
The 'spotbugs' profile is now part of the eclipse-platform-parent. I've created the job at https://ci.eclipse.org/jdt/job/eclipse.jdt.ui-SpotBugs/ . See https://ci.eclipse.org/jdt/job/eclipse.jdt.ui-SpotBugs/lastSuccessfulBuild/spotbugs/ for some sample SpotBugs reporting. The last remaining thing would be to commit spotbugs/spotbugs-exclude.xml to git, though for now I load it in the job itself (cat << EOF) prior to running the maven build.
Bug 347666 seems to be related
Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/169736 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=fb0a2ec4c943899bb5af9e22872e3febd9244550
Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/169740 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=ce1a3df66e7477207bf454972f352e1af48f0a2b
(In reply to Roland Grunberg from comment #26) > The 'spotbugs' profile is now part of the eclipse-platform-parent. > > I've created the job at > https://ci.eclipse.org/jdt/job/eclipse.jdt.ui-SpotBugs/ . See > https://ci.eclipse.org/jdt/job/eclipse.jdt.ui-SpotBugs/lastSuccessfulBuild/ > spotbugs/ for some sample SpotBugs reporting. > > The last remaining thing would be to commit spotbugs/spotbugs-exclude.xml to > git, though for now I load it in the job itself (cat << EOF) prior to > running the maven build. Hi Roland, could you add a pmd/cpd configuration additionally to jenkins now that these are available? CPD is especially interesting to detect copied code... Not sure if we need checkstyle..
(In reply to Roland Grunberg from comment #26) > The 'spotbugs' profile is now part of the eclipse-platform-parent. > > I've created the job at > https://ci.eclipse.org/jdt/job/eclipse.jdt.ui-SpotBugs/ . See > https://ci.eclipse.org/jdt/job/eclipse.jdt.ui-SpotBugs/lastSuccessfulBuild/ > spotbugs/ for some sample SpotBugs reporting. > > The last remaining thing would be to commit spotbugs/spotbugs-exclude.xml to > git, though for now I load it in the job itself (cat << EOF) prior to > running the maven build. Many thank, Roland, for pushing this forward to this point!