update spotbugs code analysis

Yubico · Dec 18, 2023 · e183f10 · e183f10
1 parent 4ee0e29
commit e183f10
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 61 deletions.
diff --git a/.github/workflows/spotbugs-scan.yml b/.github/workflows/spotbugs-scan.yml
@@ -2,11 +2,11 @@ name: "SpotBugs"
 
 on:
   push:
-    branches: [ adamve/spotbugs-reports-v3 ]
+    branches: [adamve/spotbugs-reports-v3]
   pull_request:
-    branches: [ adamve/spotbugs-reports-v3 ]
+    branches: [adamve/spotbugs-reports-v3]
   schedule:
-    - cron: '25 16 * * 0'
+    - cron: "25 16 * * 0"
 
 jobs:
   analyze:
@@ -22,38 +22,45 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'java' ]
+        language: ["java"]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    - name: Setup Java
-      uses: actions/setup-java@v3
-      with:
-        distribution: 'temurin'
-        java-version: '17'
-
-    - name: Build with Gradle
-      run: ./gradlew spotbugsRelease spotbugsMain
-
-    - name: Fix SARIF
-      run: |
-        cat <<< $(jq '.runs |= map( if .taxonomies == [null] then .taxonomies = [] else . end)' ./build/spotbugs/spotbugs-support.sarif) > ./build/spotbugs/spotbugs-support.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "android/src/main/java/" + .' ./build/spotbugs/spotbugs-android.sarif) > ./build/spotbugs/spotbugs-android.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "AndroidDemo/src/main/java/" + .' ./build/spotbugs/spotbugs-AndroidDemo.sarif) > ./build/spotbugs/spotbugs-AndroidDemo.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "core/src/main/java/" + .' ./build/spotbugs/spotbugs-core.sarif) > ./build/spotbugs/spotbugs-core.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "fido/src/main/java/" + .' ./build/spotbugs/spotbugs-fido.sarif) > ./build/spotbugs/spotbugs-fido.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "management/src/main/java/" + .' ./build/spotbugs/spotbugs-management.sarif) > ./build/spotbugs/spotbugs-management.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "oath/src/main/java/" + .' ./build/spotbugs/spotbugs-oath.sarif) > ./build/spotbugs/spotbugs-oath.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "openpgp/src/main/java/" + .' ./build/spotbugs/spotbugs-openpgp.sarif) > ./build/spotbugs/spotbugs-openpgp.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "piv/src/main/java/" + .' ./build/spotbugs/spotbugs-piv.sarif) > ./build/spotbugs/spotbugs-piv.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "support/src/main/java/" + .' ./build/spotbugs/spotbugs-support.sarif) > ./build/spotbugs/spotbugs-support.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "testing/src/main/java/" + .' ./build/spotbugs/spotbugs-testing.sarif) > ./build/spotbugs/spotbugs-testing.sarif
-        cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "yubiotp/src/main/java/" + .' ./build/spotbugs/spotbugs-yubiotp.sarif) > ./build/spotbugs/spotbugs-yubiotp.sarif
-
-    - name: upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: build/spotbugs/
-        category: spotbugs-analysis
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: "temurin"
+          java-version: "17"
+
+      - name: Build with Gradle
+        run: ./gradlew spotbugsRelease spotbugsMain
+
+      - name: Fix SARIF
+        run: >-
+          for module in \
+                "android" \
+                "AndroidDemo" \
+                "core" \
+                "fido" \
+                "management" \
+                "oath" \
+                "openpgp" \
+                "piv" \
+                "support" \
+                "testing" \
+                "yubiotp";
+          do
+            MODULE="./build/spotbugs/spotbugs-$module.sarif"
+            TAXONOMY_FIX=$(jq '.runs |= map( if .taxonomies == [null] then .taxonomies = [] else . end)' $MODULE)
+            echo $TAXONOMY_FIX > $MODULE
+            URI_FIX=$(jq ".runs[].results[].locations[].physicalLocation.artifactLocation.uri |= \"$module/src/main/java/\" + ." $MODULE)
+            echo $URI_FIX > $MODULE
+          done
+
+      - name: upload SARIF
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: build/spotbugs/
+          category: spotbugs-analysis
diff --git a/android/build.gradle b/android/build.gradle
@@ -36,8 +36,7 @@ android {
 dependencies {
     api project(':core')
 
-    compileOnly 'androidx.annotation:annotation:1.7.0'
-    compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.0'
+    compileOnly 'androidx.annotation:annotation:1.7.1'
 
     testImplementation project(':testing')
     testImplementation 'androidx.test.ext:junit:1.1.5'

diff --git a/build.gradle b/build.gradle
@@ -9,14 +9,13 @@ buildscript {
         google()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:8.1.4'
+        classpath 'com.android.tools.build:gradle:8.2.0'
         classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
     }
 }
 
 plugins {
     id 'maven-publish'
-    id 'com.github.spotbugs' version '5.0.14'
 }
 
 allprojects {
@@ -44,19 +43,4 @@ subprojects {
             options.addStringOption('Xdoclint:all,-missing', '-quiet')
         }
     }
-
-    //noinspection UnnecessaryQualifiedReference
-    tasks.withType(com.github.spotbugs.snom.SpotBugsTask).tap {
-        configureEach {
-            if (it.name == 'spotbugsTest' || it.name == 'spotbugsDebug') {
-                enabled = false
-            } else {
-                group 'verification'
-                reports.create("sarif") {
-                    required = true
-                    outputLocation = file("${project.rootDir}/build/spotbugs/spotbugs-${project.name}.sarif")
-                }
-            }
-        }
-    }
 }
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -1,3 +1,14 @@
 plugins {
     id 'groovy-gradle-plugin'
 }
+
+repositories {
+    mavenCentral()
+    google()
+    gradlePluginPortal()
+}
+
+dependencies {
+    implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.4'
+    implementation 'com.android.tools.build:gradle:8.2.0'
+}
diff --git a/buildSrc/src/main/groovy/project-convention-spotbugs.gradle b/buildSrc/src/main/groovy/project-convention-spotbugs.gradle
@@ -1,3 +1,6 @@
+import com.github.spotbugs.snom.Confidence
+import com.github.spotbugs.snom.Effort
+
 plugins {
     id 'com.github.spotbugs'
 }
@@ -13,13 +16,28 @@ dependencies {
 }
 
 spotbugs {
-    // ignore failures unless all issues are fixed
-    // find current issues in reports/spotbugs for each library
     ignoreFailures = true
-
-    showStackTraces = true
+    showStackTraces = false
     showProgress = false
 
-    effort = "max"
-    reportLevel = "low"
+    effort = Effort.MAX
+    reportLevel = Confidence.valueOf('LOW')
+}
+
+tasks.matching {
+    it.name == "spotbugsTest"
+}.configureEach {
+    enabled = false
+}
+
+tasks.matching {
+    it.name == "spotbugsMain" || it.name == "spotbugsRelease"
+}.configureEach {
+    enabled = true
+    reports.create("html") {
+        outputLocation = file("${project.rootDir}/build/spotbugs-html/spotbugs-${project.name}.html")
+    }
+    reports.create("sarif") {
+        outputLocation = file("${project.rootDir}/build/spotbugs/spotbugs-${project.name}.sarif")
+    }
 }