From e183f10a280fd62909326015f6823ffe05c6d525 Mon Sep 17 00:00:00 2001 From: Adam Velebil Date: Mon, 18 Dec 2023 20:32:05 +0100 Subject: [PATCH] update spotbugs code analysis --- .github/workflows/spotbugs-scan.yml | 79 ++++++++++--------- android/build.gradle | 3 +- build.gradle | 18 +---- buildSrc/build.gradle | 11 +++ .../groovy/project-convention-spotbugs.gradle | 30 +++++-- 5 files changed, 80 insertions(+), 61 deletions(-) diff --git a/.github/workflows/spotbugs-scan.yml b/.github/workflows/spotbugs-scan.yml index 945a6d2b..3a0f3706 100644 --- a/.github/workflows/spotbugs-scan.yml +++ b/.github/workflows/spotbugs-scan.yml @@ -2,11 +2,11 @@ name: "SpotBugs" on: push: - branches: [ adamve/spotbugs-reports-v3 ] + branches: [adamve/spotbugs-reports-v3] pull_request: - branches: [ adamve/spotbugs-reports-v3 ] + branches: [adamve/spotbugs-reports-v3] schedule: - - cron: '25 16 * * 0' + - cron: "25 16 * * 0" jobs: analyze: @@ -22,38 +22,45 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'java' ] + language: ["java"] steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Java - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '17' - - - name: Build with Gradle - run: ./gradlew spotbugsRelease spotbugsMain - - - name: Fix SARIF - run: | - cat <<< $(jq '.runs |= map( if .taxonomies == [null] then .taxonomies = [] else . end)' ./build/spotbugs/spotbugs-support.sarif) > ./build/spotbugs/spotbugs-support.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "android/src/main/java/" + .' ./build/spotbugs/spotbugs-android.sarif) > ./build/spotbugs/spotbugs-android.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "AndroidDemo/src/main/java/" + .' ./build/spotbugs/spotbugs-AndroidDemo.sarif) > ./build/spotbugs/spotbugs-AndroidDemo.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "core/src/main/java/" + .' ./build/spotbugs/spotbugs-core.sarif) > ./build/spotbugs/spotbugs-core.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "fido/src/main/java/" + .' ./build/spotbugs/spotbugs-fido.sarif) > ./build/spotbugs/spotbugs-fido.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "management/src/main/java/" + .' ./build/spotbugs/spotbugs-management.sarif) > ./build/spotbugs/spotbugs-management.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "oath/src/main/java/" + .' ./build/spotbugs/spotbugs-oath.sarif) > ./build/spotbugs/spotbugs-oath.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "openpgp/src/main/java/" + .' ./build/spotbugs/spotbugs-openpgp.sarif) > ./build/spotbugs/spotbugs-openpgp.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "piv/src/main/java/" + .' ./build/spotbugs/spotbugs-piv.sarif) > ./build/spotbugs/spotbugs-piv.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "support/src/main/java/" + .' ./build/spotbugs/spotbugs-support.sarif) > ./build/spotbugs/spotbugs-support.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "testing/src/main/java/" + .' ./build/spotbugs/spotbugs-testing.sarif) > ./build/spotbugs/spotbugs-testing.sarif - cat <<< $(jq '.runs[].results[].locations[].physicalLocation.artifactLocation.uri |= "yubiotp/src/main/java/" + .' ./build/spotbugs/spotbugs-yubiotp.sarif) > ./build/spotbugs/spotbugs-yubiotp.sarif - - - name: upload SARIF - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: build/spotbugs/ - category: spotbugs-analysis \ No newline at end of file + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: "temurin" + java-version: "17" + + - name: Build with Gradle + run: ./gradlew spotbugsRelease spotbugsMain + + - name: Fix SARIF + run: >- + for module in \ + "android" \ + "AndroidDemo" \ + "core" \ + "fido" \ + "management" \ + "oath" \ + "openpgp" \ + "piv" \ + "support" \ + "testing" \ + "yubiotp"; + do + MODULE="./build/spotbugs/spotbugs-$module.sarif" + TAXONOMY_FIX=$(jq '.runs |= map( if .taxonomies == [null] then .taxonomies = [] else . end)' $MODULE) + echo $TAXONOMY_FIX > $MODULE + URI_FIX=$(jq ".runs[].results[].locations[].physicalLocation.artifactLocation.uri |= \"$module/src/main/java/\" + ." $MODULE) + echo $URI_FIX > $MODULE + done + + - name: upload SARIF + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: build/spotbugs/ + category: spotbugs-analysis diff --git a/android/build.gradle b/android/build.gradle index 0ba48d4b..9add1472 100755 --- a/android/build.gradle +++ b/android/build.gradle @@ -36,8 +36,7 @@ android { dependencies { api project(':core') - compileOnly 'androidx.annotation:annotation:1.7.0' - compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.0' + compileOnly 'androidx.annotation:annotation:1.7.1' testImplementation project(':testing') testImplementation 'androidx.test.ext:junit:1.1.5' diff --git a/build.gradle b/build.gradle index ad676496..ef7e34d0 100755 --- a/build.gradle +++ b/build.gradle @@ -9,14 +9,13 @@ buildscript { google() } dependencies { - classpath 'com.android.tools.build:gradle:8.1.4' + classpath 'com.android.tools.build:gradle:8.2.0' classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version" } } plugins { id 'maven-publish' - id 'com.github.spotbugs' version '5.0.14' } allprojects { @@ -44,19 +43,4 @@ subprojects { options.addStringOption('Xdoclint:all,-missing', '-quiet') } } - - //noinspection UnnecessaryQualifiedReference - tasks.withType(com.github.spotbugs.snom.SpotBugsTask).tap { - configureEach { - if (it.name == 'spotbugsTest' || it.name == 'spotbugsDebug') { - enabled = false - } else { - group 'verification' - reports.create("sarif") { - required = true - outputLocation = file("${project.rootDir}/build/spotbugs/spotbugs-${project.name}.sarif") - } - } - } - } } diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index 67840524..21bb328c 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -1,3 +1,14 @@ plugins { id 'groovy-gradle-plugin' } + +repositories { + mavenCentral() + google() + gradlePluginPortal() +} + +dependencies { + implementation 'com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.4' + implementation 'com.android.tools.build:gradle:8.2.0' +} \ No newline at end of file diff --git a/buildSrc/src/main/groovy/project-convention-spotbugs.gradle b/buildSrc/src/main/groovy/project-convention-spotbugs.gradle index cba6f8d2..ca8928aa 100644 --- a/buildSrc/src/main/groovy/project-convention-spotbugs.gradle +++ b/buildSrc/src/main/groovy/project-convention-spotbugs.gradle @@ -1,3 +1,6 @@ +import com.github.spotbugs.snom.Confidence +import com.github.spotbugs.snom.Effort + plugins { id 'com.github.spotbugs' } @@ -13,13 +16,28 @@ dependencies { } spotbugs { - // ignore failures unless all issues are fixed - // find current issues in reports/spotbugs for each library ignoreFailures = true - - showStackTraces = true + showStackTraces = false showProgress = false - effort = "max" - reportLevel = "low" + effort = Effort.MAX + reportLevel = Confidence.valueOf('LOW') +} + +tasks.matching { + it.name == "spotbugsTest" +}.configureEach { + enabled = false +} + +tasks.matching { + it.name == "spotbugsMain" || it.name == "spotbugsRelease" +}.configureEach { + enabled = true + reports.create("html") { + outputLocation = file("${project.rootDir}/build/spotbugs-html/spotbugs-${project.name}.html") + } + reports.create("sarif") { + outputLocation = file("${project.rootDir}/build/spotbugs/spotbugs-${project.name}.sarif") + } }