Hi all,
thanks to Gradle we have now an easy way to run source code analysis tools on our codebase. Tools like PMD and FindBugs generate useful reports containing pointers to code that may need to be improved or fixed. In fact I have executed them on trunk and I got reports with thousands of "rule violations": some of them are probably false positives but others really represent code that can be improved, simplified or, in some cases, fixed. I think that it would be great if this community will work together to fix as many defects as possible: it may lead to a cleaner codebase, may increase the confidence of potential adopters that use these tools to get some insight on our code quality, and may make it easier for new contributors to help the project. So here are the steps to quickly start the process: 1) get a clean checkout of the trunk svn co http://svn.apache.org/repos/asf/ofbiz/trunk 2) edit the build.gradle file to enable the PMD or FindBugs plugins. For PMD you can add the following line to the file, after the other "apply plugin" commands: apply plugin: 'pmd' For FindBugs add the following lines: apply plugin: 'findbugs' tasks.withType(FindBugs) { reports { xml.enabled false html.enabled true } } Apply only pmd or findbugs, not both: the two tools provide different analysis with plenty of defects but the two tools will spot the same ones in most cases, so please choose the tool of your preference and then start fixing the code. 3) run the analysis with the command: ./gradlew check 4) review the report; for PMD the report is: build/reports/pmd/main.html for FindBugs the report is: build/reports/findbugs/main.html 5) fix some bugs and test; then go back to #3 6) create a patch and submit it to Jira, mentioning that it fixes defects reported by PMD/FindBugs Feel free to ask here any question! Jacopo |
Administrator
|
Le 13/12/2016 à 18:35, Jacopo Cappellato a écrit :
> Hi all, > > thanks to Gradle we have now an easy way to run source code analysis tools > on our codebase. > Tools like PMD and FindBugs generate useful reports containing pointers to > code that may need to be improved or fixed. > In fact I have executed them on trunk and I got reports with thousands of > "rule violations": some of them are probably false positives but others > really represent code that can be improved, simplified or, in some cases, > fixed. > > I think that it would be great if this community will work together to fix > as many defects as possible: it may lead to a cleaner codebase, may > increase the confidence of potential adopters that use these tools to get > some insight on our code quality, and may make it easier for new > contributors to help the project. > > So here are the steps to quickly start the process: > > 1) get a clean checkout of the trunk > > svn co http://svn.apache.org/repos/asf/ofbiz/trunk > > 2) edit the build.gradle file to enable the PMD or FindBugs plugins. > For PMD you can add the following line to the file, after the other "apply > plugin" commands: > > apply plugin: 'pmd' > > For FindBugs add the following lines: > > apply plugin: 'findbugs' > tasks.withType(FindBugs) { > reports { > xml.enabled false > html.enabled true > } > } > > Apply only pmd or findbugs, not both: the two tools provide different > analysis with plenty of defects but the two tools will spot the same ones > in most cases, so please choose the tool of your preference and then start > fixing the code. > > 3) run the analysis with the command: > ./gradlew check > > 4) review the report; > for PMD the report is: > build/reports/pmd/main.html > for FindBugs the report is: > build/reports/findbugs/main.html > > 5) fix some bugs and test; then go back to #3 > > 6) create a patch and submit it to Jira, mentioning that it fixes defects > reported by PMD/FindBugs > > Feel free to ask here any question! > > Jacopo > Just as a note I find very useful to run these tools in Eclipse (the FindBug plugin for instance is conveniently integrated). But I rarely find the time to work on the reported issues :/ Jacques |
In reply to this post by Jacopo Cappellato-5
Thank you Jacopo, this is an excellent idea and would substantially improve
our code base. I strongly urge anyone willing to help to speak up or start issuing JIRAs. If anyone needs help in setting up the plugins or has any questions please feel free to discuss them on this ML or HipChat. On Tue, Dec 13, 2016 at 8:35 PM, Jacopo Cappellato < [hidden email]> wrote: > Hi all, > > thanks to Gradle we have now an easy way to run source code analysis tools > on our codebase. > Tools like PMD and FindBugs generate useful reports containing pointers to > code that may need to be improved or fixed. > In fact I have executed them on trunk and I got reports with thousands of > "rule violations": some of them are probably false positives but others > really represent code that can be improved, simplified or, in some cases, > fixed. > > I think that it would be great if this community will work together to fix > as many defects as possible: it may lead to a cleaner codebase, may > increase the confidence of potential adopters that use these tools to get > some insight on our code quality, and may make it easier for new > contributors to help the project. > > So here are the steps to quickly start the process: > > 1) get a clean checkout of the trunk > > svn co http://svn.apache.org/repos/asf/ofbiz/trunk > > 2) edit the build.gradle file to enable the PMD or FindBugs plugins. > For PMD you can add the following line to the file, after the other "apply > plugin" commands: > > apply plugin: 'pmd' > > For FindBugs add the following lines: > > apply plugin: 'findbugs' > tasks.withType(FindBugs) { > reports { > xml.enabled false > html.enabled true > } > } > > Apply only pmd or findbugs, not both: the two tools provide different > analysis with plenty of defects but the two tools will spot the same ones > in most cases, so please choose the tool of your preference and then start > fixing the code. > > 3) run the analysis with the command: > ./gradlew check > > 4) review the report; > for PMD the report is: > build/reports/pmd/main.html > for FindBugs the report is: > build/reports/findbugs/main.html > > 5) fix some bugs and test; then go back to #3 > > 6) create a patch and submit it to Jira, mentioning that it fixes defects > reported by PMD/FindBugs > > Feel free to ask here any question! > > Jacopo > |
In reply to this post by Jacques Le Roux
On Tue, Dec 13, 2016 at 7:57 PM, Jacques Le Roux <
[hidden email]> wrote: > > Just as a note I find very useful to run these tools in Eclipse (the > FindBug plugin for instance is conveniently integrated). But I rarely find > the time to work on the reported issues :/ > > Jacques > Thank you Jacques. Of course leveraging any similar IDE plugin will serve the same purpose, there are plenty of options! I use IntelliJ and it has a very good integrated code inspection tool (which analyzes everything) but it is not a viable option when used to bulk process all the files in OFBiz in one shot: it takes hours. Jacopo |
In reply to this post by taher
Nice, I will try this, thanks for the sharing
Nicolas Le 13/12/2016 à 20:42, Taher Alkhateeb a écrit : > Thank you Jacopo, this is an excellent idea and would substantially improve > our code base. I strongly urge anyone willing to help to speak up or start > issuing JIRAs. If anyone needs help in setting up the plugins or has any > questions please feel free to discuss them on this ML or HipChat. > > On Tue, Dec 13, 2016 at 8:35 PM, Jacopo Cappellato < > [hidden email]> wrote: > >> Hi all, >> >> thanks to Gradle we have now an easy way to run source code analysis tools >> on our codebase. >> Tools like PMD and FindBugs generate useful reports containing pointers to >> code that may need to be improved or fixed. >> In fact I have executed them on trunk and I got reports with thousands of >> "rule violations": some of them are probably false positives but others >> really represent code that can be improved, simplified or, in some cases, >> fixed. >> >> I think that it would be great if this community will work together to fix >> as many defects as possible: it may lead to a cleaner codebase, may >> increase the confidence of potential adopters that use these tools to get >> some insight on our code quality, and may make it easier for new >> contributors to help the project. >> >> So here are the steps to quickly start the process: >> >> 1) get a clean checkout of the trunk >> >> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >> >> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >> For PMD you can add the following line to the file, after the other "apply >> plugin" commands: >> >> apply plugin: 'pmd' >> >> For FindBugs add the following lines: >> >> apply plugin: 'findbugs' >> tasks.withType(FindBugs) { >> reports { >> xml.enabled false >> html.enabled true >> } >> } >> >> Apply only pmd or findbugs, not both: the two tools provide different >> analysis with plenty of defects but the two tools will spot the same ones >> in most cases, so please choose the tool of your preference and then start >> fixing the code. >> >> 3) run the analysis with the command: >> ./gradlew check >> >> 4) review the report; >> for PMD the report is: >> build/reports/pmd/main.html >> for FindBugs the report is: >> build/reports/findbugs/main.html >> >> 5) fix some bugs and test; then go back to #3 >> >> 6) create a patch and submit it to Jira, mentioning that it fixes defects >> reported by PMD/FindBugs >> >> Feel free to ask here any question! >> >> Jacopo >> |
Administrator
|
In reply to this post by Jacopo Cappellato-5
Le 14/12/2016 à 07:32, Jacopo Cappellato a écrit :
> On Tue, Dec 13, 2016 at 7:57 PM, Jacques Le Roux < > [hidden email]> wrote: > >> Just as a note I find very useful to run these tools in Eclipse (the >> FindBug plugin for instance is conveniently integrated). But I rarely find >> the time to work on the reported issues :/ >> >> Jacques >> > Thank you Jacques. Of course leveraging any similar IDE plugin will serve > the same purpose, there are plenty of options! > I use IntelliJ and it has a very good integrated code inspection tool > (which analyzes everything) but it is not a viable option when used to bulk > process all the files in OFBiz in one shot: it takes hours. > > Jacopo > Jacques |
In reply to this post by Jacopo Cappellato-5
Hi all,
just wanted to bring this back in mind in case there are people interested in helping out with this. Every support is well appreciated, thank you! Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: > Hi all, > > thanks to Gradle we have now an easy way to run source code analysis tools > on our codebase. > Tools like PMD and FindBugs generate useful reports containing pointers to > code that may need to be improved or fixed. > In fact I have executed them on trunk and I got reports with thousands of > "rule violations": some of them are probably false positives but others > really represent code that can be improved, simplified or, in some cases, > fixed. > > I think that it would be great if this community will work together to fix > as many defects as possible: it may lead to a cleaner codebase, may > increase the confidence of potential adopters that use these tools to get > some insight on our code quality, and may make it easier for new > contributors to help the project. > > So here are the steps to quickly start the process: > > 1) get a clean checkout of the trunk > > svn co http://svn.apache.org/repos/asf/ofbiz/trunk > > 2) edit the build.gradle file to enable the PMD or FindBugs plugins. > For PMD you can add the following line to the file, after the other "apply > plugin" commands: > > apply plugin: 'pmd' > > For FindBugs add the following lines: > > apply plugin: 'findbugs' > tasks.withType(FindBugs) { > reports { > xml.enabled false > html.enabled true > } > } > > Apply only pmd or findbugs, not both: the two tools provide different > analysis with plenty of defects but the two tools will spot the same ones > in most cases, so please choose the tool of your preference and then start > fixing the code. > > 3) run the analysis with the command: > ./gradlew check > > 4) review the report; > for PMD the report is: > build/reports/pmd/main.html > for FindBugs the report is: > build/reports/findbugs/main.html > > 5) fix some bugs and test; then go back to #3 > > 6) create a patch and submit it to Jira, mentioning that it fixes defects > reported by PMD/FindBugs > > Feel free to ask here any question! > > Jacopo > smime.p7s (5K) Download Attachment |
Hi everyone,
we started the first activities in Jira [1]. We have set up an OFBiz build on our Jenkins server who automatically does a FindBugs code analysis after each commit I'm thinking about publishing the results on a web server. This should help to engage contributors to work on the bugs without the need to do the analysis themselves (quick jump in). Are there any objections to do this? Do we have a webspace for this which I can use or would it be appropriate to publish results on one of our servers? There are even projects which publish the metrics on their website [2]. Best regards, Michael Brohl ecomify GmbH www.ecomify.de [1] https://issues.apache.org/jira/browse/OFBIZ-9450 [2] http://db.apache.org/torque/torque-3.3/releases/torque-3.3/generator/maven-reports.html Am 29.06.17 um 12:16 schrieb Michael Brohl: > Hi all, > > just wanted to bring this back in mind in case there are people > interested in helping out with this. > > Every support is well appreciated, thank you! > > Regards, > > Michael Brohl > ecomify GmbH > www.ecomify.de > > > Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >> Hi all, >> >> thanks to Gradle we have now an easy way to run source code analysis >> tools >> on our codebase. >> Tools like PMD and FindBugs generate useful reports containing >> pointers to >> code that may need to be improved or fixed. >> In fact I have executed them on trunk and I got reports with >> thousands of >> "rule violations": some of them are probably false positives but others >> really represent code that can be improved, simplified or, in some >> cases, >> fixed. >> >> I think that it would be great if this community will work together >> to fix >> as many defects as possible: it may lead to a cleaner codebase, may >> increase the confidence of potential adopters that use these tools to >> get >> some insight on our code quality, and may make it easier for new >> contributors to help the project. >> >> So here are the steps to quickly start the process: >> >> 1) get a clean checkout of the trunk >> >> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >> >> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >> For PMD you can add the following line to the file, after the other >> "apply >> plugin" commands: >> >> apply plugin: 'pmd' >> >> For FindBugs add the following lines: >> >> apply plugin: 'findbugs' >> tasks.withType(FindBugs) { >> reports { >> xml.enabled false >> html.enabled true >> } >> } >> >> Apply only pmd or findbugs, not both: the two tools provide different >> analysis with plenty of defects but the two tools will spot the same >> ones >> in most cases, so please choose the tool of your preference and then >> start >> fixing the code. >> >> 3) run the analysis with the command: >> ./gradlew check >> >> 4) review the report; >> for PMD the report is: >> build/reports/pmd/main.html >> for FindBugs the report is: >> build/reports/findbugs/main.html >> >> 5) fix some bugs and test; then go back to #3 >> >> 6) create a patch and submit it to Jira, mentioning that it fixes >> defects >> reported by PMD/FindBugs >> >> Feel free to ask here any question! >> >> Jacopo >> > > smime.p7s (5K) Download Attachment |
Fantastic initiative Michael, +1
I think a simple attachment in jira or a wiki page will suffice. A one-time scan would provide more than enough information for everyone who needs to work on stuff. We can run it again in the future when enough bugs have been tackled. On Fri, Jul 7, 2017 at 1:43 PM, Michael Brohl <[hidden email]> wrote: > Hi everyone, > > we started the first activities in Jira [1]. > > We have set up an OFBiz build on our Jenkins server who automatically does a > FindBugs code analysis after each commit > > I'm thinking about publishing the results on a web server. This should help > to engage contributors to work on the bugs without the need to do the > analysis themselves (quick jump in). > > Are there any objections to do this? > > Do we have a webspace for this which I can use or would it be appropriate to > publish results on one of our servers? > > There are even projects which publish the metrics on their website [2]. > > Best regards, > > Michael Brohl > ecomify GmbH > www.ecomify.de > > [1] https://issues.apache.org/jira/browse/OFBIZ-9450 > > [2] > http://db.apache.org/torque/torque-3.3/releases/torque-3.3/generator/maven-reports.html > > > Am 29.06.17 um 12:16 schrieb Michael Brohl: > >> Hi all, >> >> just wanted to bring this back in mind in case there are people interested >> in helping out with this. >> >> Every support is well appreciated, thank you! >> >> Regards, >> >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> >> Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >>> >>> Hi all, >>> >>> thanks to Gradle we have now an easy way to run source code analysis >>> tools >>> on our codebase. >>> Tools like PMD and FindBugs generate useful reports containing pointers >>> to >>> code that may need to be improved or fixed. >>> In fact I have executed them on trunk and I got reports with thousands of >>> "rule violations": some of them are probably false positives but others >>> really represent code that can be improved, simplified or, in some cases, >>> fixed. >>> >>> I think that it would be great if this community will work together to >>> fix >>> as many defects as possible: it may lead to a cleaner codebase, may >>> increase the confidence of potential adopters that use these tools to get >>> some insight on our code quality, and may make it easier for new >>> contributors to help the project. >>> >>> So here are the steps to quickly start the process: >>> >>> 1) get a clean checkout of the trunk >>> >>> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >>> >>> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >>> For PMD you can add the following line to the file, after the other >>> "apply >>> plugin" commands: >>> >>> apply plugin: 'pmd' >>> >>> For FindBugs add the following lines: >>> >>> apply plugin: 'findbugs' >>> tasks.withType(FindBugs) { >>> reports { >>> xml.enabled false >>> html.enabled true >>> } >>> } >>> >>> Apply only pmd or findbugs, not both: the two tools provide different >>> analysis with plenty of defects but the two tools will spot the same ones >>> in most cases, so please choose the tool of your preference and then >>> start >>> fixing the code. >>> >>> 3) run the analysis with the command: >>> ./gradlew check >>> >>> 4) review the report; >>> for PMD the report is: >>> build/reports/pmd/main.html >>> for FindBugs the report is: >>> build/reports/findbugs/main.html >>> >>> 5) fix some bugs and test; then go back to #3 >>> >>> 6) create a patch and submit it to Jira, mentioning that it fixes defects >>> reported by PMD/FindBugs >>> >>> Feel free to ask here any question! >>> >>> Jacopo >>> >> >> > > |
Administrator
|
I agree with Michael at OFBIZ-9450 that having "the results available to the public so that the community can always access the latest bug
statistics." should reduce duplicated efforts. If we can produce the report in HTML format, then we can create a page in wiki and include the report in this page from any URL. I guess any URL will fit, else if we need more security (should not be needed, only authenticated authors can change a wiki page) we can have it in the svn repo or a Jira link, etc. Jacques Le 07/07/2017 à 12:47, Taher Alkhateeb a écrit : > Fantastic initiative Michael, +1 > > I think a simple attachment in jira or a wiki page will suffice. A > one-time scan would provide more than enough information for everyone > who needs to work on stuff. We can run it again in the future when > enough bugs have been tackled. > > On Fri, Jul 7, 2017 at 1:43 PM, Michael Brohl <[hidden email]> wrote: >> Hi everyone, >> >> we started the first activities in Jira [1]. >> >> We have set up an OFBiz build on our Jenkins server who automatically does a >> FindBugs code analysis after each commit >> >> I'm thinking about publishing the results on a web server. This should help >> to engage contributors to work on the bugs without the need to do the >> analysis themselves (quick jump in). >> >> Are there any objections to do this? >> >> Do we have a webspace for this which I can use or would it be appropriate to >> publish results on one of our servers? >> >> There are even projects which publish the metrics on their website [2]. >> >> Best regards, >> >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> [1] https://issues.apache.org/jira/browse/OFBIZ-9450 >> >> [2] >> http://db.apache.org/torque/torque-3.3/releases/torque-3.3/generator/maven-reports.html >> >> >> Am 29.06.17 um 12:16 schrieb Michael Brohl: >> >>> Hi all, >>> >>> just wanted to bring this back in mind in case there are people interested >>> in helping out with this. >>> >>> Every support is well appreciated, thank you! >>> >>> Regards, >>> >>> Michael Brohl >>> ecomify GmbH >>> www.ecomify.de >>> >>> >>> Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >>>> Hi all, >>>> >>>> thanks to Gradle we have now an easy way to run source code analysis >>>> tools >>>> on our codebase. >>>> Tools like PMD and FindBugs generate useful reports containing pointers >>>> to >>>> code that may need to be improved or fixed. >>>> In fact I have executed them on trunk and I got reports with thousands of >>>> "rule violations": some of them are probably false positives but others >>>> really represent code that can be improved, simplified or, in some cases, >>>> fixed. >>>> >>>> I think that it would be great if this community will work together to >>>> fix >>>> as many defects as possible: it may lead to a cleaner codebase, may >>>> increase the confidence of potential adopters that use these tools to get >>>> some insight on our code quality, and may make it easier for new >>>> contributors to help the project. >>>> >>>> So here are the steps to quickly start the process: >>>> >>>> 1) get a clean checkout of the trunk >>>> >>>> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >>>> >>>> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >>>> For PMD you can add the following line to the file, after the other >>>> "apply >>>> plugin" commands: >>>> >>>> apply plugin: 'pmd' >>>> >>>> For FindBugs add the following lines: >>>> >>>> apply plugin: 'findbugs' >>>> tasks.withType(FindBugs) { >>>> reports { >>>> xml.enabled false >>>> html.enabled true >>>> } >>>> } >>>> >>>> Apply only pmd or findbugs, not both: the two tools provide different >>>> analysis with plenty of defects but the two tools will spot the same ones >>>> in most cases, so please choose the tool of your preference and then >>>> start >>>> fixing the code. >>>> >>>> 3) run the analysis with the command: >>>> ./gradlew check >>>> >>>> 4) review the report; >>>> for PMD the report is: >>>> build/reports/pmd/main.html >>>> for FindBugs the report is: >>>> build/reports/findbugs/main.html >>>> >>>> 5) fix some bugs and test; then go back to #3 >>>> >>>> 6) create a patch and submit it to Jira, mentioning that it fixes defects >>>> reported by PMD/FindBugs >>>> >>>> Feel free to ask here any question! >>>> >>>> Jacopo >>>> >>> >> |
Avoiding duplicate errors should be managed through Jira. If someone
wants to work on a class or package, he should file a Jira first so that everyone can see that this is being worked on. The Jenkins FindBugs plugin/publisher has a very good output with different filters and bug classification while the standard FindBugs html report is usable but far from clear. The advantage is that it is only one html file. Michael Brohl ecomify GmbH www.ecomify.de Am 07.07.17 um 14:14 schrieb Jacques Le Roux: > I agree with Michael at OFBIZ-9450 that having "the results available > to the public so that the community can always access the latest bug > statistics." should reduce duplicated efforts. > > If we can produce the report in HTML format, then we can create a page > in wiki and include the report in this page from any URL. I guess any > URL will fit, else if we need more security (should not be needed, > only authenticated authors can change a wiki page) we can have it in > the svn repo or a Jira link, etc. > > Jacques > > > Le 07/07/2017 à 12:47, Taher Alkhateeb a écrit : >> Fantastic initiative Michael, +1 >> >> I think a simple attachment in jira or a wiki page will suffice. A >> one-time scan would provide more than enough information for everyone >> who needs to work on stuff. We can run it again in the future when >> enough bugs have been tackled. >> >> On Fri, Jul 7, 2017 at 1:43 PM, Michael Brohl >> <[hidden email]> wrote: >>> Hi everyone, >>> >>> we started the first activities in Jira [1]. >>> >>> We have set up an OFBiz build on our Jenkins server who >>> automatically does a >>> FindBugs code analysis after each commit >>> >>> I'm thinking about publishing the results on a web server. This >>> should help >>> to engage contributors to work on the bugs without the need to do the >>> analysis themselves (quick jump in). >>> >>> Are there any objections to do this? >>> >>> Do we have a webspace for this which I can use or would it be >>> appropriate to >>> publish results on one of our servers? >>> >>> There are even projects which publish the metrics on their website [2]. >>> >>> Best regards, >>> >>> Michael Brohl >>> ecomify GmbH >>> www.ecomify.de >>> >>> [1] https://issues.apache.org/jira/browse/OFBIZ-9450 >>> >>> [2] >>> http://db.apache.org/torque/torque-3.3/releases/torque-3.3/generator/maven-reports.html >>> >>> >>> >>> Am 29.06.17 um 12:16 schrieb Michael Brohl: >>> >>>> Hi all, >>>> >>>> just wanted to bring this back in mind in case there are people >>>> interested >>>> in helping out with this. >>>> >>>> Every support is well appreciated, thank you! >>>> >>>> Regards, >>>> >>>> Michael Brohl >>>> ecomify GmbH >>>> www.ecomify.de >>>> >>>> >>>> Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >>>>> Hi all, >>>>> >>>>> thanks to Gradle we have now an easy way to run source code analysis >>>>> tools >>>>> on our codebase. >>>>> Tools like PMD and FindBugs generate useful reports containing >>>>> pointers >>>>> to >>>>> code that may need to be improved or fixed. >>>>> In fact I have executed them on trunk and I got reports with >>>>> thousands of >>>>> "rule violations": some of them are probably false positives but >>>>> others >>>>> really represent code that can be improved, simplified or, in some >>>>> cases, >>>>> fixed. >>>>> >>>>> I think that it would be great if this community will work >>>>> together to >>>>> fix >>>>> as many defects as possible: it may lead to a cleaner codebase, may >>>>> increase the confidence of potential adopters that use these tools >>>>> to get >>>>> some insight on our code quality, and may make it easier for new >>>>> contributors to help the project. >>>>> >>>>> So here are the steps to quickly start the process: >>>>> >>>>> 1) get a clean checkout of the trunk >>>>> >>>>> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >>>>> >>>>> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >>>>> For PMD you can add the following line to the file, after the other >>>>> "apply >>>>> plugin" commands: >>>>> >>>>> apply plugin: 'pmd' >>>>> >>>>> For FindBugs add the following lines: >>>>> >>>>> apply plugin: 'findbugs' >>>>> tasks.withType(FindBugs) { >>>>> reports { >>>>> xml.enabled false >>>>> html.enabled true >>>>> } >>>>> } >>>>> >>>>> Apply only pmd or findbugs, not both: the two tools provide different >>>>> analysis with plenty of defects but the two tools will spot the >>>>> same ones >>>>> in most cases, so please choose the tool of your preference and then >>>>> start >>>>> fixing the code. >>>>> >>>>> 3) run the analysis with the command: >>>>> ./gradlew check >>>>> >>>>> 4) review the report; >>>>> for PMD the report is: >>>>> build/reports/pmd/main.html >>>>> for FindBugs the report is: >>>>> build/reports/findbugs/main.html >>>>> >>>>> 5) fix some bugs and test; then go back to #3 >>>>> >>>>> 6) create a patch and submit it to Jira, mentioning that it fixes >>>>> defects >>>>> reported by PMD/FindBugs >>>>> >>>>> Feel free to ask here any question! >>>>> >>>>> Jacopo >>>>> >>>> >>> > smime.p7s (5K) Download Attachment |
Administrator
|
Le 07/07/2017 à 15:12, Michael Brohl a écrit :
> Avoiding duplicate errors should be managed through Jira. If someone wants to work on a class or package, he should file a Jira first so that > everyone can see that this is being worked on. Agreed, having one wiki page as reference could also help > The Jenkins FindBugs plugin/publisher has a very good output with different filters and bug classification while the standard FindBugs html report > is usable but far from clear. The advantage is that it is only one html file. Then we can create a wiki page an include it in, right? Jacques > > Michael Brohl > ecomify GmbH > www.ecomify.de > > > Am 07.07.17 um 14:14 schrieb Jacques Le Roux: >> I agree with Michael at OFBIZ-9450 that having "the results available to the public so that the community can always access the latest bug >> statistics." should reduce duplicated efforts. >> >> If we can produce the report in HTML format, then we can create a page in wiki and include the report in this page from any URL. I guess any URL >> will fit, else if we need more security (should not be needed, only authenticated authors can change a wiki page) we can have it in the svn repo or >> a Jira link, etc. >> >> Jacques >> >> >> Le 07/07/2017 à 12:47, Taher Alkhateeb a écrit : >>> Fantastic initiative Michael, +1 >>> >>> I think a simple attachment in jira or a wiki page will suffice. A >>> one-time scan would provide more than enough information for everyone >>> who needs to work on stuff. We can run it again in the future when >>> enough bugs have been tackled. >>> >>> On Fri, Jul 7, 2017 at 1:43 PM, Michael Brohl <[hidden email]> wrote: >>>> Hi everyone, >>>> >>>> we started the first activities in Jira [1]. >>>> >>>> We have set up an OFBiz build on our Jenkins server who automatically does a >>>> FindBugs code analysis after each commit >>>> >>>> I'm thinking about publishing the results on a web server. This should help >>>> to engage contributors to work on the bugs without the need to do the >>>> analysis themselves (quick jump in). >>>> >>>> Are there any objections to do this? >>>> >>>> Do we have a webspace for this which I can use or would it be appropriate to >>>> publish results on one of our servers? >>>> >>>> There are even projects which publish the metrics on their website [2]. >>>> >>>> Best regards, >>>> >>>> Michael Brohl >>>> ecomify GmbH >>>> www.ecomify.de >>>> >>>> [1] https://issues.apache.org/jira/browse/OFBIZ-9450 >>>> >>>> [2] >>>> http://db.apache.org/torque/torque-3.3/releases/torque-3.3/generator/maven-reports.html >>>> >>>> >>>> Am 29.06.17 um 12:16 schrieb Michael Brohl: >>>> >>>>> Hi all, >>>>> >>>>> just wanted to bring this back in mind in case there are people interested >>>>> in helping out with this. >>>>> >>>>> Every support is well appreciated, thank you! >>>>> >>>>> Regards, >>>>> >>>>> Michael Brohl >>>>> ecomify GmbH >>>>> www.ecomify.de >>>>> >>>>> >>>>> Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >>>>>> Hi all, >>>>>> >>>>>> thanks to Gradle we have now an easy way to run source code analysis >>>>>> tools >>>>>> on our codebase. >>>>>> Tools like PMD and FindBugs generate useful reports containing pointers >>>>>> to >>>>>> code that may need to be improved or fixed. >>>>>> In fact I have executed them on trunk and I got reports with thousands of >>>>>> "rule violations": some of them are probably false positives but others >>>>>> really represent code that can be improved, simplified or, in some cases, >>>>>> fixed. >>>>>> >>>>>> I think that it would be great if this community will work together to >>>>>> fix >>>>>> as many defects as possible: it may lead to a cleaner codebase, may >>>>>> increase the confidence of potential adopters that use these tools to get >>>>>> some insight on our code quality, and may make it easier for new >>>>>> contributors to help the project. >>>>>> >>>>>> So here are the steps to quickly start the process: >>>>>> >>>>>> 1) get a clean checkout of the trunk >>>>>> >>>>>> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >>>>>> >>>>>> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >>>>>> For PMD you can add the following line to the file, after the other >>>>>> "apply >>>>>> plugin" commands: >>>>>> >>>>>> apply plugin: 'pmd' >>>>>> >>>>>> For FindBugs add the following lines: >>>>>> >>>>>> apply plugin: 'findbugs' >>>>>> tasks.withType(FindBugs) { >>>>>> reports { >>>>>> xml.enabled false >>>>>> html.enabled true >>>>>> } >>>>>> } >>>>>> >>>>>> Apply only pmd or findbugs, not both: the two tools provide different >>>>>> analysis with plenty of defects but the two tools will spot the same ones >>>>>> in most cases, so please choose the tool of your preference and then >>>>>> start >>>>>> fixing the code. >>>>>> >>>>>> 3) run the analysis with the command: >>>>>> ./gradlew check >>>>>> >>>>>> 4) review the report; >>>>>> for PMD the report is: >>>>>> build/reports/pmd/main.html >>>>>> for FindBugs the report is: >>>>>> build/reports/findbugs/main.html >>>>>> >>>>>> 5) fix some bugs and test; then go back to #3 >>>>>> >>>>>> 6) create a patch and submit it to Jira, mentioning that it fixes defects >>>>>> reported by PMD/FindBugs >>>>>> >>>>>> Feel free to ask here any question! >>>>>> >>>>>> Jacopo >>>>>> >>>>> >>>> >> > > |
+1 nice initiative Michael!!
Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com www.hotwax.co On Fri, Jul 7, 2017 at 7:05 PM, Jacques Le Roux < [hidden email]> wrote: > Le 07/07/2017 à 15:12, Michael Brohl a écrit : > >> Avoiding duplicate errors should be managed through Jira. If someone >> wants to work on a class or package, he should file a Jira first so that >> everyone can see that this is being worked on. >> > Agreed, having one wiki page as reference could also help > >> The Jenkins FindBugs plugin/publisher has a very good output with >> different filters and bug classification while the standard FindBugs html >> report is usable but far from clear. The advantage is that it is only one >> html file. >> > Then we can create a wiki page an include it in, right? > > Jacques > > >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> >> Am 07.07.17 um 14:14 schrieb Jacques Le Roux: >> >>> I agree with Michael at OFBIZ-9450 that having "the results available >>> to the public so that the community can always access the latest bug >>> statistics." should reduce duplicated efforts. >>> >>> If we can produce the report in HTML format, then we can create a page >>> in wiki and include the report in this page from any URL. I guess any URL >>> will fit, else if we need more security (should not be needed, only >>> authenticated authors can change a wiki page) we can have it in the svn >>> repo or a Jira link, etc. >>> >>> Jacques >>> >>> >>> Le 07/07/2017 à 12:47, Taher Alkhateeb a écrit : >>> >>>> Fantastic initiative Michael, +1 >>>> >>>> I think a simple attachment in jira or a wiki page will suffice. A >>>> one-time scan would provide more than enough information for everyone >>>> who needs to work on stuff. We can run it again in the future when >>>> enough bugs have been tackled. >>>> >>>> On Fri, Jul 7, 2017 at 1:43 PM, Michael Brohl <[hidden email]> >>>> wrote: >>>> >>>>> Hi everyone, >>>>> >>>>> we started the first activities in Jira [1]. >>>>> >>>>> We have set up an OFBiz build on our Jenkins server who automatically >>>>> does a >>>>> FindBugs code analysis after each commit >>>>> >>>>> I'm thinking about publishing the results on a web server. This should >>>>> help >>>>> to engage contributors to work on the bugs without the need to do the >>>>> analysis themselves (quick jump in). >>>>> >>>>> Are there any objections to do this? >>>>> >>>>> Do we have a webspace for this which I can use or would it be >>>>> appropriate to >>>>> publish results on one of our servers? >>>>> >>>>> There are even projects which publish the metrics on their website [2]. >>>>> >>>>> Best regards, >>>>> >>>>> Michael Brohl >>>>> ecomify GmbH >>>>> www.ecomify.de >>>>> >>>>> [1] https://issues.apache.org/jira/browse/OFBIZ-9450 >>>>> >>>>> [2] >>>>> http://db.apache.org/torque/torque-3.3/releases/torque-3.3/ >>>>> generator/maven-reports.html >>>>> >>>>> >>>>> Am 29.06.17 um 12:16 schrieb Michael Brohl: >>>>> >>>>> Hi all, >>>>>> >>>>>> just wanted to bring this back in mind in case there are people >>>>>> interested >>>>>> in helping out with this. >>>>>> >>>>>> Every support is well appreciated, thank you! >>>>>> >>>>>> Regards, >>>>>> >>>>>> Michael Brohl >>>>>> ecomify GmbH >>>>>> www.ecomify.de >>>>>> >>>>>> >>>>>> Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> thanks to Gradle we have now an easy way to run source code analysis >>>>>>> tools >>>>>>> on our codebase. >>>>>>> Tools like PMD and FindBugs generate useful reports containing >>>>>>> pointers >>>>>>> to >>>>>>> code that may need to be improved or fixed. >>>>>>> In fact I have executed them on trunk and I got reports with >>>>>>> thousands of >>>>>>> "rule violations": some of them are probably false positives but >>>>>>> others >>>>>>> really represent code that can be improved, simplified or, in some >>>>>>> cases, >>>>>>> fixed. >>>>>>> >>>>>>> I think that it would be great if this community will work together >>>>>>> to >>>>>>> fix >>>>>>> as many defects as possible: it may lead to a cleaner codebase, may >>>>>>> increase the confidence of potential adopters that use these tools >>>>>>> to get >>>>>>> some insight on our code quality, and may make it easier for new >>>>>>> contributors to help the project. >>>>>>> >>>>>>> So here are the steps to quickly start the process: >>>>>>> >>>>>>> 1) get a clean checkout of the trunk >>>>>>> >>>>>>> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >>>>>>> >>>>>>> 2) edit the build.gradle file to enable the PMD or FindBugs plugins. >>>>>>> For PMD you can add the following line to the file, after the other >>>>>>> "apply >>>>>>> plugin" commands: >>>>>>> >>>>>>> apply plugin: 'pmd' >>>>>>> >>>>>>> For FindBugs add the following lines: >>>>>>> >>>>>>> apply plugin: 'findbugs' >>>>>>> tasks.withType(FindBugs) { >>>>>>> reports { >>>>>>> xml.enabled false >>>>>>> html.enabled true >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Apply only pmd or findbugs, not both: the two tools provide different >>>>>>> analysis with plenty of defects but the two tools will spot the same >>>>>>> ones >>>>>>> in most cases, so please choose the tool of your preference and then >>>>>>> start >>>>>>> fixing the code. >>>>>>> >>>>>>> 3) run the analysis with the command: >>>>>>> ./gradlew check >>>>>>> >>>>>>> 4) review the report; >>>>>>> for PMD the report is: >>>>>>> build/reports/pmd/main.html >>>>>>> for FindBugs the report is: >>>>>>> build/reports/findbugs/main.html >>>>>>> >>>>>>> 5) fix some bugs and test; then go back to #3 >>>>>>> >>>>>>> 6) create a patch and submit it to Jira, mentioning that it fixes >>>>>>> defects >>>>>>> reported by PMD/FindBugs >>>>>>> >>>>>>> Feel free to ask here any question! >>>>>>> >>>>>>> Jacopo >>>>>>> >>>>>>> >>>>>> >>>>> >>> >> >> > |
Free forum by Nabble | Edit this page |