Skip to content

A plugin which comments the found bugs (by static code analyzer) to your merge request

License

Notifications You must be signed in to change notification settings

ezienecker/static-code-review-plugin

Repository files navigation

Static Code Review Plugin

License
Build Status
Maven Central

This plugin asks within a merge request for the changed files and analyzes the code with the help of static code analyzer (currently SpotBugs and Detekt but more are planned). The found bugs are then commented to the corresponding code location.

Usage

Add the following to your pom.xml

<build>
    <plugins>
        <plugin>
            <groupId>de.manuzid</groupId>
            <artifactId>static-code-review-plugin</artifactId>
            <version>2.0.0</version>
            <executions>
                <execution>
                    <phase>verify</phase>
                    <goals>
                        <goal>report</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

Execute the following command to run the plugin

mvn verify -DprojectId=$CI_PROJECT_ID  \
    -DmergeRequestIid=$CI_MERGE_REQUEST_IID  \
    -Dauth.token=$GITLAB_AUTH_TOKEN

To exclude analyzer use the exclusion tag

<plugin>
    <groupId>de.manuzid</groupId>
    <artifactId>static-code-review-plugin</artifactId>
    <version>2.0.0</version>
    <configuration>
        <exclusions>
            <exclusion>spotbugs</exclusion>
        </exclusions>
    </configuration>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>report-detekt</goal>
            </goals>
        </execution>
    </executions>
</plugin>

Configuration

Required

Property Default Description

gitUrl

If GitHub is activated: https://api.github.com, otherwise https://gitlab.com/

The URL of the GitLab server

One of the two must be given, either the projectId or repository This depends on whether GitLab or GitHub is selected as the Git server. GitLab needs the projectId and GitHub the repository name.

projectId

None

The project in the form of an Integer(ID) or String(path)

repository

None

Is a combination of owner und repository. Owner is the account owner of the repository. The name is not case-sensitive. Repository is the name of the repository. The name is not case-sensitive.

mergeRequestIid

None

The internal ID of the merge request

static-code-review.skip

false

If true, execution will be skipped entirely.

isGitHub

false

If false then GitLab is selected as the Git server, otherwise GitHub is the Git server.

One of the two must be given, either the auth.token or the basic auth (auth.username & auth.password). Note that none of them must be protected, otherwise they cannot be read by the plugin.

auth.token

None

The private token to use for access to the GitLab API

auth.username

None

The username for basic auth with the GitLab server.

auth.password

None

The password for basic auth with the GitLab server.

Optional

Property Default Description

proxy.serverAddress

None

The URI of the proxy server.

proxy.username

None

The username for basic auth with the proxy server.

proxy.password

None

The password for basic auth with the proxy server.

applicationSources

src/main/java

Application/Library sources.

exclusions

empty list

A list of strings containing the analyzers to be excluded.

exclusion

None

Analyzer that should be excluded. Valid values: spotbugs, detekt

SpotBugs Settings

compiledClasses

classes

Compiled Application/Library sources.

priorityThresholdLevel

3

It specifies the confidence/priority threshold for reporting issues. 1 = High, 2 = Normal, 3 = Low, 4 = Ignored, 5 = Experimental.

Goal

Report

Used to run static code review plugin

Hints

  • Configuration Output

To be able to check at runtime how the plugin is configured, you need to run the maven command with debug output (-X).

mvn verify -X -DprojectId=$CI_PROJECT_ID  \
    -DmergeRequestIid=$CI_MERGE_REQUEST_IID  \
    -Dauth.token=$GITLAB_AUTH_TOKEN

Then look for the following line [DEBUG] Configuring mojo 'de.manuzid:static-code-review-plugin and you should see the following output.

[DEBUG] Configuring mojo 'de.manuzid:static-code-review-plugin:1.1.0:report-detekt' with basic configurator -->
[DEBUG]   (f) applicationSourcePath = src/main/kotlin
[DEBUG]   (f) authToken = <api-token>
[DEBUG]   (f) compiledClassPath = classes
[DEBUG]   (f) exclusions = [detekt]
[DEBUG]   (f) gitUrl = https://gitlab.com/
[DEBUG]   (f) mergeRequestIid = 1
[DEBUG]   (f) project = MavenProject: de.manuzid:static-code-review-plugin-sample-kotlin:1.0.0 @ /Users/manuzid/public-projects/static-code-review-plugin-sample/static-code-review-plugin-sample-kotlin/pom.xml
[DEBUG]   (f) projectId = 17068115
[DEBUG]   (f) skip = false
[DEBUG] -- end configuration --
  • Detekt Configuration

In order to resolve the path to the file to be commented on correctly, it is mandatory that the applicationSources is specified when analyzing Kotlin files.

Releasing

Creating a new release involves the following steps:

  1. ./mvnw gitflow:release-start gitflow:release-finish

  2. git push origin master

  3. git push --tags

  4. git push origin develop

About

A plugin which comments the found bugs (by static code analyzer) to your merge request

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages