Merge pull request #66 from BorderTech/latest-qa

Latest qa

Author: jonathanaustin

CHANGELOG.md

@@ -0,0 +1,78 @@
+# Change log
+
+## Release in-progress
+* Add quick-build profile that skips tests and QA checks #63
+* Change OWASP checker to fail on Critical (Level 9-10) issues and check for updates every 12 hours #60
+* Update dependencies and plugin versions.
+* Update bt-checkstyle.xml to include latest checks from checkstyle's sun_check.xml.
+* Plugin configuration is only done via user properties which is easier for projects to override #59
+
+## 1.0.15
+* Refactor README #52
+* Update plugin versions #54
+
+## 1.0.14
+* Update README.
+* Latest checkstyle and pmd.
+
+## 1.0.13
+* Remove redundant ${bt.plugin.xxxx} properties. Use plugin user properties instead.
+* Update QA override details in README.
+* Update bt-checkstyle.xml to include the latest checkstyle sun-check.xml changes.
+* Delete bt-spotbugs-exclude-filter.xml as projects should handle their own excludes.
+* Introduce ${bt.version} properties for dependency versions.
+* Introduce maven version checker to display updates for project dependencies.
+* Move enforce dependency convergence to qa-parent
+
+## 1.0.12
+* Updated plugin versions.
+* Enhance vulnerability checking.
+* Minor fixes to README.
+
+## 1.0.11
+* Update OWASP properties.
+
+## 1.0.10
+* Include dependency convergence check in the maven enforcer plugin.
+
+## 1.0.9
+* Fix Jacoco Coverage Report.
+
+## 1.0.8
+* Latest rules and versions of checkstyle, pmd and spotbugs (formerly findbugs).
+* Removed wc.qa.skip property to only use bt.qa.skip.
+* Removed surefire.version property as use plugin inheritance for version.
+* Upgrade to junit 5.
+
+## 1.0.7
+* Update version of dependency-check-maven and change default config.
+* Remove site generation.
+
+## 1.0.6
+* Added properties to manage non-java analysers in the dependency check plugin (see wiki).
+* Turned off the following analysers (in default configuration):
+  * nsp analyzer;
+  * nuspec analyzer;
+  * swift package manager analyzer; and
+  * assembly analyzer.
+* Incremented version of dependency-check-maven to 3.3.2.
+
+## 1.0.5
+* Added support for OWASP dependency checker using dependency-check-maven.
+
+## 1.0.4
+* Update README.
+* Added bt.qa.skip property.
+* Fix badger version.
+
+## 1.0.3
+* Added qa-parent.
+
+## 1.0.2
+* Generate javadoc and sources in release.
+
+## 1.0.1
+* Surefire version property.
+
+## 1.0.0
+* Initial version

build-tools/src/main/resources/bordertech/bt-checkstyle.xml

@@ -1,9 +1,9 @@
 <?xml version="1.0"?>
 <!DOCTYPE module PUBLIC
-		"-//Puppy Crawl//DTD Check Configuration 1.3//EN"
-		"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
+		"-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+		"https://checkstyle.org/dtds/configuration_1_3.dtd">
 
-<!-- Based on sun_checks.xml (V8.2) -->
+<!-- Based on sun_checks.xml (V8.30) -->
 
 <!--
   Checkstyle configuration that checks the sun coding conventions from:
@@ -15,9 +15,10 @@
 	- the JDK Api documentation https://docs.oracle.com/en/java/javase/11/
 	- some best practices
   Checkstyle is very configurable. Be sure to read the documentation at
-  http://checkstyle.sourceforge.net (or in your downloaded distribution).
+  https://checkstyle.org (or in your downloaded distribution).
   Most Checks are configurable, be sure to consult the documentation.
   To completely disable a check, just comment it out or delete it from the file.
+  To suppress certain violations please review suppression filters.
   Finally, it is worth reading the documentation.
 -->
 
@@ -28,12 +29,13 @@
 		https://checkstyle.org/5.x/config.html#Checker
 		<property name="basedir" value="${basedir}"/>
 	-->
+	<property name="severity" value="error"/>
 
-
-	<!-- BorderTech Filter out Checkstyle warnings that have been suppressed with the @SuppressWarnings annotation -->
+	<!-- BorderTech: Filter out Checkstyle warnings that have been suppressed with the @SuppressWarnings annotation. -->
+	<!-- SuppressWarningsFilter and SuppressWarningsHolder have to be used together. -->
 	<module name="SuppressWarningsFilter" />
 
-	<!-- BorderTech
+	<!-- BorderTech: only check java files
 		<property name="fileExtensions" value="java, properties, xml"/>
 	-->
 	<property name="fileExtensions" value="java"/>
@@ -44,118 +46,133 @@
 		<property name="fileNamePattern" value="module\-info\.java$"/>
 	</module>
 
+	<!-- https://checkstyle.org/config_filters.html#SuppressionFilter -->
+	<module name="SuppressionFilter">
+		<property name="file" value="${org.checkstyle.sun.suppressionfilter.config}"
+				  default="checkstyle-suppressions.xml" />
+		<property name="optional" value="true"/>
+	</module>
+
 	<!-- Checks that a package-info.java file exists for each package.     -->
-	<!-- See http://checkstyle.sourceforge.net/config_javadoc.html#JavadocPackage -->
+	<!-- See https://checkstyle.org/config_javadoc.html#JavadocPackage -->
 	<module name="JavadocPackage"/>
 
 	<!-- Checks whether files end with a new line.                        -->
-	<!-- See http://checkstyle.sourceforge.net/config_misc.html#NewlineAtEndOfFile -->
-	<module name="NewlineAtEndOfFile">
-		<!-- BorderTech
-			Choosing "lf" should allow eof to be either "LF" or "CRLF" (both end with "LF").
-			This is more permissive and more predicatable than the default "enforce whatever line separator is default on the current platform".
-			When fetching code via git newlines are usually normalized anyway.
-		-->
-		<property name="lineSeparator" value="lf"/>
-	</module>
+	<!-- See https://checkstyle.org/config_misc.html#NewlineAtEndOfFile -->
+	<module name="NewlineAtEndOfFile"/>
 
 	<!-- Checks that property files contain the same keys.         -->
-	<!-- See http://checkstyle.sourceforge.net/config_misc.html#Translation -->
+	<!-- See https://checkstyle.org/config_misc.html#Translation -->
 	<module name="Translation"/>
 
 	<!-- Checks for Size Violations.                    -->
-	<!-- See http://checkstyle.sourceforge.net/config_sizes.html -->
+	<!-- See https://checkstyle.org/config_sizes.html -->
 	<module name="FileLength">
+		<!-- BorderTech: Override to warning -->
+		<property name="severity" value="warning" />
+	</module>
+	<module name="LineLength">
+		<property name="fileExtensions" value="java"/>
+		<!-- BorderTech: Override from 80 to 150 -->
+		<property name="max" value="150" />
+		<!-- BorderTech: Override to warning -->
 		<property name="severity" value="warning" />
 	</module>
 
-	<!-- Checks for whitespace                               -->
-	<!-- See http://checkstyle.sourceforge.net/config_whitespace.html -->
-	<!--
+	<!-- See https://checkstyle.org/config_whitespace.html -->
+	<!-- BorderTech: This check is removed as it fails if there are tabs
 	<module name="FileTabCharacter"/>
 	-->
+
+	<!-- BorderTech: Use tabs for indenting -->
 	<module name="RegexpSingleline">
 		<property name="format" value="^(\t*( +\t*(?! \*|\S))|(  ))"/>
 		<property name="message" value="Indentation should be tabs."/>
 		<property name="maximum" value="10"/>
 	</module>
 
 	<!-- Miscellaneous other checks.                   -->
-	<!-- See http://checkstyle.sourceforge.net/config_misc.html -->
+	<!-- See https://checkstyle.org/config_misc.html -->
 	<module name="RegexpSingleline">
 		<property name="format" value="\s+$"/>
-		<property name="maximum" value="10"/>
+		<property name="minimum" value="0"/>
+		<property name="maximum" value="0"/>
 		<property name="message" value="Line has trailing spaces."/>
+		<!-- BorderTech: Override to warning -->
+		<property name="severity" value="warning" />
 	</module>
 
 	<!-- Checks for Headers                                -->
-	<!-- See http://checkstyle.sourceforge.net/config_header.html   -->
+	<!-- See https://checkstyle.org/config_header.html   -->
 	<!-- <module name="Header"> -->
 	<!--   <property name="headerFile" value="${checkstyle.header.file}"/> -->
 	<!--   <property name="fileExtensions" value="java"/> -->
 	<!-- </module> -->
 
 	<module name="TreeWalker">
-		<!-- BorderTech -->
+
+		<!-- BorderTech: Override for how many spaces a tab takes from 8 to 4 -->
 		<property name="tabWidth" value="4"/>
 
-		<!-- BorderTech Make the @SuppressWarnings annotations available to Checkstyle -->
+		<!-- BorderTech: Make the @SuppressWarnings annotations available to Checkstyle -->
+		<!-- SuppressWarningsFilter and SuppressWarningsHolder have to be used together. -->
 		<module name="SuppressWarningsHolder" />
 
 		<!-- Checks for Javadoc comments.                     -->
-		<!-- See http://checkstyle.sourceforge.net/config_javadoc.html -->
+		<!-- See https://checkstyle.org/config_javadoc.html -->
+		<module name="InvalidJavadocPosition"/>
 		<module name="JavadocMethod">
+			<!-- BorderTech: Javadoc not required for methods with these annotations -->
 			<property name="allowedAnnotations" value="Override,Test,Before,After,BeforeClass,AfterClass"/>
 		</module>
 		<module name="JavadocType"/>
 		<module name="JavadocVariable">
+			<!-- BorderTech: Push scope that is checked from private to protected -->
 			<property name="scope" value="protected"/>
 		</module>
 		<module name="JavadocStyle"/>
+		<module name="MissingJavadocMethod"/>
 
 		<!-- Checks for Naming Conventions.                  -->
-		<!-- See http://checkstyle.sourceforge.net/config_naming.html -->
-		<module name="ConstantName" />
+		<!-- See https://checkstyle.org/config_naming.html -->
+		<module name="ConstantName"/>
 		<module name="LocalFinalVariableName"/>
 		<module name="LocalVariableName"/>
 		<module name="MemberName"/>
 		<module name="MethodName"/>
 		<module name="PackageName"/>
 		<module name="ParameterName"/>
 		<module name="StaticVariableName"/>
-		<module name="TypeName" />
+		<module name="TypeName"/>
 
 		<!-- Checks for imports                              -->
-		<!-- See http://checkstyle.sourceforge.net/config_import.html -->
+		<!-- See https://checkstyle.org/config_import.html -->
 		<module name="AvoidStarImport"/>
 		<module name="IllegalImport"/> <!-- defaults to sun.* packages -->
 		<module name="RedundantImport"/>
 		<module name="UnusedImports">
-			<!-- BorderTech -->
+			<!-- BorderTech: Check javadoc as well -->
 			<property name="processJavadoc" value="true" />
 		</module>
 
 		<!-- Checks for Size Violations.                    -->
-		<!-- See http://checkstyle.sourceforge.net/config_sizes.html -->
-		<module name="LineLength">
-			<!-- BorderTech -->
-			<property name="max" value="150" />
-			<property name="severity" value="warning" />
-		</module>
+		<!-- See https://checkstyle.org/config_sizes.html -->
 		<module name="MethodLength">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 		<module name="ParameterNumber">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 
 		<!-- Checks for whitespace                               -->
-		<!-- See http://checkstyle.sourceforge.net/config_whitespace.html -->
+		<!-- See https://checkstyle.org/config_whitespace.html -->
 		<module name="EmptyForIteratorPad"/>
 		<module name="GenericWhitespace"/>
 		<module name="MethodParamPad"/>
 		<module name="NoWhitespaceAfter">
-			<!-- BorderTech -->
+			<!-- BorderTech: Tokens to check -->
 			<property name="tokens" value="BNOT,DEC,DOT,INC,LNOT,UNARY_MINUS,UNARY_PLUS"/>
 		</module>
 		<module name="NoWhitespaceBefore"/>
@@ -166,53 +183,63 @@
 		<module name="WhitespaceAround"/>
 
 		<!-- Modifier Checks                                    -->
-		<!-- See http://checkstyle.sourceforge.net/config_modifiers.html -->
+		<!-- See https://checkstyle.org/config_modifiers.html -->
 		<module name="ModifierOrder"/>
 		<module name="RedundantModifier">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 
 		<!-- Checks for blocks. You know, those {}'s         -->
 		<!-- See http://checkstyle.sourceforge.net/config_blocks.html -->
 		<module name="AvoidNestedBlocks">
-			<!-- BorderTech -->
+			<!-- BorderTech: Allow a nested block in a switch -->
 			<property name="allowInSwitchCase" value="true"/>
 		</module>
 		<module name="EmptyBlock">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 		<module name="LeftCurly"/>
 		<module name="NeedBraces"/>
 		<module name="RightCurly"/>
 
 		<!-- Checks for common coding problems               -->
-		<!-- See http://checkstyle.sourceforge.net/config_coding.html -->
-		<!-- BorderTech
-		<module name="AvoidInlineConditionals"/>
-		-->
+		<!-- See https://checkstyle.org/config_coding.html -->
 		<module name="EmptyStatement">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 		<module name="EqualsHashCode"/>
 		<module name="HiddenField">
-			<!-- BorderTech -->
-			<property name="severity" value="ignore" />
+			<!-- BorderTech: Override from false for constructor parameters -->
+			<property name="ignoreConstructorParameter" value = "true" />
+			<!-- BorderTech: Override from false for setter parameters -->
+			<property name="ignoreSetter" value = "true" />
+			<!-- BorderTech: Override to warning -->
+			<property name="severity" value="warning" />
 		</module>
 		<module name="IllegalInstantiation"/>
 		<module name="InnerAssignment"/>
 		<module name="MagicNumber">
-			<property name="severity" value="ignore" />
+			<!-- BorderTech: Override from false for hash code methods -->
+			<property name="ignoreHashCodeMethod" value = "true" />
+			<!-- BorderTech: Override from false for annotation methods -->
+			<property name="ignoreAnnotation" value = "true" />
+			<!-- BorderTech: Override to warning -->
+			<property name="severity" value="warning" />
 		</module>
 		<module name="MissingSwitchDefault">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 		<module name="MultipleVariableDeclarations"/>
 		<module name="SimplifyBooleanExpression"/>
 		<module name="SimplifyBooleanReturn"/>
 
 		<!-- Checks for class design                         -->
-		<!-- See http://checkstyle.sourceforge.net/config_design.html -->
-		<!-- BorderTech
+		<!-- See https://checkstyle.org/config_design.html -->
+		<!-- BorderTech: This check is specific for library projects (not applications)
 		<module name="DesignForExtension"/>
 		-->
 		<module name="FinalClass"/>
@@ -221,16 +248,24 @@
 		<module name="VisibilityModifier"/>
 
 		<!-- Miscellaneous other checks.                   -->
-		<!-- See http://checkstyle.sourceforge.net/config_misc.html -->
+		<!-- See https://checkstyle.org/config_misc.html -->
 		<!--
-	   <module name="ArrayTypeStyle"/>
+		<module name="ArrayTypeStyle"/>
 		-->
 		<module name="FinalParameters"/>
 		<module name="TodoComment">
+			<!-- BorderTech: Override to warning -->
 			<property name="severity" value="warning" />
 		</module>
 		<module name="UpperEll"/>
 
+		<!-- https://checkstyle.org/config_filters.html#SuppressionXpathFilter -->
+		<module name="SuppressionXpathFilter">
+			<property name="file" value="${org.checkstyle.sun.suppressionxpathfilter.config}"
+					  default="checkstyle-xpath-suppressions.xml" />
+			<property name="optional" value="true"/>
+		</module>
+
 	</module>
 
 </module>