[POC-FIX-PMD] maven-pmd-plugin: reactivate PMD - Best Practices

[Pankraz76]

Facing real bugs, we could activate PMD again as mention in comments to prevent violations:

(suppress existing 483 issues)

• UnnecessaryFullyQualifiedName #2348
• UnnecessaryParentheses #2349
• UnusedAssignment #2350
• LooseCoupling (80)
• 

References:

• [MNG-8729] Use correct outputStream destination; request instead of path in DefaultPluginXmlFactory#write #2312
• Remove unused private methods #2310
• support legacy automate excludeFromFailureFile pmd/pmd#5735
• [POC-Issue#5735]: support legacy automate excludeFromFailureFile maven-pmd-plugin#202
• https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html

maven/impl/maven-core/src/test/resources/apiv4-repo/org/apache/maven/maven-parent/4/maven-parent-4.pom

Line 227 in ffd30a3

<!-- Disabled until projects have been made to comply

checkstyle:

[Pankraz76]

[INFO] --- pmd:3.26.0:check (maven-pmd-plugin) @ maven-api-core ---
[WARNING] PMD Failure: org.apache.maven.api.DependencyScope:100 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'DependencyScope': 'values' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.JavaPathType:222 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'JavaPathType': 'values' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.JavaPathType:262 Rule:UnnecessaryModifier Priority:3 Unnecessary modifier 'final' on method 'format': the method is already in a final class.
[WARNING] PMD Failure: org.apache.maven.api.MonotonicClock:59 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'Clock': 'systemUTC' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.ArtifactCoordinatesFactoryRequest:58 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'ArtifactCoordinatesFactoryRequest': 'builder' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.ArtifactCoordinatesFactoryRequest:76 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'ArtifactCoordinatesFactoryRequest': 'builder' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.ArtifactCoordinatesFactoryRequest:89 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'ArtifactCoordinatesFactoryRequest': 'builder' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.ArtifactCoordinatesFactoryRequest:97 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'ArtifactCoordinatesFactoryRequest': 'builder' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.ArtifactFactoryRequest:55 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'ArtifactFactoryRequest': 'builder' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.ArtifactFactoryRequest:72 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'ArtifactFactoryRequest': 'builder' is already in scope.
[WARNING] PMD Failure: org.apache.maven.api.services.DependencyCoordinatesFactoryRequest:62 Rule:UnnecessaryFullyQualifiedName Priority:4 Unnecessary qualifier 'DependencyCoordinatesFactoryRequest': 'builder' is already in scope.

[Pankraz76]

please why is it only applied when declared here?

[Pankraz76]

UnusedPrivateMethod this is why check and spot not enough.

• Remove unused private methods #2310

[slachiewicz]

How was the excludes file generated?

[Pankraz76]

How was the excludes file generated?

AI/custom generated script, this feature is requested feature by PMD.

See here:

• support legacy automate excludeFromFailureFile pmd/pmd#5735
• support legacy automate excludeFromFailureFile pmd/pmd#5735 (comment)

[hgschmie]

not in the codebase

[hgschmie]

not in the code base

[Pankraz76]

why can PMD find it then?

[hgschmie]

I am not sure that all of those (or even the majority) are actually in the code base.

If you want to add supressions, add `@SuppressWarnings("PMD.") statements at the places where the problems occur. That way, an IDE can pick them up and point out when a suppression is no longer needed.

Having a big central file is a sure recipe for this to fall into disrepair and things never getting fixed. Which is counter to what you are trying to accomplish.

Suppressions need to be applied surgically in the right place where a violation exist. Not as a blanked "We cover the whole class"

[Pankraz76]

place where a violation exist

is only possible doing it here. Other wise we have 500 operations inside the code thats impossible.

[hgschmie]

Where is that needed and why would we ignore any .cache subfolder at any level of the tree?

[Pankraz76]

yes should be specific, but there is not collision so its not an big deal actually.

[hgschmie]

why would we not apply all java rulesets but only one?

[Pankraz76]

we can not pass even this one, so it might be overkill.

[hgschmie]

This is not the right way to engage with this project. If you want to improve the code quality, we would be willing to review small, specific changes that solve an issue that exists. Not blanket, AI generated "here are large changes that are hard to verify" PRs without any context.

I will close this PR; feel free to resubmit smaller, better documented changes.

[Pankraz76]

AI generated

at to silly for this simple task.

[Pankraz76]

smaller

will have issues (blindspots), not making it possible to activate the plugin.

We have blind spots or ignore 1o1 the errors.

This solution is very exact, as it only addresses existing issues not ignoring rules globally.

[Pankraz76]

please tell me, how can we stop further violations? Freezing existing depth, not able to commit any more rubbish. @hgschmie

[Pankraz76]

@bclozel @sdeleuze

would you guys appreciate an PMD legacy compatible integration on spring like seen here?

With my script created its easy to suppress all existing violations to prevent any further and then improve code quality from there, not committing corrupt code.

[Pankraz76]

@cescoffier @geoand Would you like to adhere to Best Practices?

With this way we can prevent any new corruption from entering the code base.

• Add PMD to core quarkusio/quarkus#45417
• https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html

[bclozel]

@Pankraz76 we don't use Maven in our projects, so I'm not sure why I'm being pinged here. I guess the answer is "no", then.

[Pankraz76]

its about PMD. Can be used via gradle too. https://docs.gradle.org/current/userguide/pmd_plugin.html As its Best Practices having to find large acceptance for comprehending minds.

[geoand]

@cescoffier @geoand Would you like to adhere to Best Practices?

With this way we can prevent any new corruption from entering the code base.

• Add PMD to core quarkusio/quarkus#45417
• https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html

@Pankraz76 I am not sure what you expect from us here.

[Pankraz76]

If Maven does not care about norms, standardization, and following common sense, maybe Quarkus and Spring will. It's about avoiding overhead, reducing effort spent on avoidable issues, and focusing attention on the real business logic. We should not waste time on unused imports but on real progress being made.

So with this example given I would like to offer doing the same as its done by script now, giving ability to freeze technical dept.

I will shoot demo PR providing the same for Spring and Quarkus. Thus you can see the current situations and choose if you want more violations.

[geoand]

@Pankraz76 I suggest taking a step and back and trying to ascertain how your changes and communication of said changes appears to project maintainers.

[Pankraz76]

yes, i see this type of change is not simple to integrate. Thanks for feedback.

[geoand]

👍🏽

[hgschmie]

If Maven does not care about norms, standardization, and following common sense, maybe Quarkus and Spring will. It's about avoiding overhead, reducing effort spent on avoidable issues, and focusing attention on the real business logic. We should not waste time on unused imports but on real progress being made.

So with this example given I would like to offer doing the same as its done by script now, giving ability to freeze technical dept.

I will shoot demo PR providing the same for Spring and Quarkus. Thus you can see the current situations and choose if you want more violations.

@Pankraz76 This type of "you need to adhere to some imaginary standards or norms that I defined" comments don't work here. You need to ask yourself if that is a reasonable way to engage with any community, given the amount of pushback to your style of engagement that you have seen.

[Pankraz76]

Of course, my direct approach isn't very charming. I can only convince those who in favor of rules and reason—not those prioritize individual opinion or embrace the freedom of chaos (what some might call the broken window effect).

Some thrive in disorder, finding creativity in the absence of boundaries. For others, order is essential; they need structure to keep the marathon going.

P.S. This is the essence of law. There is no law without enforcement. These best practices serve the common good—they belong to no one, being defined by the community itself, in sync with Java Coding Conventions (JCC). Debating them in generell seems kind of goofy.

I didn't create, nor do I particularly care about these rules, even though they seem legitimate and reasonable. They seem the only valid foundation, making it obvious to integrate.

Java coding conventions come from Java itself, not from me. The same applies to PMD best practices—we can assure significant effort went into balancing these rules. Thus ends our endless debates about which rules are good or bad (though we've all participated eagerly).

That's the power of norms and standards. They're like syntax, but operating on a higher semantic plane. You all grasp this intuitively—while I remain, as ever, the least enlightened among us.

[geoand]

Using ChatGPT (or friends) also doesn't do you any favors when trying to convince people...

[Pankraz76]

Its my language given form and correction. Please stop horsing around. I spend 30 mins to create the post, yes im very special, taking my time.

Not everyone is so smart like you @geoand please excuse.

[geoand]

The point I'm trying to make is very simple: you are putting effort into doing work but not taking feedback into account at all and continuing on a course that almost certainly leads to your work not having the impact you hope it has.