Use HMCTS Java plugin for code quality tools #176
Conversation
Handles configuration of checkstyle, PMD and dependency checker. See https://github.com/hmcts/gradle-java-plugin/blob/master/README.md
Provide details of HMCTS Java plugin.
| getConfigDirectory().set(new File(rootDir, 'config/checkstyle')) | ||
| } | ||
|
|
||
| pmd { |
There was a problem hiding this comment.
do we want to keep PMD enabled? sonarqube is supposed to cover it
moving this to the plugin makes it harder to disable or alter the config in a team project I assume?
There was a problem hiding this comment.
The default PMD settings can be extended with additional rulesets or replaced completely with custom rulesets if desired in buildscript.
Sonarqube runs PMD if I understand correctly? So we'd still want control of the PMD rulesets. Also does sonarqube run analysis locally or just on CI?
There was a problem hiding this comment.
no they've written their own static analysis tool afaik, they used to.
It runs on CI but you can run it locally with sonarlint
There was a problem hiding this comment.
Re: disabling rulesets. If teams have a need to blanket remove an entire rule then it probably shouldn't be in the default HMCTS rulesets (teams can suppress individual violations where necessary).
For example, I did remove one PMD rule that doesn't work correctly with modern Java constructs like foreach loops.
There was a problem hiding this comment.
There are a lot of PMD rules which report on "issues" we don't really care. I think by default it should be disabled and have an option to enable and override if necessary
There was a problem hiding this comment.
or just not include it?
@satyachundur ?
There was a problem hiding this comment.
Agreed we don't want to impose a tool with a bad signal to noise ratio. I'll go through the PMD warnings for a couple of our larger projects and see if it flags up anything useful, and either trim back the ruleset or remove the tool completely.
There was a problem hiding this comment.
@timja @satyachundur PMD is no longer applied in the java plugin. Are you happy to proceed with this PR as is?
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue is being closed automatically as it was stale |
Michael1142
requested review from
NickAzureDevops,
JordanHoey96 and
JoshuaGlassKainos
|
I'm reopening this PR as the changes correctly apply the code style checks as set out by the HMCTS Way. It is my understanding that we should look to remove PMD for the reasons expressed in the exchange above. That is, sonar performs simmilar checks with a better signal to noise ratio. |
Change description
Use the HMCTS Java plugin to apply Checkstyle, PMD and OWASP dependency checker with HMCTS default settings.
The Java plugin is intended to help teams apply a minimum standard of code quality tools, whilst making it easier for HMCTS to evolve that standard over time. (Eg. we currently have >50 different checkstyle configs in use in HMCTS, to take one example).
This PR does introduce a change to the configuration of the OWASP dependency checker, which now considers runtime dependency configurations only (known non-runtime configurations including tests and checkstyle configurations are excluded).
Does this PR introduce a breaking change? (check one with "x")