sonar-checkstyle icon indicating copy to clipboard operation
sonar-checkstyle copied to clipboard

Published 20 hours ago verified publisher icon checkstyle

Resolve violations from sonarcloud.io

Open romani opened this issue 5 years ago • 8 comments

https://sonarcloud.io/dashboard?id=checkstyle_sonar-checkstyle

lets try to resolve all violations in our code, if reasonable.

romani avatar Apr 30 '19 13:04 romani

I started looking through them and found those issues to be discussed:

  • CheckstyleRulesDefinition::extractRulesData -> uses deprecated (and without provided alternative) classes from sslr-squid-bridge to load the HTML and SQALE model
    • HTML loading is not a problem; we can kinda migrate the code as it's simple and short
    • SQALE seems to not be used anymore by sslr-squid-bridge (see: https://github.com/SonarSource/sslr-squid-bridge/blob/master/src/main/java/org/sonar/squidbridge/rules/SqaleXmlLoader.java#L42); hence, we can migrate the code or use any alternative? I don't use SQALE myself - any ideas?
  • RuleFinder is not deprecated; only marked deprecated wrongly in our used API version - we investigated this issue before already
  • violation. To remove https://sonarcloud.io/code?id=checkstyle_sonar-checkstyle&line=114&selected=checkstyle_sonar-checkstyle%3Asrc%2Fmain%2Fjava%2Forg%2Fsonar%2Fplugins%2Fcheckstyle%2FCheckstyleExecutor.java we would need to perform some refactoring since file() is deprecated without replacement
  • we have a lot of usage of RulePriority but Sonar still uses that one - we discussed it earlier as well; once Sonar replaces their return values we can solve this
  • I actually don't know if it's wise to change this one: https://sonarcloud.io/code?id=checkstyle_sonar-checkstyle&line=55&selected=checkstyle_sonar-checkstyle%3Asrc%2Fmain%2Fjava%2Forg%2Fsonar%2Fplugins%2Fcheckstyle%2FCheckstyleExecutor.java

For the other issues, it's quite straight forward to resolve them.

muhlba91 avatar May 08 '19 10:05 muhlba91

For the other issues, it's quite straight forward to resolve them.

please do. the less violations the better. No need to fix the all in one PR, even 1 violation in separate PR is ok. Continuous improvements ...

CheckstyleRulesDefinition::extractRulesData -> uses deprecated (and without provided alternative)

I see clear meassage in javadoc that plugin need to host this functionality in their own code. https://github.com/SonarSource/sslr-squid-bridge/blob/master/src/main/java/org/sonar/squidbridge/rules/ExternalDescriptionLoader.java#L33 Lets just copy such files to us.

RuleFinder is not deprecated; only marked deprecated wrongly in our used API version - we investigated this issue before already

I do not see deprecation in latest code https://github.com/SonarSource/sonarqube/blob/master/sonar-plugin-api/src/main/java/org/sonar/api/rules/RuleFinder.java should be upgrade to new version ?

file() is deprecated without replacement

I see suggestion on what to use instead - https://github.com/SonarSource/sonarqube/blob/master/sonar-plugin-api/src/main/java/org/sonar/api/batch/fs/InputFile.java#L91

we have a lot of usage of RulePriority but Sonar still uses that one

https://github.com/SonarSource/sonarqube/blob/master/sonar-plugin-api/src/main/java/org/sonar/api/rules/RulePriority.java#L30 Please open issue on them to let when describe what is better way to define this.

I actually don't know if it's wise to change this one

It is false positive for sure, but ... according to https://jira.sonarsource.com/browse/RSPEC-1075 we probably can remove leading "/" and pass validation. Or according to https://github.com/SonarSource/sonar-dotnet/pull/556/files#diff-4682fc1f8b2440f08cbc43fa1a536fa0R56 , name variable as xxxxLocation and pass :).

romani avatar May 11 '19 14:05 romani

I created issues for:

  • RulePriority: #220
  • the SQALE model: #219

Working on the others.

muhlba91 avatar May 14 '19 11:05 muhlba91

@romani Is it possible to put sonar as part of CI so we can see violations are fixed and won't come back?

rnveach avatar May 14 '19 12:05 rnveach

Yes, they do have PR processing now, but I didn't have time to set up it. There is still problem to set up custom gate, suppression, rules. it will require extra scripting to make it prevents new issue to appear.

romani avatar May 14 '19 12:05 romani

No spacial scripting is required now, now sonarqube is completely customizable. We just need to resolve or mark as won't fix all issues

romani avatar Jan 22 '20 09:01 romani

https://github.com/checkstyle/sonar-checkstyle/blob/master/src/main/resources/org/sonar/plugins/checkstyle/rules.xml#L77

romani avatar Jan 22 '20 14:01 romani

this i the only major violations that is left - https://sonarcloud.io/project/issues?id=checkstyle_sonar-checkstyle&open=AWpuVgQeyRjJygCrGbZ-&resolved=false&severities=MAJOR

Al other related to deprecation resolving it is part of #58.

So as this major is resolved we can close this issue.

romani avatar Jan 22 '20 21:01 romani