Gaffer
Gaffer copied to clipboard
gchq
Improve code analysis CI in Gaffer
https://github.com/gchq/Gaffer/issues/39 added FindBugs to Gaffer. FindBugs is no longer maintained and has been replaced by SpotBugs.
This could be upgraded, or a more modern tool could be used to replace this entirely. For example:
Some of these would also replace the need for other plugins such as checkstyle and code coverage as they handle those too.
Some work has been done on this ticket to identify the best tools going forward, but further work on this ticket is currently on hold. For more information see internal tool- number 301
SonarQube is the likely solution to this, but will need checking when this ticket is progressed. For more information see internal tool- number 301
#2842 will upgrade our SpotBugs configuration and improve code quality standards. We might want to consider using the PMD source code analyser which also runs as a maven plugin and works well alongside SpotBugs. We could also consider enabling the Google Java style formatting check in the Spotless plugin.
#2871 introduces the PMD plugin which performs further static analysis and code quality checks. It also enables GitHub's CodeQL security scanning. This issue can probably be closed once this has been merged.
To an extent these extra checks replace the checkstyle plugin, although they don't replace the code style checks. These could be replaced by the Spotless plugin formatting checks mentioned above, but this would also require major refactors to get the codebase to comply and so it's probably easier to leave this for now.