使用 Gradle 插件进行代码分析(转)

2021-09-13 21:03:13

代码分析在大多数项目中通常是作为最后一个步骤（如果做了的话）完成的。其通常难以配置及与现有代码整合。

本文旨在勾勒出使用 Gradle 整合 PMD 与 FindBugs 的步骤，并将其与一个现有的 Sonar 构建工具进行整合。

PMD、CheckStyle 和 FindBugs

首先要做的就是在我们的 build.gradle 文件中添加插件：

apply plugin: 'checkstyle'

apply plugin: 'pmd'

apply plugin: 'findbugs'

这些插件能在我们的代码中启用 PMD、CheckStyle 和 FindBugs。

ostatsu
翻译于 1个月前

1人顶

顶翻译的不错哦!

默认情况下，这些插件将对测试程序和主程序都进行分析。对于我们，需要避免在测试程序上运行FindBugs和PMD，我们使用如下命令：

findbugs{

findbugsTest.enabled=false

}

pmd {

pmdTest.enabled=false

}

下面，我们从Gradle中执行：

1	`./gradlew` `clean findBugsMain pmdMain`

这将对工程进行清理，然后对源代码执行FindBugs和PMD。

输出结果如下：

:clean

:compileJava

Note: Some input files use unchecked or unsafe operations.

Note: Recompile with -Xlint:unchecked for details.

:processResources

:classes

:findbugsMain FAILED

FAILURE: Build failed with an exception.

* What went wrong:

Execution failed for task ':findbugsMain'.

> FindBugs rule violations were found. See the report at: file:///myprojects/build/reports/findbugs/main.xml

* Try:

Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Total time: 24.597 secs

由于违背FindBugs规则，还没运行PMD构建已经失败。FindBugs和PMD的输出格式为XML。

结果报告保存在<proj_home>/build/reports文件夹。

*好
翻译于 1周前

1人顶

顶翻译的不错哦!

为了生成可读的HTML文档并忽略错误继续构建，我们在build.gradle文件中加入：

findbugs{

ignoreFailures=true

findbugsTest.enabled=false

}

tasks.withType(FindBugs) {

reports {

xml.enabled = false

html.enabled = true

}

tasks.withType(Pmd){

reports{

xml.enabled=true

html.enabled=true

}

pmd {

ignoreFailures = true

pmdTest.enabled=false

}

task.withType用于对每种任务进行配置，您可以对PMD启用HTML和XML报告，对FindBugs启用HTML报告。

注意：在输出报告时，FindBugs仅支持一种可用的输出格式。

./gradlew clean findBugsMain pmdMain

:clean

:compileJava

Note: Some input files use unchecked or unsafe operations.

Note: Recompile with -Xlint:unchecked for details.

:processResources

:classes

:findbugsMain

FindBugs rule violations were found. See the report at: file:///myprojects/build/reports/findbugs/main.html

:pmdMain

Removed misconfigured rule: LoosePackageCoupling cause: No packages or classes specified

174 PMD rule violations were found. See the report at: file:///myprojects/build/reports/pmd/main.html

BUILD SUCCESSFUL

Total time: 6.013 secs

对于PMD，您可以使用ruleSet选项设置规则集。下面是一些常用的规则集。

pmd {

ignoreFailures = true

pmdTest.enabled=false

ruleSets = [

'java-basic',

'java-braces',

'java-clone',

'java-codesize',

'java-comments',

'java-controversial',

'java-coupling',

'java-design',

'java-empty',

'java-finalizers',

'java-imports',

'java-optimizations',

'java-strictexception',

'java-strings',

'java-typeresolution',

'java-unnecessary',

'java-unusedcode'

]

}

一个输出示例如下：

使用 Gradle 插件进行代码分析(转)

*好
翻译于 1周前

0人顶

顶翻译的不错哦!

与Sonar整合

PMD，Checkstyle和Sonar都是很有用的工具。但是，从一个组织的角度，我们需要追踪项目代码质量的变化和一段时间内的技术债务。我们需要能够对照其它类似的团队。

为了能够做到这些，我们使用Sonar。本文假设您已经安装好了Sonar。

对于这种情况，Altassian提供了相应的Sonar插件。为了使用它，我们需要添加必要的插件。

buildscript {

repositories {

mavenCentral()

maven { url "http://mvnrepo.nordstrom.net/nexus/content/groups/public" }

maven { url "http://repo.maven.apache.org/maven2" }

}

dependencies {

classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:1.2"

}

构建脚本安装完毕，我们队sonarqube进行配置：

apply plugin: "org.sonarqube"

sonarqube{

check

properties {

// Sonar Specific properties

property 'sonar.projectName', 'Project Services' // This is the display project name

property 'sonar.host.url','http://sonar:8080/' // This is the Sonar Server

property 'sonar.projectKey', 'com.wordpress.mrvivekr:project' // The Key using which the project details are tracked

// JDBC Properties

property 'sonar.jdbc.url','jdbc:jtds:sqlserver://ABCD:1433/SonarDB;domain=MYCOMP;SelectMethod=Cursor'

property 'sonar.jdbc.username','userName'

property 'sonar.jdbc.password','Secr#%'

//Which Sonar Profile to use - this is optional

property 'sonar.profile','JavaProfile'

}

注意：sonar.profile是预配置sonar配置（和规则），应由您的公司预先配置完成。但这是可选而非必须。我的JDBC连接使用SQLServer连接。

1	`./gradlew` `sonarqube`

:compileJava UP-TO-DATE

:processResources UP-TO-DATE

:classes UP-TO-DATE

:compileTestJava

:processTestResources

:testClasses

:test

....... ommitted .....

11:27:36.713 INFO - Java Main Files AST scan done: 812 ms

11:27:36.714 INFO - 13/13 source files have been analyzed

11:27:36.715 INFO - Java bytecode scan...

11:27:36.762 INFO - Java bytecode scan done: 47 ms

11:27:36.762 INFO - Java Test Files AST scan...

11:27:36.762 INFO - 5 source files to be analyzed

11:27:36.885 INFO - Java Test Files AST scan done: 123 ms

11:27:36.885 INFO - 5/5 source files have been analyzed

11:27:36.888 INFO - Package design analysis...

11:27:39.868 INFO - Package design analysis done: 2980 ms

11:27:39.884 INFO - Sensor JavaSquidSensor (done) | time=4307ms

11:27:39.884 INFO - Sensor Lines Sensor

11:27:39.888 INFO - Sensor Lines Sensor (done) | time=4ms

11:27:39.888 INFO - Sensor QProfileSensor

11:27:39.891 INFO - Sensor QProfileSensor (done) | time=3ms

11:27:39.891 INFO - Sensor InitialOpenIssuesSensor

11:27:45.592 INFO - Sensor InitialOpenIssuesSensor (done) | time=5701ms

11:27:45.592 INFO - Sensor ProjectLinksSensor

11:27:45.730 INFO - Sensor ProjectLinksSensor (done) | time=138ms

11:27:45.730 INFO - Sensor VersionEventsSensor

11:27:47.690 INFO - Sensor VersionEventsSensor (done) | time=1960ms

11:27:47.690 INFO - Sensor org.sonar.plugins.findbugs.FindbugsSensor@7894f007

11:27:47.694 INFO - Execute Findbugs 3.0.1...

11:27:48.557 INFO - Found findbugs plugin: /myprojects/build/sonar/findbugs/fb-contrib.jar

11:27:48.596 INFO - Found findbugs plugin: /myprojects/build/sonar/findbugs/findsecbugs-plugin.jar

11:27:48.612 INFO - Findbugs output report: /myprojects/build/sonar/findbugs-result.xml

The following classes needed for analysis were missing:

javax.crypto.spec.SecretKeySpec

11:27:50.846 INFO - Execute Findbugs 3.0.1 done: 3153 ms

11:29:31.499 INFO - Sensor org.sonar.plugins.findbugs.FindbugsSensor@7894f007 (done) | time=103809ms

11:29:31.499 INFO - Sensor SurefireSensor

11:29:31.500 INFO - parsing /myprojects/build/test-results

11:29:31.558 INFO - Sensor SurefireSensor (done) | time=59ms

11:29:31.558 INFO - Sensor JaCoCoOverallSensor

11:29:31.565 WARN - You are not using the latest JaCoCo binary format version, please consider upgrading to latest JaCoCo version.

11:29:31.565 INFO - Analysing /myprojects/build/jacoco/test.exec

11:29:31.601 WARN - You are not using the latest JaCoCo binary format version, please consider upgrading to latest JaCoCo version.

......... Ommitted .............

11:30:38.654 INFO - ANALYSIS SUCCESSFUL, you can browse http://sonar:8080/dashboard/index/com.wordpress.mrvivekr:project

11:30:38.654 INFO  - Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report.

11:30:38.655 INFO - Executing post-job class org.sonar.plugins.buildbreaker.AlertBreaker

11:30:38.657 INFO - Executing post-job class org.sonar.plugins.buildbreaker.ForbiddenConfigurationBreaker

BUILD SUCCESSFUL

Total time: 5 mins 16.499 secs

您应该看到类似的输出：

使用 Gradle 插件进行代码分析(转)

享受代码分析吧！

http://www.oschina.net/translate/code-analysis-with-gradle

https://dzone.com/articles/code-analysis-with-gradle

码农公寓

PMD、CheckStyle 和 FindBugs

ostatsu翻译于 1个月前

*好翻译于 1周前

*好翻译于 1周前

与Sonar整合

相关文章

ostatsu
翻译于 1个月前

*好
翻译于 1周前

*好
翻译于 1周前