search

codeclimate / codeclimate-sonar-java

Maintainability and reliability checks for Java
GNU Affero General Public License v3.0
3 stars 6 forks source link

QUA-431: update SonarJava to 6.15 #65

Closed dantevvp closed 2 years ago

dantevvp commented 2 years ago

This PR updates the SonarJava plugin to version 6.15 that supports Java 15.

dantevvp commented 2 years ago

Note: this PR is currently pulling the codeclimate-ss-analyzer-wrapper package from an unmerged branch. Once merged, it will be changed to the correct package name.

fede-moya commented 2 years ago

@dantevvp When running make analyze-fixtures I see some messages that concern me a bit:

INFO: Java 1.8.0_111-internal Oracle Corporation (64-bit)
INFO: Linux 5.10.25-linuxkit amd64
INFO: Index files
INFO: 1 file indexed
INFO: Configured Java source version (sonar.java.source): 15
INFO: JavaClasspath initialization
INFO: JavaClasspath initialization (done) | time=13ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=0ms
INFO: Java Main Files AST scan
INFO: 1 source files to be analyzed
INFO: 1/1 source files have been analyzed
INFO: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
INFO: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
....
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.803s
INFO: Final Memory: 19M/197M
INFO: ------------------------------------------------------------------------

This two;

INFO: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.

&&

INFO: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.

Might worth confirm what are they about ...

fede-moya commented 2 years ago

@dantevvp also, the CI is working again ✅

dantevvp commented 2 years ago

This two;

INFO: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.

&&

INFO: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.

Might worth confirm what are they about ...

I looked into this and the sonar.java.libraries warning goes away when providing this config in the codeclimate.yml file:

sonar-java:
    enabled: true
    channel: beta
    config:
      sonar.java.source: "15"
      sonar.java.libraries: /usr/src/app/build/libs
      sonar.java.test.libraries: /usr/src/app/build/test
      sonar.java.binaries: .
      minimum_severity: minor
      tests_patterns:
        - src/test/**

It tells sonar java where the project's libraries, test libraries and binaries are. I'm not sure though if this is the correct config or why it needs to have access to those libraries. Either way I'm sure that this is user-specific. Users should specify their own project's libraries, binaries and test libraries.

Regarding the unresolved imports/types warning, I wasn't able to get sonarlint to run in debug mode, so I can't say exactly what are the unresolved imports or types, but it is also something specific to each project you run the linter on, so it's not something related to our own image

fede-moya commented 2 years ago

@dantevvp I believe we can just ignore snyk for now...