search

microsoft / azure-pipelines-tasks

Tasks for Azure Pipelines
https://aka.ms/tfbuild
MIT License
3.51k stars 2.62k forks source link

Are there any plans to add Spotbugs to the Maven code analysis tools? #10900

Open sangonzal opened 5 years ago

sangonzal commented 5 years ago

Question:

Task Name: Maven Environment: Azure Pipelines, hosted agent

The Maven task has the option of enabling Findbugs static analysis tool. Findbugs seems to be no longer be maintained and instead it is recommended to use Spotbugs.

Are there any plans to add Spotbugs to the Maven code analysis tools?

sangonzal commented 5 years ago

Any updates on this?

github-actions[bot] commented 4 years ago

This issue is stale because it has been open for a year with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

in-fke commented 3 years ago

If this was done for Gradle, can we also do it for Maven? https://github.com/microsoft/azure-pipelines-tasks/pull/14625

anatolybolshakov commented 3 years ago

Hi @in-fke yes, we are planning to add support for Maven task too - reopened this issue to track it.

github-actions[bot] commented 3 years ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

in-fke commented 3 years ago

@anatolybolshakov can you remove the "stale" label again?

anatolybolshakov commented 3 years ago

@in-fke sure, removed it since still actual.

in-fke commented 3 years ago

Thank you!

Crydust commented 2 years ago

Any updates on this?

KonstantinTyukalov commented 2 years ago

Hi! Thanks for the information you provided. We are currently working on resolving this issue.

KonstantinTyukalov commented 2 years ago

Hi everyone! Quick update: The related changes for the Maven task ver.3 will be available in the next ADO release. We will update the ticket once these changes will be fully rollout to all Azure DevOps users.

Later we are planning to add support of multi-module for the spotbugs plugin.

Thanks!

in-fke commented 2 years ago

Thanks for the update, "multi-module" would of course be essential, since most Maven Pipeline are probably multi-module.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

in-fke commented 1 year ago

Quick update: The related changes for the Maven task ver.3 will be available in the next ADO release.

Could you update this issue regarding this? I guess it should not be stale then.

in-fke commented 1 year ago

May 2022 @KonstantinTyukalov wrote:

Later we are planning to add support of multi-module for the spotbugs plugin.

any update on this? Maybe it is already solved?

in-fke commented 1 year ago

This is frustrating, I tried it on a multi-module Maven Project and the SpotBugs Analysis is picking some random Maven Project that was not even part of the Multi-Module build (e.g. omitted due to profiles, or just not contained in the tag).

https://github.com/microsoft/azure-pipelines-tasks/blob/master/Tasks/MavenV4/spotbugsTool/publishSpotbugsReport.ts

So apparently:

  1. multi-module Maven Project not supported
  2. tries to copy spotbugsXml.xml from a Maven Project that was not even part of the build
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:23 h
[INFO] Finished at: 2023-05-02T13:31:12Z
[INFO] ------------------------------------------------------------------------
cp: no such file or directory: /home/vsts/work/1/s/<path-to-maven-project-that-was-not-part-of-the-build>/target/spotbugsXml.xml
##[error]cp failed
cp: no such file or directory: /home/vsts/work/1/s/<path-to-maven-project-that-was-not-part-of-the-build>/target/spotbugsXml.xml
Code analysis failed.

But this raises a more general question: do we even get a decent Pipeline Web UI output like from Unit Tests? Or is this just to publish pipeline artifacts with raw spotbugsXml.xml files?

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

in-fke commented 1 year ago

But this raises a more general question: do we even get a decent Pipeline Web UI output like from Unit Tests? Or is this just to publish pipeline artifacts with raw spotbugsXml.xml files?

Yes, Bot, this issue is still relevant.

chrfis commented 8 months ago

+1 for the bot, facing same issue currently when migrating from findbugs to spotbugs...