Maven Support

[levonk]

Please provide an official maven plugin

[iloveeclipse]

@hazendaz : I must confess, I'm not a maven expert.

My personal understanding right now:

• Java 9 is just released. People will start trying it. They will need proper tooling support.
• => SpotBugs should be released soon! We wait for ASM6 (end of September) only.
• Once we will have ASM 6, we will create RC6.
• If nothing big will be broken in RC6, we should finally release 3.1.0.

This all above means, for RC6 we must have maven support. If you think rebranding will timely not fit into RC6, create a new task and we will postpone it to 4.0.

The main point right now is to get something for maven flying with RC6.

[KengoTODA]

I will test in my personal Maven project. https://github.com/KengoTODA/findbugs-slf4j/blob/master/pom.xml

[hazendaz]

I think quick and dirty release sounds best for maven. I'll change the run commands to be spot bugs but the reporting would still say findings for rc6. I believe rebranding can fully hit by final release. The problem is that there are 100s of spots indicating findings. The plugin for what it is worth is probably a bit over written. I'm sort of wanting to limit that though as that is too many changes and since original author on maven has been really responsive lately, fixes are going there first and then applied here via rebasing so it's just textual changes and the spot bugs jar at this point. If I diverge too far, rebasing may become an issue.

Ultimately I'd like to get the original plugin to have all outstanding issues resolved. Maybe then is a good full break. And I think original auther might eventually consider coming over here. He has picked up some changes I made just for spot bugs so it seems he is watching but I didn't see him respond to joining forces yet.

Anyway with dates looking locked in place. We can handle minor mods for next rc6.

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Kengo TODA notifications@github.com Sent: Friday, September 22, 2017 7:01:26 AM To: spotbugs/spotbugs Cc: Jeremy Landis; Mention Subject: Re: [spotbugs/spotbugs] Maven Support (#8)

I will test in my personal Maven project. https://github.com/KengoTODA/findbugs-slf4j/blob/master/pom.xml

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/spotbugs/issues/8#issuecomment-331417517, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AA7ho1vvlBTdLXn7J3_fN-v2cdMGpT4mks5sk5OGgaJpZM4KqpZB.

[hazendaz]

I'll push a rc5 tonight so at least partial switch over can be tested rather than my personal release for rc4

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Jeremy Landis jeremylandis@hotmail.com Sent: Friday, September 22, 2017 9:11:23 AM To: spotbugs/spotbugs; spotbugs/spotbugs Cc: Mention Subject: Re: [spotbugs/spotbugs] Maven Support (#8)

I think quick and dirty release sounds best for maven. I'll change the run commands to be spot bugs but the reporting would still say findings for rc6. I believe rebranding can fully hit by final release. The problem is that there are 100s of spots indicating findings. The plugin for what it is worth is probably a bit over written. I'm sort of wanting to limit that though as that is too many changes and since original author on maven has been really responsive lately, fixes are going there first and then applied here via rebasing so it's just textual changes and the spot bugs jar at this point. If I diverge too far, rebasing may become an issue.

Ultimately I'd like to get the original plugin to have all outstanding issues resolved. Maybe then is a good full break. And I think original auther might eventually consider coming over here. He has picked up some changes I made just for spot bugs so it seems he is watching but I didn't see him respond to joining forces yet.

Anyway with dates looking locked in place. We can handle minor mods for next rc6.

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Kengo TODA notifications@github.com Sent: Friday, September 22, 2017 7:01:26 AM To: spotbugs/spotbugs Cc: Jeremy Landis; Mention Subject: Re: [spotbugs/spotbugs] Maven Support (#8)

I will test in my personal Maven project. https://github.com/KengoTODA/findbugs-slf4j/blob/master/pom.xml

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/spotbugs/issues/8#issuecomment-331417517, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AA7ho1vvlBTdLXn7J3_fN-v2cdMGpT4mks5sk5OGgaJpZM4KqpZB.

[KengoTODA]

@hazendaz I confirmed that 3.1.0-RC4 can work as expected, however it has only findbugs goal so I need to run mvn spotbugs:findbugs which seems strange. It will be nice if we can add alias to let users do mvn spotbugs:spotbugs.

And when I run mvn site, it prints several "FindBugs" in its message:

[INFO] Done FindBugs Analysis....

[INFO] Generating "FindBugs" report             --- spotbugs-maven-plugin:3.1.0-RC4:findbugs

[hazendaz]

@KengoTODA

Please give this one a try. It's released to sonatype so you should be able to pull it.

                <plugin>
                    <groupId>com.github.spotbugs</groupId>
                    <artifactId>spotbugs-maven-plugin</artifactId>
                    <version>3.1.0-SNAPSHOT</version>
                </plugin>

If this looks good, I'll push it sometime tomorrow on RC5. I guess what I was trying to really get at, is that if I were to change every notion of findbugs to spotbugs we would be looking at 100+ file changes and pretty sure a merge nightmare if things are changed back at findbugs maven plugin. This is a second attempt at much less scope but still rather large. RC5 can be used for testing grounds to see if that flushes out ok. So far, the issues you raised are fixed. Logging though might still say findbugs but the reporting shows spotbugs now and the running is spotbugs:spotbugs.

[KengoTODA]

@hazendaz About logging, it still says:

[INFO] Done FindBugs Analysis....

And hyperlink in HTML generated by site goal uses http://findbugs.sourceforge.net/ , I will attach generated file at here: bug-pattern – SpotBugs Bug Detector Report.htm.zip

At last, when spotbugs:check failed, it says that To see bug detail using the Findbugs GUI, use the following command "mvn findbugs:gui". It's better to replace two FindBugs in this comment.

[hazendaz]

Thanks! I'll work on it some more tomorrow to fix those issues.

[iloveeclipse]

@hazendaz : would be great to see some commits :-) RC6 was a little bit buggy, but I really hope we can push the "final" RC and stable 3.1.0 in the next days.

[KengoTODA]

@iloveeclipse If you mean #405, it does not affect Maven plugin. So I think Maven user can use it as stable version.

[iloveeclipse]

Sure, I just wanted to have all bits there for a release, and if I get it right, maven integration needs some smaller polishing for 3.1.0. My vision is to get 3.1.0 out of the door as soon as possible, and except maven part it looks good.

[hazendaz]

How close is 3.1.0 release?

I do need to push all my code up. I've been trying to change all mention of findbugs as I can without breaking it or the plugin support - fb contrib and findsecbugs. My commits are a bit messy now and it's a pretty large change. I need to do a lot more testing. I have been a bit hesitant to push rc5+ at the moment for those reasons. I want to make sure it's right the first time. Or I could just push so all can see and we triage together with possibly multiple RC releases beyond what spot bugs might have.

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Andrey Loskutov notifications@github.com Sent: Wednesday, September 27, 2017 7:01:11 AM To: spotbugs/spotbugs Cc: Jeremy Landis; Mention Subject: Re: [spotbugs/spotbugs] Maven Support (#8)

Sure, I just wanted to have all bits there for a release, and if I get it right, maven integration needs some smaller polishing for 3.1.0. My vision is to get 3.1.0 out of the door as soon as possible, and except maven part it looks good.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/spotbugs/issues/8#issuecomment-332485961, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AA7ho6K3rBER_3pLkOWkjIqrHN6GZWMnks5smir3gaJpZM4KqpZB.

[iloveeclipse]

I believe we only need maven bits for the next RC and if nothing bad happens, we can declare 3.1.0. You can see it here: https://github.com/spotbugs/spotbugs/milestone/1

I've just set the due date to October 15. I think this is acceptable.

[hazendaz]

All of my code is up currenty here

I'm unable to get the integration tests working. Only 8 want to succeed. The original fails as well but for different reasons (expected test failures never match - always one off). On the new code it just doesn't seem to be doing what is expected.

Overall there is still quite a bit of 'findbugs' all over this. Honestly this is probaby more extensive than I would have ever written a plugin. While it's great that it has integration tests to flush out the plugin working, it would be better if I could find down what is making them fail. Any help would be appreciated.

Because I'm still tracking original plugin I would further anticipate a lot of rebasing/squashing as changes come onto there unless we start adding value here. Rebranding by itself I don't feel warrants a lot of commits. The only two I'm really holding steady on is the original post findbugs commit I made to release early versions of this and the new site generation. I'll keep those separate. All my other commits are simply more of the same trying to flush out findbugs as much as possible.

[hazendaz]

I've got 13 of the tests passing now. The original findbugs maven plugin only has 18 IT tests pass. So I'm getting closer to having same results.

[uweplonus]

I use the spotbugs-maven-plugin and found some places where it still references findbugs.

Will this be fixed or where should such issues be reported? I understand that the differences to the findbugs plugin should be minimized but I think in the long term we will all use spotbugs...

[hazendaz]

That is a work in progress

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: uweplonus notifications@github.com Sent: Saturday, October 7, 2017 4:14:17 PM To: spotbugs/spotbugs Cc: Jeremy Landis; Mention Subject: Re: [spotbugs/spotbugs] Maven Support (#8)

I use the spotbugs-maven-plugin and found some places where it still references findbugs.

Will this be fixed or where should such issues be reported? I understand that the differences to the findbugs plugin should be minimized but I think in the long term we will all use spotbugs...

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/spotbugs/issues/8#issuecomment-334962856, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AA7ho3mWl88wzGvdqn0M2jDzkf-2MlEtks5sp9uZgaJpZM4KqpZB.

[iloveeclipse]

@hazendaz : can we close this one, or what is still missing? I want to cut a release this weekend.

[hazendaz]

@iloveeclipse All good on release front. Here is my plan.

As soon as final integration tests run that I'm testing now, I'm releasing RC5. Then will update to RC6 and wait until I hear back from anyone else that wants to confirm. I have run both findbugs and spotbugs in same project and it worked as I expected. Both are feasiable to be run. After further verifications, I'm good to run with release 3.1.0. There is a defect in the build itself on the main plugin but that won't affect users and PR is outstanding to fix that. I can just consume that on here too so it's none issue here even though not pulled over there.

[hazendaz]

You can close this one. RC5 of the maven plugin has been released. I'm testing with RC6 now. Please give the plugin a go and let me know if any issues. All looks good to me so I'm ready as well for 3.1.0 release.

[hazendaz]

Closing. Both RC5 and RC6 are now released.

[iloveeclipse]

Thanks Jeremy, I really appretiate your help.

[varunnvs92]

@hazendaz There are no new releases of com.github.hazendaz.spotbugs » spotbugs-maven-plugin maven repo. Last version is 3.1.0-RC4. Is there a new spotbugs maven plugin available which is under Apache 2.0 license?

[hazendaz]

It's no longer under my personal group is.

Please use

com.github.spotbugs

Latest release is 3.1.1

Thanks,

Jeremy

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: varunnvs92 notifications@github.com Sent: Thursday, February 15, 2018 1:47:34 PM To: spotbugs/spotbugs Cc: Jeremy Landis; Mention Subject: Re: [spotbugs/spotbugs] Maven Support (#8)

@hazendazhttps://github.com/hazendaz There are no new releases of com.github.hazendaz.spotbugs » spotbugs-maven-plugin maven repo. Last version is 3.1.0-RC4https://mvnrepository.com/artifact/com.github.hazendaz.spotbugs/spotbugs-maven-plugin. Is there a new spotbugs maven plugin available which is under Apache 2.0 license?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/spotbugs/issues/8#issuecomment-366023730, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AA7ho2m5oSXhiP2vnm1DUoqg3nYmd-Hoks5tVHvDgaJpZM4KqpZB.

[romani]

@hazendaz , thanks a lot for a notice ... but here is problem with upgrade https://github.com/spotbugs/spotbugs-maven-plugin/issues/30