Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 3487A200CE5 for ; Sat, 8 Jul 2017 08:07:12 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 330B316AA48; Sat, 8 Jul 2017 06:07:12 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5282A16AA46 for ; Sat, 8 Jul 2017 08:07:11 +0200 (CEST) Received: (qmail 53678 invoked by uid 500); 8 Jul 2017 06:07:10 -0000 Mailing-List: contact dev-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list dev@ofbiz.apache.org Received: (qmail 53666 invoked by uid 99); 8 Jul 2017 06:07:09 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 08 Jul 2017 06:07:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 25053C061B for ; Sat, 8 Jul 2017 06:07:09 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.479 X-Spam-Level: ** X-Spam-Status: No, score=2.479 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=hotwaxsystems-com.20150623.gappssmtp.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id vDM0-9yfVi3Z for ; Sat, 8 Jul 2017 06:07:06 +0000 (UTC) Received: from mail-it0-f45.google.com (mail-it0-f45.google.com [209.85.214.45]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 852265F5B8 for ; Sat, 8 Jul 2017 06:07:05 +0000 (UTC) Received: by mail-it0-f45.google.com with SMTP id m84so7103385ita.0 for ; Fri, 07 Jul 2017 23:07:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotwaxsystems-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=TCokYJgl/PY4JyNYpAQm3jB5oJMkmtJlioEbvopTnsk=; b=IsXA4R/qo/OVlvkjdWjSM6L+WVTO10+U4RkRS1a9foHtn0GSCjXYCXN1W758s0mtL8 gQqT8Kcmg9ns+EaUPBQ8h/IMfzx9/jUfVqJaQuiKINcTkxRMHsVP7wI+UXqxgaQK7Y8O ayk6FwC2Xt6ZDLPEHjS5HOZExK2Hh/4UZ6VaNSKdgK7kDl35mimT3C+V6RreWCeXRgph Qjsh27j31Fqh0BKNitCxFygn+o7JtieTZ65N530NMZndXBIcvV0z51kmaAZwy8mxyZlU Qkdu+AW6PXOmG70+yqN6oAVG5cGfhdl4vbU5xk8LFP9UnIs5lS7YdmG68StsHgsNC0u/ ww4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=TCokYJgl/PY4JyNYpAQm3jB5oJMkmtJlioEbvopTnsk=; b=ow1VcCRpq9e0m6oHcCaGNFrpiebQoDj7DSOa2v811tN4H2j4fF0fNiY4LmJJbxDnP5 dIkImYsSB5W3Um4OezzmAjAewGq+mL+JCV9elBadpVzZgHWhY0pV2sNWJ2cHbwnTlEJ6 phKH2u8vJf4e5g+mTiIVyg4AzROJtxxjtw3tJ1x5p7SFYA5I8blMmG4IR/GnTJhf0GsC hQJvdaYet0XryRGkcDpEJoORGgrrnOthVYInqOnfMHPMHgWkxhtPcfL21RPOSDAtUg3G yQPLbdbtLngu7hzMBJD1yra3Fs2T/uI5GwQyYfVjhegudabnHpKxiDex5k9Kpoc/ckji jFYQ== X-Gm-Message-State: AIVw110F1+k2w1CZyxMlJznHMx/+XW7vZY84amq6EckaZi//2089W9tS l6/Cgyv2OJbjp+wacfRmzA4b+pnhxUmi X-Received: by 10.36.6.200 with SMTP id 191mr2419772itv.44.1499494018305; Fri, 07 Jul 2017 23:06:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.26.85 with HTTP; Fri, 7 Jul 2017 23:06:37 -0700 (PDT) In-Reply-To: References: <10388104-d8f3-fccf-124c-ca6bff7f2aaa@ecomify.de> <12176a73-5999-cc7a-8ddb-1cb08ce03875@ecomify.de> From: Deepak Dixit Date: Sat, 8 Jul 2017 11:36:37 +0530 Message-ID: Subject: Re: Call to action: fixing defects reported by code analysis tools To: Dev list Content-Type: multipart/alternative; boundary="001a113f79044e08930553c8286a" archived-at: Sat, 08 Jul 2017 06:07:12 -0000 --001a113f79044e08930553c8286a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable +1 nice initiative Michael!! Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com www.hotwax.co On Fri, Jul 7, 2017 at 7:05 PM, Jacques Le Roux < jacques.le.roux@les7arts.com> wrote: > Le 07/07/2017 =C3=A0 15:12, Michael Brohl a =C3=A9crit : > >> Avoiding duplicate errors should be managed through Jira. If someone >> wants to work on a class or package, he should file a Jira first so that >> everyone can see that this is being worked on. >> > Agreed, having one wiki page as reference could also help > >> The Jenkins FindBugs plugin/publisher has a very good output with >> different filters and bug classification while the standard FindBugs htm= l >> report is usable but far from clear. The advantage is that it is only on= e >> html file. >> > Then we can create a wiki page an include it in, right? > > Jacques > > >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> >> Am 07.07.17 um 14:14 schrieb Jacques Le Roux: >> >>> I agree with Michael at OFBIZ-9450 that having "the results available >>> to the public so that the community can always access the latest bug >>> statistics." should reduce duplicated efforts. >>> >>> If we can produce the report in HTML format, then we can create a page >>> in wiki and include the report in this page from any URL. I guess any = URL >>> will fit, else if we need more security (should not be needed, only >>> authenticated authors can change a wiki page) we can have it in the svn >>> repo or a Jira link, etc. >>> >>> Jacques >>> >>> >>> Le 07/07/2017 =C3=A0 12:47, Taher Alkhateeb a =C3=A9crit : >>> >>>> Fantastic initiative Michael, +1 >>>> >>>> I think a simple attachment in jira or a wiki page will suffice. A >>>> one-time scan would provide more than enough information for everyone >>>> who needs to work on stuff. We can run it again in the future when >>>> enough bugs have been tackled. >>>> >>>> On Fri, Jul 7, 2017 at 1:43 PM, Michael Brohl >>>> wrote: >>>> >>>>> Hi everyone, >>>>> >>>>> we started the first activities in Jira [1]. >>>>> >>>>> We have set up an OFBiz build on our Jenkins server who automatically >>>>> does a >>>>> FindBugs code analysis after each commit >>>>> >>>>> I'm thinking about publishing the results on a web server. This shoul= d >>>>> help >>>>> to engage contributors to work on the bugs without the need to do the >>>>> analysis themselves (quick jump in). >>>>> >>>>> Are there any objections to do this? >>>>> >>>>> Do we have a webspace for this which I can use or would it be >>>>> appropriate to >>>>> publish results on one of our servers? >>>>> >>>>> There are even projects which publish the metrics on their website [2= ]. >>>>> >>>>> Best regards, >>>>> >>>>> Michael Brohl >>>>> ecomify GmbH >>>>> www.ecomify.de >>>>> >>>>> [1] https://issues.apache.org/jira/browse/OFBIZ-9450 >>>>> >>>>> [2] >>>>> http://db.apache.org/torque/torque-3.3/releases/torque-3.3/ >>>>> generator/maven-reports.html >>>>> >>>>> >>>>> Am 29.06.17 um 12:16 schrieb Michael Brohl: >>>>> >>>>> Hi all, >>>>>> >>>>>> just wanted to bring this back in mind in case there are people >>>>>> interested >>>>>> in helping out with this. >>>>>> >>>>>> Every support is well appreciated, thank you! >>>>>> >>>>>> Regards, >>>>>> >>>>>> Michael Brohl >>>>>> ecomify GmbH >>>>>> www.ecomify.de >>>>>> >>>>>> >>>>>> Am 13.12.16 um 18:35 schrieb Jacopo Cappellato: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> thanks to Gradle we have now an easy way to run source code analysi= s >>>>>>> tools >>>>>>> on our codebase. >>>>>>> Tools like PMD and FindBugs generate useful reports containing >>>>>>> pointers >>>>>>> to >>>>>>> code that may need to be improved or fixed. >>>>>>> In fact I have executed them on trunk and I got reports with >>>>>>> thousands of >>>>>>> "rule violations": some of them are probably false positives but >>>>>>> others >>>>>>> really represent code that can be improved, simplified or, in some >>>>>>> cases, >>>>>>> fixed. >>>>>>> >>>>>>> I think that it would be great if this community will work together >>>>>>> to >>>>>>> fix >>>>>>> as many defects as possible: it may lead to a cleaner codebase, may >>>>>>> increase the confidence of potential adopters that use these tools >>>>>>> to get >>>>>>> some insight on our code quality, and may make it easier for new >>>>>>> contributors to help the project. >>>>>>> >>>>>>> So here are the steps to quickly start the process: >>>>>>> >>>>>>> 1) get a clean checkout of the trunk >>>>>>> >>>>>>> svn co http://svn.apache.org/repos/asf/ofbiz/trunk >>>>>>> >>>>>>> 2) edit the build.gradle file to enable the PMD or FindBugs plugins= . >>>>>>> For PMD you can add the following line to the file, after the other >>>>>>> "apply >>>>>>> plugin" commands: >>>>>>> >>>>>>> apply plugin: 'pmd' >>>>>>> >>>>>>> For FindBugs add the following lines: >>>>>>> >>>>>>> apply plugin: 'findbugs' >>>>>>> tasks.withType(FindBugs) { >>>>>>> reports { >>>>>>> xml.enabled false >>>>>>> html.enabled true >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Apply only pmd or findbugs, not both: the two tools provide differe= nt >>>>>>> analysis with plenty of defects but the two tools will spot the sam= e >>>>>>> ones >>>>>>> in most cases, so please choose the tool of your preference and the= n >>>>>>> start >>>>>>> fixing the code. >>>>>>> >>>>>>> 3) run the analysis with the command: >>>>>>> ./gradlew check >>>>>>> >>>>>>> 4) review the report; >>>>>>> for PMD the report is: >>>>>>> build/reports/pmd/main.html >>>>>>> for FindBugs the report is: >>>>>>> build/reports/findbugs/main.html >>>>>>> >>>>>>> 5) fix some bugs and test; then go back to #3 >>>>>>> >>>>>>> 6) create a patch and submit it to Jira, mentioning that it fixes >>>>>>> defects >>>>>>> reported by PMD/FindBugs >>>>>>> >>>>>>> Feel free to ask here any question! >>>>>>> >>>>>>> Jacopo >>>>>>> >>>>>>> >>>>>> >>>>> >>> >> >> > --001a113f79044e08930553c8286a--