Set up static analysis for on-boarding

Configured PMD Maven plugin in the onboarding pom.xml, with a custom ruleset.
Currently disabled by default, can be ran on demand.

Change-Id: I0e7ba1aeb1aefcea86fc2534ebc62343057f7c34
Issue-ID: SDC-246
Signed-off-by: vempo <vitaliy.emporopulo@amdocs.com>

diff --git a/build-tools/pom.xml b/build-tools/pom.xml
new file mode 100644 (file)
index 0000000..952ebef
--- /dev/null
+++ b/build-tools/pom.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <!-- This dependency must be referenced from a plugin configuration only -->
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>build-tools</artifactId>
+
+    <parent>
+        <groupId>org.openecomp.sdc</groupId>
+        <artifactId>sdc-main</artifactId>
+        <version>1.1.0-SNAPSHOT</version>
+    </parent>
+
+    <properties>
+        <pmd.version>5.8.1</pmd.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-core</artifactId>
+            <version>${pmd.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-java</artifactId>
+            <version>${pmd.version}</version>
+        </dependency>
+    </dependencies>
+
+</project>
\ No newline at end of file

diff --git a/build-tools/src/main/resources/build-pmd-ruleset.xml b/build-tools/src/main/resources/build-pmd-ruleset.xml
new file mode 100644 (file)
index 0000000..dd8984a
--- /dev/null
+++ b/build-tools/src/main/resources/build-pmd-ruleset.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<ruleset name="SDC Essential Rule-set"
+         xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd http://pmd.sourceforge.net/ruleset/2.0.0 ">
+
+    <description>
+        Essential rules according to SonarQube. Note that it is impossible to make PMD rules exactly match the
+        SonarQube ones, but they will probably catch about 90% of violations before they get into the source control.
+        The advantage is that PMD can be ran locally on any development setup and does not require a license.
+    </description>
+
+    <!--
+        All available Java rule-sets: https://pmd.github.io/pmd-5.6.1/pmd-java/rules/index.html
+    -->
+
+    <!-- Blocker severity in SonarQube -->
+    <rule ref="rulesets/java/strictexception.xml/AvoidCatchingThrowable"/>
+    <rule ref="rulesets/java/empty.xml/EmptyCatchBlock">
+        <properties>
+            <property name="allowCommentedBlocks" value="true"/>
+        </properties>
+    </rule>
+
+    <!-- THERE IS NO GOOD RULE TO CATCH NULL DEREFERENCING IN PMD -->
+    <rule ref="rulesets/java/basic.xml/MisplacedNullCheck"/>
+    <rule ref="rulesets/java/basic.xml/BrokenNullCheck"/>
+
+
+    <rule ref="rulesets/java/design.xml/CloseResource">
+        <properties>
+            <property name="types"
+                      value="java.sql.Connection,java.sql.Statement,java.sql.ResultSet,java.io.OutputStream,java.net.URLConnection,java.io.InputStream,java.io.FileInputStream,java.io.FileOutputStream,java.util.zip.ZipOutputStream,java.util.zip.ZipInputStream,java.util.jar.JarInputStream,java.util.jar.JarOutputStream,java.io.BufferedReader,java.io.BufferedWriter"/>
+        </properties>
+    </rule>
+    <rule ref="rulesets/java/basic.xml/OverrideBothEqualsAndHashcode"/>
+
+    <!--
+        Critical severity in SonarQube. Should be empty until all Critical have been fixed.
+    -->
+
+</ruleset>
\ No newline at end of file

diff --git a/onboarding/pom.xml b/onboarding/pom.xml
index 0e60028..36a36ee 100644 (file)
--- a/onboarding/pom.xml
+++ b/onboarding/pom.xml
@@ -93,5 +93,61 @@
         <ws.rs.version>2.0.1</ws.rs.version>  <!--  New version 2.0.1 to fix blackduck violation Failing with comiplation issues-->
         <zusammen.version>0.2.0</zusammen.version>
         <zusammen-state-store.version>0.2.1</zusammen-state-store.version>
+        <skipSA>true</skipSA>
+        <build.tools.version>1.1.0-SNAPSHOT</build.tools.version>
     </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jxr-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <skip>${skipSA}</skip>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>jxr-generation</id>
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>jxr</goal>
+                            <goal>test-jxr</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>3.8</version>
+                <configuration>
+                    <skip>${skipSA}</skip>
+                    <aggregate>false</aggregate>
+                    <targetJdk>${maven.compiler.target}</targetJdk>
+                    <rulesets>
+                        <ruleset>build-pmd-ruleset.xml</ruleset>
+                    </rulesets>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>pmd-check</id>
+                        <phase>validate</phase>
+                        <goals>
+                            <!-- violations fail build -->
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.openecomp.sdc</groupId>
+                        <artifactId>build-tools</artifactId>
+                        <version>${build.tools.version}</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+        </plugins>
+    </build>
+
 </project>

diff --git a/pom.xml b/pom.xml
index e6e4d92..17bf79a 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -340,6 +340,7 @@
                                <activeByDefault>true</activeByDefault>
                        </activation>
                        <modules>
+                               <module>build-tools</module>
                                <module>onboarding</module>
                                <module>security-utils</module>
                                <module>common-app-api</module>