danger-spotbugs 0.0.1

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in danger-spotbugs.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,165 @@
+PATH
+  remote: .
+  specs:
+    danger-spotbugs (0.0.1)
+      danger-plugin-api (~> 1.0)
+      oga (~> 2.15)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ansi (1.5.0)
+    ast (2.4.2)
+    claide (1.0.3)
+    claide-plugins (0.9.2)
+      cork
+      nap
+      open4 (~> 1.3)
+    coderay (1.1.3)
+    colored2 (3.1.2)
+    cork (0.3.0)
+      colored2 (~> 3.1)
+    danger (8.2.3)
+      claide (~> 1.0)
+      claide-plugins (>= 0.9.2)
+      colored2 (~> 3.1)
+      cork (~> 0.1)
+      faraday (>= 0.9.0, < 2.0)
+      faraday-http-cache (~> 2.0)
+      git (~> 1.7)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.0)
+      no_proxy_fix
+      octokit (~> 4.7)
+      terminal-table (>= 1, < 4)
+    danger-plugin-api (1.0.0)
+      danger (> 2.0)
+    diff-lcs (1.4.4)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
+      multipart-post (>= 1.2, < 3)
+      ruby2_keywords
+    faraday-http-cache (2.2.0)
+      faraday (>= 0.8)
+    faraday-net_http (1.0.1)
+    ffi (1.15.0)
+    formatador (0.2.5)
+    git (1.8.1)
+      rchardet (~> 1.8)
+    guard (2.16.2)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    kramdown (2.3.1)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    listen (3.0.8)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    lumberjack (1.2.8)
+    method_source (1.0.0)
+    multipart-post (2.1.1)
+    nap (1.1.0)
+    nenv (0.3.0)
+    no_proxy_fix (0.1.2)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    octokit (4.20.0)
+      faraday (>= 0.9)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    oga (2.15)
+      ast
+      ruby-ll (~> 2.1)
+    open4 (1.3.4)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
+    pry (0.14.0)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (4.0.6)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    rchardet (1.8.0)
+    regexp_parser (2.1.1)
+    rexml (3.2.4)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    rubocop (1.11.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.1)
+      parser (>= 2.7.1.5)
+    rubocop-rake (0.5.1)
+      rubocop
+    rubocop-rspec (2.2.0)
+      rubocop (~> 1.0)
+      rubocop-ast (>= 1.1.0)
+    ruby-ll (2.1.2)
+      ansi
+      ast
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.4)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
+    shellany (0.0.1)
+    terminal-table (3.0.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (1.1.0)
+    unicode-display_width (1.7.0)
+    yard (0.9.26)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.2.14)
+  danger-spotbugs!
+  guard (~> 2.16.2)
+  guard-rspec (~> 4.7.3)
+  listen (~> 3.0.8)
+  pry (~> 0.14.0)
+  rake (~> 10.5.0)
+  rspec (~> 3.10.0)
+  rubocop (~> 1.11.0)
+  rubocop-rake (~> 0.5.1)
+  rubocop-rspec (~> 2.2.0)
+  yard (~> 0.9.26)
+
+BUNDLED WITH
+   2.2.14

data/Guardfile

@@ -0,0 +1,19 @@
+# A guardfile for making Danger Plugins
+# For more info see https://github.com/guard/guard#readme
+
+# To run, use `bundle exec guard`.
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2021 Mathieu Rul <mathroule@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,24 @@
+# Danger SpotBugs
+
+Checks on your Gradle project's Java source files.
+This is done using [SpotBugs](https://spotbugs.github.io)
+Results are passed out as tables in markdown.
+
+This plugin is inspired from https://github.com/kazy1991/danger-findbugs.
+
+## Installation
+
+    $ gem install danger-spotbugs
+
+## Usage
+
+    Methods and attributes from this plugin are available in
+    your `Dangerfile` under the `spotbugs` namespace.
+
+## Development
+
+1. Clone this repo
+2. Run `bundle install` to setup dependencies.
+3. Run `bundle exec rake spec` to run the tests.
+4. Use `bundle exec guard` to automatically have tests run as you make changes.
+5. Make your changes.

data/Rakefile

@@ -0,0 +1,23 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RSpec::Core::RakeTask.new(:specs)
+
+task default: :specs
+
+task :spec do
+  Rake::Task['specs'].invoke
+  Rake::Task['rubocop'].invoke
+  Rake::Task['spec_docs'].invoke
+end
+
+desc 'Run RuboCop on the lib/specs directory'
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.patterns = %w[lib/**/*.rb spec/**/*.rb]
+end
+
+desc 'Ensure that the plugin passes `danger plugins lint`'
+task :spec_docs do
+  sh 'bundle exec danger plugins lint'
+end

data/danger-spotbugs.gemspec

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'spotbugs/gem_version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'danger-spotbugs'
+  spec.version = Spotbugs::VERSION
+  spec.authors = ['Mathieu Rul']
+  spec.email = ['mathroule@gmail.com']
+  spec.description = 'A Danger plugin for SpotBugs.'
+  spec.summary = 'A Danger plugin for SpotBugs, see https://spotbugs.github.io.'
+  spec.homepage = 'https://github.com/mathroule/danger-spotbugs'
+  spec.license = 'MIT'
+
+  spec.files = `git ls-files`.split($/)
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'danger-plugin-api', '~> 1.0'
+  spec.add_runtime_dependency 'oga', '~> 2.15'
+
+  # General ruby development
+  spec.add_development_dependency 'bundler', '~> 2.2.14'
+  spec.add_development_dependency 'rake', '~> 10.5.0'
+
+  # Testing support
+  spec.add_development_dependency 'rspec', '~> 3.10.0'
+
+  # Linting code and docs
+  spec.add_development_dependency 'rubocop', '~> 1.11.0'
+  spec.add_development_dependency 'rubocop-rake', '~> 0.5.1'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.2.0'
+  spec.add_development_dependency 'yard', '~> 0.9.26'
+
+  # Makes testing easy via `bundle exec guard`
+  spec.add_development_dependency 'guard', '~> 2.16.2'
+  spec.add_development_dependency 'guard-rspec', '~> 4.7.3'
+
+  # If you want to work on older builds of ruby
+  spec.add_development_dependency 'listen', '~> 3.0.8'
+
+  # This gives you the chance to run a REPL inside your tests
+  # via:
+  #
+  #    require 'pry'
+  #    binding.pry
+  #
+  # This will stop test execution and let you inspect the results
+  spec.add_development_dependency 'pry', '~> 0.14.0'
+end

data/lib/danger_plugin.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'spotbugs/plugin'

data/lib/danger_spotbugs.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'spotbugs/gem_version'

data/lib/spotbugs/entity/bug_instance.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+# Represent a BugInstance.
+class BugInstance
+  RANK_ERROR_THRESHOLD = 4
+  attr_reader :absolute_path, :relative_path
+  attr_accessor :source_dirs, :bug_instance
+
+  def initialize(prefix, source_dirs, bug_instance)
+    @source_dirs = source_dirs
+    @bug_instance = bug_instance
+
+    source_path = bug_instance.xpath('SourceLine').attribute('sourcepath').first.value.to_s
+    @absolute_path = get_absolute_path(source_path)
+
+    prefix += (prefix.end_with?(file_separator) ? '' : file_separator)
+    @relative_path = if @absolute_path.start_with?(prefix)
+                       @absolute_path[prefix.length, @absolute_path.length - prefix.length]
+                     else
+                       @absolute_path
+                     end
+  end
+
+  def rank
+    @rank ||= bug_instance.attribute('rank').value.to_i
+  end
+
+  def type
+    @type ||= rank > RANK_ERROR_THRESHOLD ? :warn : :fail
+  end
+
+  def line
+    @line ||= bug_instance.xpath('SourceLine').attribute('start').first.value.to_i
+  end
+
+  def description
+    @description ||= bug_instance.xpath('LongMessage').text
+  end
+
+  private
+
+  def get_absolute_path(source_path)
+    @source_dirs.map do |source_dir|
+      return source_dir if source_dir.end_with?(source_path)
+    end
+  end
+
+  def file_separator
+    File::ALT_SEPARATOR || File::SEPARATOR
+  end
+end

data/lib/spotbugs/gem_version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Spotbugs
+  VERSION = '0.0.1'
+end

data/lib/spotbugs/plugin.rb

@@ -0,0 +1,211 @@
+# frozen_string_literal: true
+
+module Danger
+  # Checks on your Gradle project's Java source files.
+  # This is done using [SpotBugs](https://spotbugs.github.io)
+  # Results are passed out as tables in markdown.
+  #
+  # @example Running SpotBugs with its basic configuration
+  #
+  #          spotbugs.report
+  #
+  # @example Running SpotBugs with a specific Gradle task or report file (glob accepted)
+  #
+  #          spotbugs.gradle_task = 'module:spotbugsRelease' # default: 'spotbugsRelease'
+  #          spotbugs.report_file = 'module/build/reports/spotbugs/release.xml' # default: 'app/build/reports/spotbugs/release.xml'
+  #          spotbugs.report
+  #
+  # @example Running SpotBugs with a specific root path
+  #
+  #          spotbugs.root_path = '/Users/developer/project' # default: result of `git rev-parse --show-toplevel`
+  #          spotbugs.report
+  #
+  # @example Running SpotBugs with an array of report files (glob accepted)
+  #
+  #          spotbugs.report_files = ['modules/**/build/reports/spotbugs/release.xml', 'app/build/reports/spotbugs/release.xml']
+  #          spotbugs.report
+  #
+  # @example Running SpotBugs without running a Gradle task
+  #
+  #          spotbugs.skip_gradle_task = true # default: false
+  #          spotbugs.report
+  #
+  # @example Running SpotBugs without inline comment
+  #
+  #          spotbugs.report(inline_mode: false) # default: true
+  #
+  # @see  mathroule/danger-spotbugs
+  # @tags java, android, spotbugs
+  #
+  class DangerSpotbugs < Plugin
+    require_relative './entity/bug_instance'
+
+    # Custom Gradle task to run.
+    # This is useful when your project has different flavors.
+    # Defaults to 'spotbugsRelease'.
+    #
+    # @return [String]
+    attr_writer :gradle_task
+
+    # A getter for `gradle_task`, returning 'spotbugsRelease' if value is nil.
+    #
+    # @return [String]
+    def gradle_task
+      @gradle_task ||= 'spotbugsRelease'
+    end
+
+    # Skip Gradle task.
+    # If you skip Gradle task, for example project does not manage Gradle.
+    # Defaults to `false`.
+    #
+    # @return [Bool]
+    attr_writer :skip_gradle_task
+
+    # A getter for `skip_gradle_task`, returning false if value is nil.
+    #
+    # @return [Boolean]
+    def skip_gradle_task
+      @skip_gradle_task ||= false
+    end
+
+    # An absolute path to a root.
+    # To comment errors to VCS, this needs to know relative path of files from the root.
+    # Defaults to result of 'git rev-parse --show-toplevel'.
+    #
+    # @return [String]
+    attr_writer :root_path
+
+    # A getter for `root_path`, returning result of `git rev-parse --show-toplevel` if value is nil.
+    #
+    # @return [String]
+    def root_path
+      @root_path ||= `git rev-parse --show-toplevel`.chomp
+    end
+
+    # Location of report file.
+    # If your SpotBugs task outputs to a different location, you can specify it here.
+    # Defaults to 'app/build/reports/spotbugs/release.xml'.
+    #
+    # @return [String]
+    attr_writer :report_file
+
+    # A getter for `report_file`, returning 'app/build/reports/spotbugs/release.xml' if value is nil.
+    #
+    # @return [String]
+    def report_file
+      @report_file ||= 'app/build/reports/spotbugs/release.xml'
+    end
+
+    # Location of report files.
+    # If your SpotBugs task outputs to a different location, you can specify it here.
+    # Defaults to ['app/build/reports/spotbugs/release.xml'].
+    #
+    # @return [Array[String]]
+    attr_writer :report_files
+
+    # A getter for `report_files`, returning ['app/build/reports/spotbugs/release.xml'] if value is nil.
+    #
+    # @return [Array[String]]
+    def report_files
+      @report_files ||= [report_file]
+    end
+
+    # Calls SpotBugs task of your Gradle project.
+    # It fails if `gradlew` cannot be found inside current directory.
+    # It fails if `report_file` cannot be found inside current directory.
+    # It fails if `report_files` is empty.
+    #
+    # @param [Boolean] inline_mode Report as inline comment, defaults to [true].
+    #
+    # @return [Array[PmdFile]]
+    def report(inline_mode: true)
+      unless skip_gradle_task
+        raise('Could not find `gradlew` inside current directory') unless gradlew_exists?
+
+        exec_gradle_task
+      end
+
+      report_files_expanded = Dir.glob(report_files).sort
+      raise("Could not find matching SpotBugs report files for #{report_files} inside current directory") if report_files_expanded.empty?
+
+      do_comment(report_files_expanded, inline_mode)
+    end
+
+    private
+
+    # Check gradlew file exists in current directory.
+    #
+    # @return [Boolean]
+    def gradlew_exists?
+      !`ls gradlew`.strip.empty?
+    end
+
+    # Run Gradle task.
+    #
+    # @return [void]
+    def exec_gradle_task
+      system "./gradlew #{gradle_task}"
+    end
+
+    # A getter for `spotbugs_report`, returning SpotBugs report.
+    #
+    # @param [String] report_file The report file.
+    #
+    # @return [Oga::XML::Document]
+    def spotbugs_report(report_file)
+      require 'oga'
+      Oga.parse_xml(File.open(report_file))
+    end
+
+    # A getter for current updated files.
+    #
+    # @return [Array[String]]
+    def target_files
+      @target_files ||= (git.modified_files - git.deleted_files) + git.added_files
+    end
+
+    # A getter for SpotBugs issues, returning SpotBugs issues.
+    #
+    # @param [String] report_file The report file.
+    #
+    # @return [Array[BugInstance]]
+    def spotbugs_issues(report_file)
+      spotbugs_report = spotbugs_report(report_file)
+
+      source_dirs = spotbugs_report.xpath('//BugCollection//SrcDir').map(&:text)
+
+      spotbugs_report.xpath('//BugCollection//BugInstance').map do |bug_instance|
+        BugInstance.new(root_path, source_dirs, bug_instance)
+      end
+    end
+
+    # Generate report and send inline comment with Danger's warn or fail method.
+    #
+    # @param [Boolean] inline_mode Report as inline comment, defaults to [true].
+    #
+    # @return [Array[PmdFile]]
+    def do_comment(report_files, inline_mode)
+      spotbugs_issues = []
+
+      report_files.each do |report_file|
+        spotbugs_issues(report_file).each do |bug_instance|
+          next unless target_files.include? bug_instance.relative_path
+
+          spotbugs_issues.push(bug_instance)
+
+          send_comment(bug_instance, inline_mode)
+        end
+      end
+
+      spotbugs_issues
+    end
+
+    def send_comment(bug_instance, inline_mode)
+      if inline_mode
+        send(bug_instance.type, bug_instance.description, file: bug_instance.relative_path, line: bug_instance.line)
+      else
+        send(bug_instance.type, "#{bug_instance.relative_path} : #{bug_instance.description} at #{bug_instance.line}")
+      end
+    end
+  end
+end