Merge branch 'spotbugs' into feature/114

spotbugs · Apr 17, 2022 · 36c46d8 · 36c46d8
2 parents f29d7b3 + 21e6fc6
commit 36c46d8
Show file tree

Hide file tree

Showing 16 changed files with 60 additions and 94 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -8,17 +8,17 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        java: [8, 11, 17, 18-ea]
+        java: [11, 17, 18, 19-ea]
       fail-fast: false
       max-parallel: 4
     name: Test JDK ${{ matrix.java }}, ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: ${{ matrix.java }}
           distribution: 'zulu'
       - name: Test with Maven
-        run: ./mvnw test -B
+        run: ./mvnw test -B --no-transfer-progress
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/coveralls.yaml b/.github/workflows/coveralls.yaml
@@ -23,9 +23,9 @@ jobs:
     if: github.repository_owner == 'spotbugs-OFF'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: 11
           distribution: 'zulu'

diff --git a/.github/workflows/coverity.yaml b/.github/workflows/coverity.yaml
@@ -10,9 +10,9 @@ jobs:
     if: github.repository_owner == 'spotbugs'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: 11
           distribution: 'zulu'

diff --git a/.github/workflows/it-maven339.yaml b/.github/workflows/it-maven339.yaml
@@ -26,9 +26,9 @@ jobs:
     name: Integration Tests Maven 3.3.9
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: 11
           distribution: 'zulu'

diff --git a/.github/workflows/it.yaml b/.github/workflows/it.yaml
@@ -26,9 +26,9 @@ jobs:
     name: Integration Tests
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: 11
           distribution: 'zulu'

diff --git a/.github/workflows/site.yaml b/.github/workflows/site.yaml
@@ -10,17 +10,17 @@ jobs:
     if: github.repository_owner == 'spotbugs' && ! contains(toJSON(github.event.head_commit.message), '[maven-release-plugin]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          java-version: 17
           distribution: 'zulu'
       - uses: webfactory/ssh-agent@master
         with:
           ssh-private-key: ${{ secrets.DEPLOY_KEY }}
       - name: Build site
-        run: ./mvnw site site:stage -DskipTests -B
+        run: ./mvnw site site:stage -DskipTests -B --no-transfer-progress
         env:
           CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml
@@ -10,14 +10,14 @@ jobs:
     if: github.repository_owner == 'spotbugs'
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           # Disabling shallow clone is recommended for improving relevancy of reporting
           fetch-depth: 0
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          java-version: 17
           distribution: 'zulu'
       - name: Analyze with SonarCloud
         run: ./mvnw verify sonar:sonar -B -D"sonar.projectKey=spotbugs_spotbugs-maven-plugin" -D"sonar.organization=spotbugs" -D"sonar.host.url=https://sonarcloud.io" -D"sonar.login=$SONAR_TOKEN"

diff --git a/.github/workflows/sonatype.yaml b/.github/workflows/sonatype.yaml
@@ -10,14 +10,14 @@ jobs:
     if: github.repository_owner == 'spotbugs' && ! contains(toJSON(github.event.head_commit.message), '[maven-release-plugin]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          java-version: 17
           distribution: 'zulu'
       - name: Deploy to Sonatype
-        run: ./mvnw deploy -DskipTests -B --settings ./.mvn/settings.xml
+        run: ./mvnw deploy -DskipTests -B  --no-transfer-progress --settings ./.mvn/settings.xml
         env:
           CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
           CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
diff --git a/.mvn/settings.xml b/.mvn/settings.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
   <servers>
     <server>
       <id>ossrh</id>

diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -14,5 +14,5 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.4/apache-maven-3.8.4-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.5/apache-maven-3.8.5-bin.zip
 wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar
diff --git a/README.md b/README.md
@@ -70,3 +70,4 @@ Run integration tests
 ```
 mvn clean install -P run-its -DtestSrc=remote
 ```
+Note on Groovy: If using groovy with same group id (org.codehaus.groovy 3.x or before or org.apache.groovy 4.x or above), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage.
diff --git a/TODO.md b/TODO.md
@@ -0,0 +1,3 @@
+issue
+-----
+- maven release plugin site is failing with gmavenplus groovydoc regarding missing javaparser class.  Tried adding that both at gmavenplus and at site plugin, neither worked.  It is at site plugin currently.  Running site on its own runs this same step without issue.
diff --git a/pom.xml b/pom.xml
@@ -5,13 +5,13 @@
   <parent>
     <groupId>com.github.hazendaz</groupId>
     <artifactId>base-parent</artifactId>
-    <version>31</version>
+    <version>35</version>
     <relativePath />
   </parent>
 
   <groupId>com.github.spotbugs</groupId>
   <artifactId>spotbugs-maven-plugin</artifactId>
-  <version>4.5.3.1-SNAPSHOT</version>
+  <version>4.6.0.3-SNAPSHOT</version>
   <packaging>maven-plugin</packaging>
 
   <name>SpotBugs Maven Plugin</name>
@@ -117,29 +117,30 @@
     <projectVersion>${project.version}</projectVersion>
 
     <!-- Override spotbugs to this version from base-parent -->
-    <spotbugs.version>4.5.3</spotbugs.version>
+    <spotbugs.version>4.6.0</spotbugs.version>
 
     <!-- Groovy doesn't like simple '8' for java 8 -->
     <java.version>1.8</java.version>
 
     <junitVersion>5.8.2</junitVersion>
-    <spotbugsVersion>4.5.3</spotbugsVersion>
-    <spotbugsTag>4.5.3</spotbugsTag>
+    <spotbugsVersion>4.6.0</spotbugsVersion>
+    <spotbugsTag>4.6.0</spotbugsTag>
     <slf4jVersion>1.7.36</slf4jVersion>
 
     <antVersion>1.10.12</antVersion>
-    <groovyVersion>4.0.0</groovyVersion>
+    <groovyVersion>4.0.1</groovyVersion>
+    <javaparserVersion>3.24.2</javaparserVersion>
 
     <doxiaVersion>1.11.1</doxiaVersion>
     <doxiaSiteToolsVersion>1.11.1</doxiaSiteToolsVersion>
 
-    <mavenCoreVersion>3.8.4</mavenCoreVersion>
+    <mavenCoreVersion>3.8.5</mavenCoreVersion>
     <mavenSharedUtilsVersion>3.3.4</mavenSharedUtilsVersion>
     <mavenTransferVersion>0.13.1</mavenTransferVersion>
     <mavenCommonArtifactFilters>3.2.0</mavenCommonArtifactFilters>
     <mavenReportingApiVersion>3.1.0</mavenReportingApiVersion>
     <mavenReportingVersion>3.1.0</mavenReportingVersion>
-    <mavenVersion>3.8.4</mavenVersion>
+    <mavenVersion>3.8.5</mavenVersion>
 
     <plexusContainerVersion>2.1.1</plexusContainerVersion>
     <plexusResourcesVersion>1.2.0</plexusResourcesVersion>
@@ -149,14 +150,14 @@
     <l10nPluginVersion>1.8</l10nPluginVersion>
     <codenarcPluginVersion>0.22-1</codenarcPluginVersion>
     <gmavenPluginVersion>1.13.1</gmavenPluginVersion>
-    <infoReportsPluginVersion>3.2.1</infoReportsPluginVersion>
+    <infoReportsPluginVersion>3.2.2</infoReportsPluginVersion>
     <invokerPluginVersion>3.2.2</invokerPluginVersion>
     <javadocPluginVersion>3.3.2</javadocPluginVersion>
     <pluginPluginVersion>3.6.4</pluginPluginVersion>
     <scmPluginVersion>1.12.2</scmPluginVersion>
-    <sitePluginVersion>3.10.0</sitePluginVersion>
+    <sitePluginVersion>3.11.0</sitePluginVersion>
     <sitePlugin36Version>3.6</sitePlugin36Version> <!-- For MFINDBUGS-145 (breaks on newer jdks, revisit this on spotbugs 4.5.x and simply drop the old support) -->
-    <versionsPluginVersion>2.9.0</versionsPluginVersion>
+    <versionsPluginVersion>2.10.0</versionsPluginVersion>
 
     <spotbugsTestDebug>false</spotbugsTestDebug>
     <integrationTestSrc>${project.build.directory}/it-src-spotbugs</integrationTestSrc>
@@ -182,7 +183,7 @@
     <jgit.version>5.13.0.202109080827-r</jgit.version>
 
     <!-- Targeted patches -->
-    <asm.version>9.2</asm.version>
+    <asm.version>9.3</asm.version>
     <beanutils.version>1.9.4</beanutils.version>
     <chain.version>1.2</chain.version>
     <codec.version>1.15</codec.version>
@@ -551,6 +552,11 @@
               <artifactId>doxia-sink-api</artifactId>
               <version>${doxiaVersion}</version>
             </dependency>
+            <dependency>
+              <groupId>com.github.javaparser</groupId>
+              <artifactId>javaparser-core</artifactId>
+              <version>${javaparserVersion}</version>
+            </dependency>
           </dependencies>
         </plugin>
         <plugin>

diff --git a/src/site/apt/usage.apt.vm b/src/site/apt/usage.apt.vm
@@ -87,55 +87,14 @@ mvn site
   </reporting>
   ...
 </project>
-+-----+
-
-  Then, execute the site plugin to generate the report.  
-
-
-+-----+
-mvn site
-+-----+
-
-
-* Filter bugs to report
-
-  To filter the classes and methods which are analyzed or omitted from analysis
-  you can use filters.
-  The filters allow specifying by class and method which bug categories to
-  include/exclude in/from the reports. The
-  {{{https://spotbugs.readthedocs.io/en/latest/filter.html}filter format specification}}
-  also contains useful examples.
-
-+-----+
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
-  ...
-  <reporting>
-    <plugins>
-      <plugin>
-        <groupId>com.github.spotbugs</groupId>
-        <artifactId>spotbugs-maven-plugin</artifactId>
-        <version>${projectVersion}</version>
-        <configuration>
-          <excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
-          <includeFilterFile>spotbugs-include.xml</includeFilterFile>
-        </configuration>
-      </plugin>
-    </plugins>
-  </reporting>
-  ...
-</project>
 +-----+
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
 
-
-
 * Specifying which bug filters to run
 
   To filter the classes and methods which are analyzed or omitted from analysis
@@ -168,12 +127,10 @@ mvn site
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
 
-
 * Specifying which bug detectors to run
 
   The <<<visitors>>> option specifies a comma-separated list of bug detectors which
@@ -203,12 +160,10 @@ mvn site
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
 
-
 * Specifying which bug detectors to skip
 
   The <<<omitVisitors>>> option is like the visitors attribute, except it specifies
@@ -236,12 +191,10 @@ mvn site
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
 
-
 * Specifying which classes to analyze
 
   The <<<onlyAnalyze>>> option restricts analysis to the given comma-separated
@@ -269,13 +222,10 @@ mvn site
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
 
-
-
 * Using Third party or your own detectors
 
   The <<<pluginList>>> option specifies a comma-separated list of optional BugDetector
@@ -303,12 +253,10 @@ mvn site
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
 
-
 * Using Detectors from a Repository
 
   The <<<plugins>>> option defines a collection of PluginArtifact to work on. (PluginArtifact contains groupId, artifactId, version, type.) 
@@ -341,7 +289,6 @@ mvn site
 
   Then, execute the site plugin to generate the report.
 
-
 +-----+
 mvn site
 +-----+
@@ -375,7 +322,6 @@ mvn site
 
   Then, execute the spotbugs plugin with the gui option.
 
-
 +-----+
 mvn spotbugs:gui
 +-----+