在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):spotbugs/spotbugs-gradle-plugin开源软件地址(OpenSource Url):https://github.com/spotbugs/spotbugs-gradle-plugin开源编程语言(OpenSource Language):Groovy 66.5%开源软件介绍(OpenSource Introduction):SpotBugs Gradle PluginThis is the official Gradle Plugin to run SpotBugs on Java and Android project. GoalThis Gradle plugin is designed to solve the following problems in the legacy plugin:
UsageApply to your projectApply the plugin to your project. Refer the Gradle Plugin portal about the detail of installation procedure. Configure SpotBugs PluginConfigure spotbugs {
ignoreFailures = false
showStackTraces = true
showProgress = true
effort = 'default'
reportLevel = 'default'
visitors = [ 'FindSqlInjection', 'SwitchFallthrough' ]
omitVisitors = [ 'FindNonShortCircuit' ]
reportsDir = file("$buildDir/spotbugs")
includeFilter = file("include.xml")
excludeFilter = file("exclude.xml")
baselineFile = file("baseline.xml")
onlyAnalyze = [ 'com.foobar.MyClass', 'com.foobar.mypkg.*' ]
maxHeapSize = '1g'
extraArgs = [ '-nested:false' ]
jvmArgs = [ '-Duser.language=ja' ]
} with Kotlin DSLspotbugs {
ignoreFailures.set(false)
showStackTraces.set(true)
showProgress.set(true)
effort.set(com.github.spotbugs.snom.Effort.DEFAULT)
reportLevel.set(com.github.spotbugs.snom.Confidence.DEFAULT)
visitors.set(listOf("FindSqlInjection", "SwitchFallthrough"))
omitVisitors.set(listOf("FindNonShortCircuit"))
reportsDir.set(file("$buildDir/spotbugs"))
includeFilter.set(file("include.xml"))
excludeFilter.set(file("exclude.xml"))
baselineFile.set(file("baseline.xml"))
onlyAnalyze.set(listOf("com.foobar.MyClass", "com.foobar.mypkg.*"))
maxHeapSize.set("1g")
extraArgs.set(listOf("-nested:false"))
jvmArgs.set(listOf("-Duser.language=ja"))
} Configure dependencies {
spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0'
} with Kotlin DSLdependencies {
spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0")
} Configure dependencies {
spotbugs 'com.github.spotbugs:spotbugs:4.7.0'
} with Kotlin DSLdependencies {
spotbugs("com.github.spotbugs:spotbugs:4.7.0")
} Apply to Java projectApply this plugin with the If you want to create and configure Apply to Android projectTBU Configure the SpotBugsTaskConfigure // Example to configure HTML report
spotbugsMain {
reports {
html {
required = true
outputLocation = file("$buildDir/reports/spotbugs/main/spotbugs.html")
stylesheet = 'fancy-hist.xsl'
}
}
} with Kotlin DSLtasks.spotbugsMain {
reports.create("html") {
required.set(true)
outputLocation.set(file("$buildDir/reports/spotbugs.html"))
setStylesheet("fancy-hist.xsl")
}
} SpotBugs version mappingBy default, this Gradle Plugin uses the SpotBugs version listed in this table. You can change SpotBugs version by the
Refer the version in the build scriptFrom v4, the dependencies {
compileOnly "com.github.spotbugs:spotbugs-annotations:${spotbugs.toolVersion.get()}"
} with Kotlin DSLdependencies {
compileOnly("com.github.spotbugs:spotbugs-annotations:${spotbugs.toolVersion.get()}")
} DevelopmentSetup
#!/usr/bin/env python
import re, sys, os
#turn off the traceback as it doesn't help readability
sys.tracebacklimit = 0
def main():
# example:
# feat(apikey): added the ability to add api key to configuration
pattern = r'(build|ci|docs|feat|fix|perf|refactor|style|test|chore|revert)(\([\w\-]+\))?:\s.*'
filename = sys.argv[1]
ss = open(filename, 'r').read()
m = re.match(pattern, ss)
if m == None: raise Exception("Conventional commit validation failed. Did you forget to add one of the allowed prefixes? (build|ci|docs|feat|fix|perf|refactor|style|test|chore|revert)")
if __name__ == "__main__":
main()
Signing ArtifactsSince version 4.3, when we publish artifacts we now sign them. This is designed so that the build will still pass if you don't have the signing keys available, this way pull requests and forked repos will still work as before. Before github workflow can sign the artifacts generated during build, we first need to generate pgp keys (you will have to do this again when the key expires. once a year is a good timeframe) and upload them to the servers. See https://www.gnupg.org/faq/gnupg-faq.html#starting_out for more details. That means github needs the following secrets:
where Gradle is configured to use these to generate the private key in memory so as to minimize our risk of the keys being found and used by someone else. CopyrightCopyright © 2019-present SpotBugs Team |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论