feat: add code quality tooling (compiler warnings + static analysis) #28#30
Open
Ayush-AM wants to merge 1 commit intoopenmainframeproject:release-5.1from
Open
Conversation
…penmainframeproject#28 Address OpenSSF Best Practices quality-related recommendations from issue openmainframeproject#28: Compiler Warnings: - Java: enable -Xlint:all via maven-compiler-plugin compilerArgs in pom.xml - C++: add -Wall -Wextra -Wpedantic to CXXFLAGS in cpp/envdef.mak - No -Werror used; warnings are informational only Static Analysis: - Java: add SpotBugs Maven plugin (v4.9.3.1) configured as best-effort (failOnError=false, effort=Max, threshold=Low, noClassOk=true) Run with: mvn spotbugs:check or mvn spotbugs:gui - C++: add 'lint' target in cpp/Makefile that runs cppcheck Run with: make lint (from cpp/ directory) Documentation: - Add QUALITY.md at repo root documenting: * enabled compiler warning flags for Java and C++ * static analysis tools and how to run them locally * best-effort nature with no SLA guarantees Verified locally: - mvn compile: BUILD SUCCESS with Xlint warnings surfaced - mvn spotbugs:check: BUILD SUCCESS, 55 findings reported - C++ warning flags: syntactically valid, apply to clang++ and ibm-clang++ - make lint: wired up, requires cppcheck installation to run Signed-off-by: Ayush Mahajan <140263932+Ayush-AM@users.noreply.github.com>
Author
|
@alexgubanow please sir have a look over this pr. If any other changes needed, feel free to tell me. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #28
Addresses OpenSSF Best Practices quality-related recommendations from issue #28.
As requested by @alexgubanow, this PR has been re-targeted against
release-5.1instead ofmaster.What changed and why
Compiler Warnings:
-Xlint:allviamaven-compiler-plugincompilerArgs inpom.xml.-Wall -Wextra -WpedantictoCXXFLAGSincpp/envdef.mak.-Werroris used; these surface informational warnings without failing the build.Static Analysis:
failOnError=false,effort=Max,threshold=Low,noClassOk=true).linttarget incpp/Makefilethat runscppcheck.Documentation:
QUALITY.mdat the repository root documenting the tooling, how to run it locally, and establishing that it works on a best-effort basis (no SLA guarantees).Results of Warnings Being Enabled
As requested, here are the outputs reflecting the current state of
release-5.1. Given the volume, I agree we should likely open a few more issues to resolve the warnings incrementally.Java Compiler Warnings Output (-Xlint:all)