Foros de discusión

SonarQube Quality Profile

Javier Castillo, modificado hace 9 años.

SonarQube Quality Profile

New Member Mensajes: 2 Fecha de incorporación: 11/04/12 Mensajes recientes
Hi,

we're trying to integrate SonarQube 5.X server with our liferay portlet projects but, since Liferay development style (https://www.liferay.com/es/community/wiki/-/wiki/Main/Development+Style) does not use Java Conventions at 100% (Private methods, fields and constants start with underscore for example) there are many issues with Sun or PMD checks.

Is there any "Liferay Profile" that you use for SonarQube somewhere in docs or in source code so that i could import to my Sonar server?

Thanks for your help.
thumbnail
David H Nebinger, modificado hace 9 años.

RE: SonarQube Quality Profile

Liferay Legend Mensajes: 14914 Fecha de incorporación: 2/09/06 Mensajes recientes
Not that I know of.

Personally the java conventions thing you're referring to I don't really like. private fields, sure, but I hate private methods in classes. A developer who is smart enough to separate out functionality to separate methods should also be smart enough to know that some other developer would eventually need to extend their class and would want to override the private methods. I've been bitten by this more times than I can count. There is no hard and fast rule about method scope which works for everyone, but a 100% private rule is just plain wrong.

Liferay code will fail your sun and pmd checks. They are extremely bad at defensive programming (sorry, Liferay, but you know it's true) and follow a style from when they started more than 10 years ago. That last part is not meant to be a slight, in fact once you get used to the style you know you can read all of the Liferay code and expect the same thing, even across versions.

Whatever rules you could define that wouldn't flag all Liferay code, well those rules would leave you with such big gaps that nothing would get through.

Best recommendation I can make is to keep your rules the way you want them and ignore failures coming from Liferay code. Ensure your code satisfies the rules and trust the Liferay code won't break emoticon
thumbnail
Ravi Kumar Gupta, modificado hace 9 años.

RE: SonarQube Quality Profile

Liferay Legend Mensajes: 1302 Fecha de incorporación: 24/06/09 Mensajes recientes
We have been using Sonar for almost all of the projects. We simply do not care for liferay code. We can't change that.. right? So, we have our own config done for sonar, pmd, checkstyle etc. We only check our custom code in portlets.
Javier Castillo, modificado hace 9 años.

RE: SonarQube Quality Profile

New Member Mensajes: 2 Fecha de incorporación: 11/04/12 Mensajes recientes
After reading your opinions, we're keeping our coding style and Sonar rules with pmd, sonar, etc and excluding Liferay code from the analysis, (overriden classes are candidates for an intensive false-positive check...but as Ravi said, is liferay code, we can't change that...emoticon).

Thanks for your fast response.
Edward A, modificado hace 6 años.

RE: SonarQube Quality Profile

New Member Mensajes: 23 Fecha de incorporación: 16/06/17 Mensajes recientes
Hello,

I realize that you have already answered this question, but it's been quite a while since you did. So, has anything changed in regard to Liferay testing using SonarQube?

We are developing an intranet for a company that won't let us deploy on their servers unless the tests come out clean. For that reason, we ran some tests and realized that some parts of the code autogenerated by Liferay do not pass them.

What is your personal recommendation?


Thanks!

Edit: This is what my report says:


Classes not found during the analysis : [javax.portlet.ActionRequest, javax.portlet.ActionResponse, javax.portlet.PortletConfig, javax.portlet.PortletException, javax.portlet.PortletMode, javax.portlet.PortletPreferences, javax.portlet.PortletRequest, javax.portlet.PortletResponse, javax.portlet.PortletURL, javax.portlet.PreferencesValidator, javax.portlet.RenderRequest, javax.portlet.ResourceRequest, javax.portlet.ResourceResponse, javax.portlet.ValidatorException, javax.portlet.WindowState, javax.servlet.ServletContext, javax.servlet.ServletException, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession, org.osgi.util.tracker.ServiceTracker]
Reports path contains no files matching TEST-.*.xml : /Users/sisu/Documents/workspace-procesar_liferay/ProceSAR/modules/Procesar-Services/Procesar-Services-service/build/test-results/test
Classes not found during the analysis : [javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse]
Reports path contains no files matching TEST-.*.xml : /Users/sisu/Documents/workspace-procesar_liferay/ProceSAR/modules/Procesar-Services/Procesar-Services-api/build/test-results/test
Classes not found during the analysis : [org.osgi.util.tracker.ServiceTracker]
Reports path contains no files matching TEST-.*.xml : /Users/sisu/Documents/workspace-procesar_liferay/ProceSAR/modules/Links/build/test-results/test


We have not yet created TEST-.*.xml files, because we wanted to see how Liferay does when tested without any added code other than an mvc portlet and a service builder.
thumbnail
David H Nebinger, modificado hace 6 años.

RE: SonarQube Quality Profile

Liferay Legend Mensajes: 14914 Fecha de incorporación: 2/09/06 Mensajes recientes
Those classes come from the portlet and servlet spec jars along with an OSGi jar. Looks like you're just missing some jars in the path.









Come meet me at Devcon 2017 or 2017 LSNA!
Edward A, modificado hace 6 años.

RE: SonarQube Quality Profile

New Member Mensajes: 23 Fecha de incorporación: 16/06/17 Mensajes recientes
Thank you so much for replying to my comment so quickly.
So, if I'm understanding correctly, there should be nothing wrong with Liferay and all I need to do is include the jars that I'm missing. My question now is: Why am I missing these jars?, and what is the correct way of adding them?

Thanks!
thumbnail
David H Nebinger, modificado hace 6 años.

RE: SonarQube Quality Profile

Liferay Legend Mensajes: 14914 Fecha de incorporación: 2/09/06 Mensajes recientes
I have no idea how you have set up your testing environment.









Come meet me at Devcon 2017 or 2017 LSNA!
Edward A, modificado hace 6 años.

RE: SonarQube Quality Profile

New Member Mensajes: 23 Fecha de incorporación: 16/06/17 Mensajes recientes
Hi!

Oh, I think I understand now. So, that message just means that SonarQube is not finding the jar location of the third party libs used in my project. Ok, I get it.


Thanks! emoticon