Skip to content
This repository has been archived by the owner on Mar 2, 2024. It is now read-only.

A plugin for Maven that will find report files from static code analysis and comment merge requests in GItLab with them. Edit Add topics Edit Add topics

License

Notifications You must be signed in to change notification settings

tomasbjerre/violation-comments-to-gitlab-maven-plugin

Repository files navigation

There are very few users of this tool, so I am archiving it and referring to:


Violation Comments to GitLab Maven Plugin

Maven Central

This is a Maven plugin for Violation Comments to GitLab Lib.

It can parse results from static code analysis and comment merge requests in GitLab with them.

An alternative is also to have violations-command-line convert the violations to CodeClimate format and upload that to GitLab. It is explained in readme of violations-command-line.

The merge must be performed first in order for the commented lines in the MR to match the lines reported by the analysis tools!

Example of supported reports are available here.

A number of parsers have been implemented. Some parsers can parse output from several reporters.

Reporter Parser Notes
ARM-GCC CLANG
AndroidLint ANDROIDLINT
Ansible-Later ANSIBLELATER With json format
AnsibleLint FLAKE8 With -p
Bandit CLANG With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}"
CLang CLANG
CPD CPD
CPPCheck CPPCHECK With cppcheck test.cpp --output-file=cppcheck.xml --xml
CPPLint CPPLINT
CSSLint CSSLINT
Checkstyle CHECKSTYLE
CloudFormation Linter JUNIT cfn-lint . -f junit --output-file report-junit.xml
CodeClimate CODECLIMATE
CodeNarc CODENARC
Dart MACHINE With dart analyze --format=machine
Dependency Check SARIF Using --format SARIF
Detekt CHECKSTYLE With --output-format xml.
DocFX DOCFX
Doxygen CLANG
ERB CLANG With erb -P -x -T '-' "${it}" | ruby -c 2>&1 >/dev/null | grep '^-' | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out.
ESLint CHECKSTYLE With format: 'checkstyle'.
Findbugs FINDBUGS
Flake8 FLAKE8
FxCop FXCOP
GCC CLANG
GHS GHS
Gendarme GENDARME
Generic reporter GENERIC Will create one single violation with all the content as message.
GoLint GOLINT
GoVet GOLINT Same format as GoLint.
GolangCI-Lint CHECKSTYLE With --out-format=checkstyle.
GoogleErrorProne GOOGLEERRORPRONE
HadoLint CHECKSTYLE With -f checkstyle
IAR IAR With --no_wrap_diagnostics
Infer PMD Facebook Infer. With --pmd-xml.
JACOCO JACOCO
JCReport JCREPORT
JSHint JSLINT With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle
JUnit JUNIT It only contains the failures.
KTLint CHECKSTYLE
Klocwork KLOCWORK
KotlinGradle KOTLINGRADLE Output from Kotlin Gradle Plugin.
KotlinMaven KOTLINMAVEN Output from Kotlin Maven Plugin.
Lint LINT A common XML format, used by different linters.
MSBuildLog MSBULDLOG With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename
MSCpp MSCPP
Mccabe FLAKE8
MyPy MYPY
NullAway GOOGLEERRORPRONE Same format as Google Error Prone.
PCLint PCLINT PC-Lint using the same output format as the Jenkins warnings plugin, details here
PHPCS CHECKSTYLE With phpcs api.php --report=checkstyle.
PHPPMD PMD With phpmd api.php xml ruleset.xml.
PMD PMD
Pep8 FLAKE8
PerlCritic PERLCRITIC
PiTest PITEST
ProtoLint PROTOLINT
Puppet-Lint CLANG With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}
PyDocStyle PYDOCSTYLE
PyFlakes FLAKE8
PyLint PYLINT With pylint --output-format=parseable.
ReSharper RESHARPER
RubyCop CLANG With rubycop -f clang file.rb
SARIF SARIF v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2".
SbtScalac SBTSCALAC
Scalastyle CHECKSTYLE
Semgrep SEMGREP With --json.
Simian SIMIAN
Sonar SONAR With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' | jq -f sonar-report-builder.jq > sonar-report.json.
Spotbugs FINDBUGS
StyleCop STYLECOP
SwiftLint CHECKSTYLE With --reporter checkstyle.
TSLint CHECKSTYLE With -t checkstyle
Valgrind VALGRIND With --xml=yes.
XMLLint XMLLINT
XUnit XUNIT It only contains the failures.
YAMLLint YAMLLINT With -f parsable
ZPTLint ZPTLINT

51 parsers and 78 reporters.

Missing a format? Open an issue here!

Usage

There is a running example here and it is invoked here.

Here is an example:

	<plugin>
		<groupId>se.bjurr.violations</groupId>
		<artifactId>violation-comments-to-gitlab-maven-plugin</artifactId>
		<version>X</version>
		<executions>
			<execution>
				<id>ViolationCommentsToGitLab</id>
				<goals>
					<goal>violation-comments</goal>
				</goals>
				<configuration>
					<gitLabUrl>${GITLAB_URL}</gitLabUrl>
					<mergeRequestIid>${GITLAB_mergeRequestIid}</mergeRequestIid>
					<projectId>${GITLAB_PROJECTID}</projectId>
					<commentOnlyChangedContent>true</commentOnlyChangedContent>
					<commentOnlyChangedContentContext>0</commentOnlyChangedContentContext>
					<createCommentWithAllSingleFileComments>true</createCommentWithAllSingleFileComments>
					<createSingleFileComments>true</createSingleFileComments>
					<keepOldComments>false</keepOldComments>
					<minSeverity>INFO</minSeverity>
					<apiTokenPrivate>true</apiTokenPrivate>
					<apiToken>${GITLAB_APITOKEN}</apiToken>
					<ignoreCertificateErrors>true</ignoreCertificateErrors>
					<shouldSetWip>false</shouldSetWip>
					<violations>
						<violation>
							<parser>FINDBUGS</parser>
							<reporter>Findbugs</reporter>
							<folder>.</folder>
							<pattern>.*/findbugs/.*\.xml$</pattern>
						</violation>
						<violation>
							<parser>PMD</parser>
							<reporter>PMD</reporter>
							<folder>.</folder>
							<pattern>.*/pmd/.*\.xml$</pattern>
						</violation>
						<violation>
							<parser>CHECKSTYLE</parser>
							<reporter>Checkstyle</reporter>
							<folder>.</folder>
							<pattern>.*/checkstyle/.*\.xml$</pattern>
						</violation>
						<violation>
							<parser>JSHINT</parser>
							<reporter>JSHint</reporter>
							<folder>.</folder>
							<pattern>.*/jshint/.*\.xml$</pattern>
						</violation>
						<violation>
							<parser>CSSLINT</parser>
							<reporter>CSSLint</reporter>
							<folder>.</folder>
							<pattern>.*/csslint/.*\.xml$</pattern>
						</violation>
					</violations>
				</configuration>
			</execution>
		</executions>
	</plugin>

You may also have a look at Violations Lib.

About

A plugin for Maven that will find report files from static code analysis and comment merge requests in GItLab with them. Edit Add topics Edit Add topics

Resources

License

Stars

Watchers

Forks

Sponsor this project

Packages

No packages published

Contributors 3

  •  
  •  
  •