How do I set up SpotBugs for Android?
I tried following the official documentation and that of the gradle plugin, but the setup for Android is incomplete and confusing, and didn't work.
I tried the following setup.
build.gradle (project):
buildscript {
repositories {
// ...
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
// ...
classpath "gradle.plugin.com.github.spotbugs:spotbugs-gradle-plugin:1.6.4"
}
}
build.gradle (app):
//...
apply plugin: "com.github.spotbugs"
android {
// ...
sourceSets {
main {
java.srcDirs = ['src/main/java']
}
}
}
// ...
spotbugs {
toolVersion = "3.1.3"
ignoreFailures = true
reportsDir = file("$project.buildDir/findbugsReports")
effort = "max"
reportLevel = "high"
}
tasks.withType(com.github.spotbugs.SpotBugsTask) {
// What do I need to do here?
}
I tried running it with ./gradlew spotbugsMain, but the gradle task is missing.
Am I supposed to add the task manually? How do I do that?
Could you show me an example of a minimal working setup for an Android project?
I made some tests on my side and I manage to make it work like this :
1) Move the sourceSets declaration outside the android block. Leave it empty, it's just for the spotbugsMain task generation, it won't impact the global Android build.
android {
// ...
}
sourceSets {
main {
java.srcDirs = []
}
}
2) Keep your spotbugs block and configure the SpotBugsTask tasks like this :
tasks.withType(com.github.spotbugs.SpotBugsTask) {
classes = files("$projectDir.absolutePath/build/intermediates/classes/debug")
source = fileTree('src/main/java')
}
It will generate reports in app/build/findbugsReports
Important :
It only works with the ./gradlew build command, ./gradlew spotbugsMain won't work as the project must be built before
You can fix that adding an assemble dependency :
tasks.withType(com.github.spotbugs.SpotBugsTask) {
dependsOn 'assemble'
classes = files("$projectDir.absolutePath/build/intermediates/classes/debug")
source = fileTree('src/main/java')
}
Following on from ToYonos answer (9 October 2018); Use this for Android Studio 3.4 and above:
project/build.gradle
buildscript {
repositories {
google()
jcenter()
maven {
url 'https:// maven url 1'
}
maven {
url "https://plugins.gradle.org/m2/" // Add this, for SpotBugs
}
}
dependencies {
classpath '...'
// If you're using gradle 6.x, add this to use SpotBugs app version 4.0.2
classpath "gradle.plugin.com.github.spotbugs.snom:spotbugs-gradle-plugin:4.3.0"
// If you're using gradle 4.x or 5.x, add this to use SpotBugs app version 3.1.2
classpath "com.github.spotbugs:spotbugs-gradle-plugin:2.0.1"
}
}
project/app/build.gradle
apply plugin: 'com.android.application'
apply plugin: '...'
apply plugin: "com.github.spotbugs" // <- Add this
dependencies {
...
}
// This block is only needed for gradle 4/5 only.
// It's for SpotBugs to create a 'spotbugsMain' gradle task.
sourceSets {
main {
java.srcDirs = []
}
}
spotbugs {
ignoreFailures = true
reportsDir = file("$project.buildDir/SpotBugsReports")
effort = "max"
reportLevel = "high"
}
// Note: gradle 4/5 should use "com.github.spotbugs.SpotBugsTask"
tasks.withType(com.github.spotbugs.snom.SpotBugsTask) {
dependsOn 'assembleDebug'
classes = files("$project.buildDir/intermediates/javac") // Important to use this path
excludeFilter = file("$project/spot-bugs-exclude.xml") // Optional - Explained below
source = fileTree('src/main/java') // Only needed on gradle 4/5
reports {
// Enable HTML report only
html.enabled = true
xml.enabled = false
}
}
You can generate a report for your debug build by running the gradle task:
For gradle 6.x: ./gradlew spotbugsDebug
For gradle 5 or 4: ./gradlew spotbugsMain
It's important to use classes = files("$project.buildDir/intermediates/javac") , otherwise you'll get an error "java.io.IOException: No files to analyze could be opened" -- see Findbugs fails with "java.io.IOException: No files to analyze could be opened"
You'll also need to enable the HTML report and disable XML report, to see a human-readable format.
ignoreFailures = true is optional. When SpotBugs detects a code warning, by default it will end with "BUILD FAILED" + a report file. Setting ignoreFailures = true means the gradle task will end with "BUILD SUCCESSFUL" + a report file.
To exclude some generated classes from the analysis, setup an excludeFilter. For a sample exclude file, check here or here (same as findbugs-exclude.xml)
More information and tutorial here: https://mikedemaso.com/tech/2020-06-10-spotbugs-gradle-plugin-android/
Related
I have and Android module which contains a Gradle JavaExec task. When running the JavaExec task, I would like it to use the classpath of the module.
The JavaExec task executes a Kotlin main function which uses some 3rd party library (kotlinpoet). But when running the Gradle task, I'm getting a java.lang.ClassNotFoundException due to kotlinpoet library not being included in the classpath.
I've found similar issues in StackOverflow, and tried many variants for the classpath parameter in the myTask, but nothing that worked.
Here's is the build.gradle file:
plugins {
id 'com.android.library'
id 'kotlin-android'
}
apply plugin: 'kotlinx-serialization'
android {
compileSdkVersion 30
defaultConfig {
...
}
buildTypes {
...
}
compileOptions {
...
}
kotlinOptions {
jvmTarget = '1.8'
}
}
task myTask(type: JavaExec) {
classpath += (files('build/tmp/kotlin-classes/debug', "${android.sdkDirectory}/tools/lib/kotlin-stdlib-1.1.3-2.jar", getBuildDir().toString() + "/intermediates/classes/debug"))
main = 'com.foo.app.home.parser.MainKt'
}
tasks.named('build') { dependsOn('configGeneratorTask') }
dependencies {
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
implementation "androidx.core:core-ktx:$androidx_core_ktx"
implementation "org.jetbrains.kotlinx:kotlinx-serialization-core:$kotlinx_serialization_version"
implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:$kotlinx_serialization_version"
implementation 'com.squareup:kotlinpoet:1.10.2'
}
You can get the classpath from each variant. This should do the trick:
afterEvaluate { // needed to make sure all android setup is available
task myTask(type: JavaExec) {
// you probably don't even need to set all these paths manually anymore
classpath += files(
'build/tmp/kotlin-classes/debug',
"${android.sdkDirectory}/tools/lib/kotlin-stdlib-1.1.3-2.jar",
getBuildDir().toString() + "/intermediates/classes/debug"
)
android.applicationVariants.each { variant -> // or libraryVariants
// add each variant's compiler classpath onto this classpath
classpath += variant.javaCompileProvider.get().classpath
}
// uncomment the line below if you need the android.jar etc
// classpath += files(android.bootClasspath)
// setting main directly is now deprecated. Set it like this:
mainClass.set('com.foo.app.home.parser.MainKt')
}
}
Also see this answer here: https://stackoverflow.com/a/37268008/3968618
I'm trying to use dokka on my android project to generate kdoc.
But I have this error when I'm running the script 'modules:app [dokka]' :
Could not determine the dependencies of task ':app:dokka'.
kotlin.KotlinNullPointerException (no error message)
I added the following lines on my gradle files :
Project build.gradle
buildscript {
ext {
dokka_version = '0.9.18'
}
dependencies {
classpath "org.jetbrains.dokka:dokka-android-gradle-plugin:$dokka_version"
}
}
app build.gradle
plugins {
id 'org.jetbrains.dokka-android'
}
dokka {
outputFormat = 'html'
sourceDirs = files('src/main')
outputDirectory = "$buildDir/javadoc"
}
Could not determine the dependencies of task ':app:dokka'.
kotlin.KotlinNullPointerException (no error message)
The issue is that it's a multiplatform project. In the app level gradle file, I'm also applying the org.jetbrains.kotlin.multiplatform plugin. As described in the dokka github release page:
Experimental Kotlin Multiplatform support is scheduled for 0.9.19
Looks like there's no other solution than wait for the next release of dokka.
Edit: There's a workaround described on the kolinlang forum
dokka {
impliedPlatforms = ["common"] // This will force platform tags for all non-common sources e.g. "JVM"
kotlinTasks {
// dokka fails to retrieve sources from MPP-tasks so they must be set empty to avoid exception
// use sourceRoot instead (see below)
[]
}
sourceRoot {
// assuming there is only a single source dir...
path = kotlin.sourceSets.commonMain.kotlin.srcDirs[0]
platforms = ["common"]
}
}
I've been working on adding SpotBugs to the android project I'm currently working on. I managed to get it working but I'm not overly thrilled of the way it's set up. For now the configuration resides inside my app/build.gradle file, which makes the file less manageable.
I was wondering if there's an expert on SpotBugs/Gradle who knows a way to pull the configuration out into a separate file.
Here's my app/build.gradle (boilerplate removed):
buildscript {
repositories {
...
}
dependencies {
classpath 'com.stanfy.spoon:spoon-gradle-plugin:1.2.2'
classpath 'io.fabric.tools:gradle:1.25.4'
classpath "org.jetbrains.dokka:dokka-android-gradle-plugin:$dokka_version"
}
}
plugins {
id 'com.gladed.androidgitversion' version '0.4.3'
id "com.github.spotbugs" version "1.6.2"
}
...
apply plugin: 'com.github.spotbugs'
apply from: '../config/quality/quality.gradle'
apply from: '../app/jacoco.gradle'
apply from: '../app/ktlint.gradle'
apply from: '../app/androidgit.gradle'
...
spotbugs {
toolVersion = '3.1.3'
ignoreFailures = false
effort = "min"
// This selects what level of bugs to report: low means low priority issues will be reported
// (in addition to medium+high), which corresponds to warning about everything.
// TODO: boost this to low once low priority issues are fixed.
reportLevel = "medium"
excludeFilter = new File("$project.rootDir/config/quality/spotbugs/android-exclude-filter.xml")
}
task spotbugs(type: com.github.spotbugs.SpotBugsTask, dependsOn: 'assemble', group: 'verification') {
classes = files("$projectDir.absolutePath/build/intermediates/app_classes/debug")
source = fileTree('src/main/java')
// Only one report format is supported. Html is easier to read, so let's use that
// (xml is the one that's enabled by default).
reports {
xml.enabled = false
html.enabled = true
}
classpath = files()
}
EDIT
Whenever I'm trying to separate SpotBugs from my app/build.gradle I run into the following error:
Could not get unknown property 'SpotBugsTask' for project ':app' of type org.gradle.api.Project.
Here's my gradle file:
apply plugin: 'com.github.spotbugs'
dependencies {
checkstyle 'com.puppycrawl.tools:checkstyle:8.11'
spotbugs "gradle.plugin.com.github.spotbugs:spotbugs-gradle-plugin:1.6.2"
// spotbugs configurations.spotbugsPlugins.dependencies
// spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.8.0'
}
def qualityConfigDir = "$project.rootDir/config/quality";
def reportsDir = "$project.buildDir/reports"
check.dependsOn 'checkstyle'
task checkstyle(type: Checkstyle, group: 'Verification', description: 'Runs code style checks') {
configFile file("$qualityConfigDir/checkstyle/checkstyle-config.xml")
source 'src/main/java'
include '**/*.java'
exclude '**/model/**'
exclude '**/AppLogger.java'
reports {
xml.enabled = true
xml {
destination file("$reportsDir/checkstyle/checkstyle.xml")
}
}
classpath = files()
}
spotbugs {
toolVersion = '3.1.3'
ignoreFailures = false
effort = "min"
// This selects what level of bugs to report: low means low priority issues will be reported
// (in addition to medium+high), which corresponds to warning about everything.
// TODO: boost this to low once low priority issues are fixed.
reportLevel = "medium"
excludeFilter = new File("$project.rootDir/config/quality/spotbugs/android-exclude-filter.xml")
}
task spotbugs(type: SpotBugsTask, dependsOn: 'assemble', group: 'verification') {
classes = files("$projectDir.absolutePath/build/intermediates/app_classes/debug")
source = fileTree('src/main/java')
// Only one report format is supported. Html is easier to read, so let's use that
// (xml is the one that's enabled by default).
reports {
xml.enabled = false
html.enabled = true
}
classpath = files()
}
Finally managed to find a solution.
I had to add the following to the section where I apply all the plugins in my app/build.gradle file:
project.extensions.extraProperties.set('SpotBugsTask', com.github.spotbugs.SpotBugsTask)
So it ended up looking like this:
buildscript {
repositories {
mavenCentral()
jcenter()
maven { url 'https://maven.fabric.io/public' }
}
dependencies {
classpath 'com.stanfy.spoon:spoon-gradle-plugin:1.2.2'
classpath 'io.fabric.tools:gradle:1.25.4'
classpath "org.jetbrains.dokka:dokka-android-gradle-plugin:$dokka_version"
}
}
plugins {
id 'com.gladed.androidgitversion' version '0.4.3'
id "com.github.spotbugs" version "1.6.2"
}
// Workaround to be able to access SpotBugsTask from external gradle script.
// More info: https://discuss.gradle.org/t/buildscript-dependencies-in-external-script/23243
project.extensions.extraProperties.set('SpotBugsTask', com.github.spotbugs.SpotBugsTask)
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'kotlin-kapt'
apply plugin: 'org.jetbrains.dokka-android'
apply plugin: 'io.fabric'
apply plugin: 'spoon'
apply from: '../app/checkstyle.gradle'
apply from: '../app/jacoco.gradle'
apply from: '../app/ktlint.gradle'
apply from: '../app/androidgit.gradle'
apply from: '../app/spotbugs.gradle'
android {
...
My spotbugs.gradle file:
dependencies {
spotbugs configurations.spotbugsPlugins.dependencies
spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.8.0'
}
def qualityConfigDir = "$project.rootDir/config/quality"
def reportsDir = "$project.buildDir/reports"
spotbugs {
toolVersion = "$spotbugs_version"
ignoreFailures = false
effort = "min"
// This selects what level of bugs to report: low means low priority issues will be reported
// (in addition to medium+high), which corresponds to warning about everything.
// TODO: boost this to low once low priority issues are fixed.
reportLevel = "medium"
excludeFilter = new File("$qualityConfigDir/config/quality/spotbugs/android-exclude-filter.xml")
}
tasks.register("spotbugs", SpotBugsTask) {
dependsOn 'assemble'
group = "verification"
classes = files("$projectDir.absolutePath/build/intermediates/app_classes/debug")
source = fileTree('src/main/java')
// Only one report format is supported. Html is easier to read, so let's use that
// (xml is the one that's enabled by default).
reports {
xml.enabled = true
xml {
destination file("$reportsDir/spotbugs/spotbugs.xml")
}
html.enabled = true
}
classpath = files()
}
For anyone stumbling across this thread, and not satisfied with the above answer (you should question anytime you see "this works" without a "because ..."), note that if you're using an external buildscript file like the OP, and trying to configure the tasks, the real problem is that the script plugin ClassLoader is isolated from the project buildscript ClassLoader, the java.lang.Class instances representing the type com.github.spotbugs.SpotBugsTask are different, thus thewithType call doesn't match anything.
See gradle-native#742 and gradle#1262 for details, and some solutions to make it work.
We created an Android app with a webview which shows a local website from the assets folder.
The project has different Product Flavors to generate diffent apps with different styles and content but with the same codebas (native Java and HTML / JS).
For each flavor we want to define a diffent sass file with the colors and tweaks for that specific flavour.
I know that I need to create a task in gradle which builds the CSS files but I have no idea where to start:
How do I get the url of the assets folder of a specific flavour?
Can I use a special gradle plugin for building sass or do I have to create a task which executes the "sass" command?
When I use another gradle plugin like compass, how do I configure the right folders for each flavour? The plugin settings are in the top level and not in the Android plugin level.
I finaly have the solution!
Add this to your build.gradle in the main folder (not of your app):
buildscript {
repositories {
jcenter()
mavenCentral()
maven { url 'http://dl.bintray.com/robfletcher/gradle-plugins' }
}
dependencies {
classpath 'com.android.tools.build:gradle:1.3.0'
classpath 'com.github.robfletcher:compass-gradle-plugin:2.0.6'
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
allprojects {
repositories {
jcenter()
}
}
Add this the build.gradle of the app module:
apply plugin: 'com.android.application'
apply plugin: 'com.github.robfletcher.compass'
android {
[..]
android.applicationVariants.all { variant ->
for (output in variant.outputs) {
def assetsDir = output.packageApplication.assets;
tasks["merge${variant.name.capitalize()}Assets"].doLast() {
println "Assets folder: " + assetsDir
def _ccsDir = file("$assetsDir/css")
def _sassDir = file("$assetsDir/sass")
def _imagesDir = file("$assetsDir/images")
def _javascriptsDir = file("$assetsDir/js")
def _fontsDir = file("$assetsDir/fonts")
project.compass {
cssDir = _ccsDir
sassDir = _sassDir
imagesDir = _imagesDir
javascriptsDir = _javascriptsDir
fontsDir = _fontsDir
}
//compileSass
project.compassCompile.execute()
}
}
}
}
I never thought it would work out but it works!
I have an android project. I want to introduce findbugs in my project as a gradle plugin. I tried to edit the project's build.gradle as below.
buildscript {
repositories {
mavenCentral()
maven { url 'https://maven.fabric.io/public' }
}
dependencies {
classpath 'com.android.tools.build:gradle:1.0.0+'
classpath 'io.fabric.tools:gradle:1.+'
}
}
apply plugin: "java"
apply plugin: "findbugs"
findbugs {
toolVersion = "2.0.1"
sourceSets = [sourceSets.main]
ignoreFailures = false
reportsDir = file("$project.buildDir/findbugsReports")
effort = "max"
reportLevel = "high"
includeFilter = file("$rootProject.projectDir/config/findbugs/includeFilter.xml")
excludeFilter = file("$rootProject.projectDir/config/findbugs/excludeFilter.xml")
}
Is this plugin correct?
Does anything neeed to be added or removed?
Now what should I do to get the results of this findbugs check?
What gradle command should I use?
Just place this in your modules build.gradle.
apply plugin: 'findbugs'
task customFindbugs(type: FindBugs) {
ignoreFailures = false
effort = "max"
reportLevel = "low"
classes = files("$project.buildDir/intermediates/classes")
// Use this only if you want exclude some errors
excludeFilter = file("$rootProject.rootDir/config/findbugs/exclude.xml")
source = fileTree('src/main/java/')
classpath = files()
reports {
xml.enabled = false
xml.withMessages = true
html.enabled = !xml.isEnabled()
xml.destination "$project.buildDir/outputs/findbugs/findbugs-output.xml"
html.destination "$project.buildDir/outputs/findbugs/findbugs-output.html"
}
}
build.dependsOn customFindbugs
Then after changing directory to your project path from command line, use
./gradlew build
The error report will be in $project.buildDir/outputs/findbugs/findbugs-output.html
I modified a little bit Nevin Raj Victor's answer.
This version generates a findbug task for each build variant, and (more importantly) it correctly creates dependencies on their respective compilation tasks. Indeed, findbugs requires the code to be compiled before it can be analyzed.
// findbug tasks for each variant
apply plugin: 'findbugs'
android.applicationVariants.all { variant ->
task("findbugs${variant.name.capitalize()}", type: FindBugs) {
description "Analyze ${variant.name} code with the findbugs tool"
group "Verification"
ignoreFailures = true
effort = "default"
reportLevel = "medium"
classes = files("$project.buildDir/intermediates/classes/${variant.dirName}")
excludeFilter = file("$rootProject.rootDir/findbugs/findbugs-filter.xml")
source = variant.javaCompile.source
classpath = variant.javaCompile.classpath
reports {
// Only one of HTML or XML can be turned on at the same time
html.enabled = true
xml.enabled = !html.enabled
xml.withMessages = true
html.destination = "$project.buildDir/outputs/findbugs/findbugs-${variant.name}-output.html"
xml.destination = "$project.buildDir/outputs/findbugs/findbugs-${variant.name}-output.xml"
}
dependsOn "compile${variant.name.capitalize()}JavaWithJavac"
}
}
After this, you can run
./gradlew findbugsDebug
./gradlew findbugsRelease
Or other findbugs tasks on different variants, depending on your configuration.
Please take a look at this project https://github.com/Piasy/AndroidCodeQualityConfig.
This project including lint, pmd, findbugs, checkstyle, jacoco code coverage.And support project with submodules.
I see some problems with your configuration:
instead of 2.0.1 version use latest 3.0.1
set reportLevel to low instead of high to report all the violations
for the first analysis you don't need to configure any includeFilter or excludeFilter - these are only whitelist and blacklists of checks if you need some customization
To run analysis just invoke gradle findbugsMain. Results should be visible in the output.