Adding SpotBugs to my project

android gradle spotbugs
Bohsen picture Bohsen · Jul 5, 2018 · Viewed 9.5k times · Source

I've been working on adding SpotBugs to the android project I'm currently working on. I managed to get it working but I'm not overly thrilled of the way it's set up. For now the configuration resides inside my app/build.gradle file, which makes the file less manageable.

I was wondering if there's an expert on SpotBugs/Gradle who knows a way to pull the configuration out into a separate file.

Here's my app/build.gradle (boilerplate removed):

buildscript {
    repositories {
        ...
    }

    dependencies {
        classpath 'com.stanfy.spoon:spoon-gradle-plugin:1.2.2'
        classpath 'io.fabric.tools:gradle:1.25.4'
        classpath "org.jetbrains.dokka:dokka-android-gradle-plugin:$dokka_version"
    }
}

plugins {
    id 'com.gladed.androidgitversion' version '0.4.3'
    id "com.github.spotbugs" version "1.6.2"
}

...
apply plugin: 'com.github.spotbugs'
apply from: '../config/quality/quality.gradle'
apply from: '../app/jacoco.gradle'
apply from: '../app/ktlint.gradle'
apply from: '../app/androidgit.gradle'

...

spotbugs {
    toolVersion = '3.1.3'
    ignoreFailures = false

    effort = "min"
    // This selects what level of bugs to report: low means low priority issues will be reported
    // (in addition to medium+high), which corresponds to warning about everything.
    // TODO: boost this to low once low priority issues are fixed.
    reportLevel = "medium"

    excludeFilter = new File("$project.rootDir/config/quality/spotbugs/android-exclude-filter.xml")
}

task spotbugs(type: com.github.spotbugs.SpotBugsTask, dependsOn: 'assemble', group: 'verification') {
    classes = files("$projectDir.absolutePath/build/intermediates/app_classes/debug")

    source = fileTree('src/main/java')


    // Only one report format is supported. Html is easier to read, so let's use that
    // (xml is the one that's enabled by default).
    reports {
        xml.enabled = false
        html.enabled = true
    }

    classpath = files()
}

EDIT

Whenever I'm trying to separate SpotBugs from my app/build.gradle I run into the following error:

Could not get unknown property 'SpotBugsTask' for project ':app' of type org.gradle.api.Project.

Here's my gradle file:

apply plugin: 'com.github.spotbugs'

dependencies {
    checkstyle 'com.puppycrawl.tools:checkstyle:8.11'
    spotbugs "gradle.plugin.com.github.spotbugs:spotbugs-gradle-plugin:1.6.2"
//    spotbugs configurations.spotbugsPlugins.dependencies
//    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.8.0'
}

def qualityConfigDir = "$project.rootDir/config/quality";
def reportsDir = "$project.buildDir/reports"

check.dependsOn 'checkstyle'

task checkstyle(type: Checkstyle, group: 'Verification', description: 'Runs code style checks') {
    configFile file("$qualityConfigDir/checkstyle/checkstyle-config.xml")
    source 'src/main/java'
    include '**/*.java'
    exclude '**/model/**'
    exclude '**/AppLogger.java'
    reports {
        xml.enabled = true
        xml {
            destination file("$reportsDir/checkstyle/checkstyle.xml")
        }
    }

    classpath = files()
}

spotbugs {
    toolVersion = '3.1.3'
    ignoreFailures = false

    effort = "min"
    // This selects what level of bugs to report: low means low priority issues will be reported
    // (in addition to medium+high), which corresponds to warning about everything.
    // TODO: boost this to low once low priority issues are fixed.
    reportLevel = "medium"

    excludeFilter = new File("$project.rootDir/config/quality/spotbugs/android-exclude-filter.xml")
}

task spotbugs(type: SpotBugsTask, dependsOn: 'assemble', group: 'verification') {
    classes = files("$projectDir.absolutePath/build/intermediates/app_classes/debug")

    source = fileTree('src/main/java')


    // Only one report format is supported. Html is easier to read, so let's use that
    // (xml is the one that's enabled by default).
    reports {
        xml.enabled = false
        html.enabled = true
    }

    classpath = files()
}

Answer

Bohsen picture Bohsen · Jul 9, 2018

Finally managed to find a solution.

I had to add the following to the section where I apply all the plugins in my app/build.gradle file:

project.extensions.extraProperties.set('SpotBugsTask', com.github.spotbugs.SpotBugsTask)

So it ended up looking like this:

buildscript {
    repositories {
        mavenCentral()
        jcenter()
        maven { url 'https://maven.fabric.io/public' }
    }

    dependencies {
        classpath 'com.stanfy.spoon:spoon-gradle-plugin:1.2.2'
        classpath 'io.fabric.tools:gradle:1.25.4'
        classpath "org.jetbrains.dokka:dokka-android-gradle-plugin:$dokka_version"
    }
}

plugins {
    id 'com.gladed.androidgitversion' version '0.4.3'
    id "com.github.spotbugs" version "1.6.2"
}

// Workaround to be able to access SpotBugsTask from external gradle script.
// More info: https://discuss.gradle.org/t/buildscript-dependencies-in-external-script/23243
project.extensions.extraProperties.set('SpotBugsTask', com.github.spotbugs.SpotBugsTask)
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'kotlin-kapt'
apply plugin: 'org.jetbrains.dokka-android'
apply plugin: 'io.fabric'
apply plugin: 'spoon'
apply from: '../app/checkstyle.gradle'
apply from: '../app/jacoco.gradle'
apply from: '../app/ktlint.gradle'
apply from: '../app/androidgit.gradle'
apply from: '../app/spotbugs.gradle'

android {
...

My spotbugs.gradle file:

dependencies {
    spotbugs configurations.spotbugsPlugins.dependencies
    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.8.0'
}

def qualityConfigDir = "$project.rootDir/config/quality"
def reportsDir = "$project.buildDir/reports"

spotbugs {
    toolVersion = "$spotbugs_version"
    ignoreFailures = false

    effort = "min"
    // This selects what level of bugs to report: low means low priority issues will be reported
    // (in addition to medium+high), which corresponds to warning about everything.
    // TODO: boost this to low once low priority issues are fixed.
    reportLevel = "medium"

    excludeFilter = new File("$qualityConfigDir/config/quality/spotbugs/android-exclude-filter.xml")
}

tasks.register("spotbugs", SpotBugsTask) {
    dependsOn 'assemble'
    group = "verification"
    classes = files("$projectDir.absolutePath/build/intermediates/app_classes/debug")

    source = fileTree('src/main/java')


    // Only one report format is supported. Html is easier to read, so let's use that
    // (xml is the one that's enabled by default).
    reports {
        xml.enabled = true
        xml {
            destination file("$reportsDir/spotbugs/spotbugs.xml")
        }
        html.enabled = true
    }

    classpath = files()
}

Related questions

Android Studio: Add jar as library?

I'm trying to use the new Android Studio but I can't seem to get it working correctly. I'm using the Gson library to serialize/deserialize JSON-objects. But the library somehow isn't included in the build. I had created a new …

Read More
How to update gradle in android studio?

I installed Android Studio 0.1.9. Today I got and update to version 0.2 and of course I updated. After the installation I restarted Android Studio but now I get this message: Project is using an old version of the Android Gradle plug-in. …

Read More
HttpClient won't import in Android Studio

I have a simple class written in Android Studio: package com.mysite.myapp; import org.apache.http.client.HttpClient; public class Whatever { public void headBangingAgainstTheWallExample () { HttpClient client = new DefaultHttpClient(); } } and from this I get the following compile time error: Cannot …

Read More