ci: consolidate pmd, checkstyle, spotbugs into one static-analysis job#1333
Draft
joaodinissf wants to merge 1 commit into
Draft
ci: consolidate pmd, checkstyle, spotbugs into one static-analysis job#1333joaodinissf wants to merge 1 commit into
joaodinissf wants to merge 1 commit into
Conversation
joaodinissf
force-pushed
the
ci/consolidate-static-analysis
branch
10 times, most recently
from
2c90e30 to
bf47363
Compare
joaodinissf
force-pushed
the
ci/consolidate-static-analysis
branch
from
bf47363 to
7e69ddb
Compare
rubenporras
requested changes
May 7, 2026
Member
rubenporras
left a comment
rubenporras
left a comment
There was a problem hiding this comment.
is it possible to not repeat the python script?
…b with inline PR annotations Replaces the separate pmd and checkstyle jobs with a single static-analysis job. Step 1 compiles and generates PMD/Checkstyle reports (no *:check goals → no Maven cascade-skip; every module's XML is produced). Step 2 is a Python pass that emits GitHub workflow-command annotations from each violation and exits 1 if any are found — fail-fast that bypasses SpotBugs (slow) when there are PMD/Checkstyle issues. Step 3 re-runs Maven `pmd:check pmd:cpd-check checkstyle:check` as a safety-net for official-tool validation. Steps 4-6 mirror the same pattern for SpotBugs (only run if PMD/Checkstyle are clean). Drops the now-redundant pmd/checkstyle/spotbugs goals from maven-verify (now just `mvn clean verify`). line-endings stays separate. Uses `-T 2C` (8 worker threads on a 4 vCPU runner; benchmark on this branch showed ~25% wall-clock saving over sequential). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
joaodinissf
force-pushed
the
ci/consolidate-static-analysis
branch
from
7e69ddb to
deaf0ba
Compare
This was referenced May 7, 2026
Collaborator
Author
I will refactor. Still want to try a few more variations before merging, I have a few ideas to optimize this further. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces the separate
pmdandcheckstylejobs with a singlestatic-analysisjob:mvn compile pmd:pmd pmd:cpd checkstyle:checkstyle) — no*:checkgoals, so no Maven cascade-skip; every module's XML is produced.pmd:check pmd:cpd-check checkstyle:checksafety-net — official-tool validation; redundant in the success case.spotbugs:checksafety-net.Drops the now-redundant pmd/checkstyle/spotbugs goals from
maven-verify(now justmvn clean verify).line-endingsstays separate. Uses-T 2C(8 worker threads on a 4 vCPU runner; benchmark on this branch showed ~25% wall-clock saving over sequential).Why every analysis step prepends
compilepmd:check,pmd:pmd,spotbugs:spotbugs, andspotbugs:checkall need an aux-classpath populated by Tycho's compile phase. That state is in-process — even thoughtarget/classes/exists from a previous step, a freshmvninvocation doesn't pick it up. Running the analysis goal in the same invocation ascompilemakes type-resolving rules (like PMD'sInvalidLogMessageFormatagainst the SLF4J trailing-Throwableidiom) work correctly. Tycho's incremental compile is near no-op on the second invocation since sources haven't changed between steps.Cascade-skip when checks fail
With
--fail-at-end, whenpmd:checkfails on a module, downstream modules are SKIPPED and their violations don't appear in the log either. The Python step (which parses the XML written in step 1's no-fail report run) covers everything; the Maven safety-net only sees modules that ran before any cascade-skip. In practice both layers together surface most violations on the first iteration; edge cases on cascade-skipped modules become visible after the first failing module is fixed.