-
Description: I'm new to PMD and I think I've satisfied myself that I'm not overlooking anything in the CLI so I have to ask: How do people start to incrementally enforce code quality in a large legacy project? I'd like to add PMD to CI but if it always reports thousands of issues with code that the developer hasn't touched, I can't expect that anyone will take it seriously. I know that some of the SaaS static code analysis products out there directly integrate with source control and can be configured to only analyze the lines of code directly touched by the branch or, at a minimum, the files touched by the branch. How are people that are bringing PMD to a legacy project addressing the prior technical debt? |
Beta Was this translation helpful? Give feedback.
Replies: 8 comments 1 reply
-
That's a good question! The main take away is: Don't enable all rules at once, otherwise you'll be overwhelmed by violations... PMD itself doesn't support history - so it can't say, whether the violation is a new one (compared to the last run) or was already there before. Some CI systems (like Jenkins -> https://plugins.jenkins.io/warnings-ng/) support this - at least comparing between runs. Not sure, if they support comparing against builds of different branches. A similar question was asked on gitter by @KroArtem. He wrote a script to manually determine the files, that have been modified and only run PMD against these files instead of the whole project. Some additional information from there:
|
Beta Was this translation helpful? Give feedback.
-
The warnings plugin supports new warning detection between different branches. Here is an example: https://ci.jenkins.io/job/Plugins/job/warnings-ng-plugin/view/change-requests/job/PR-500/7/ In this PR, 52 PMD warnings are detected, but only 3 of them are caused by the PR itself. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the thorough reply. Your mitigation solution (i.e. limiting the rules that are applied) is still only a half measure since even some of those rules might have hundreds or thousands of violations on legacy code. And it's like a nuclear bomb of violations if you enable any of the code formatting rules. I see @uhafner provided an example -- that's promising. We're using GH Actions for our CI so I can't use the plugin as-is but perhaps there's some inspiration there that can be turned into a general purpose 'compare'. I'll close this issue for now since it's been satisfactorily answered. Thanks again! |
Beta Was this translation helpful? Give feedback.
-
@daveespo , as @adangel said, we're checking only changed files, comparing your branch with origin/master and finding appropriate ones. The hardest thing is to start the process but after some time most popular files will be cleaned up and life will become easier. If you write your own rule, sometimes it's possible to find all violations and fix them in a half-automated way. I use plain old regexps and SSR (structural search and replace in IDEA). In that case after introducing new rules new violations are not added. Sometimes it's not possible to do so and then these violations are fixed on the way (when you do something in the same file). We've been using PMD approximately for 2 years and wrote about 25 rules (some are very simple and are related to wrong imports; some are more complex). And still we have from 500 to 1k violations. I prefer to think about it not as a strict requirement "all the project must be violations-free" but as a process where you leave less and less ways for new contributors to make a mistake. |
Beta Was this translation helpful? Give feedback.
-
@KroArtem -- good points -- I think I could see a path to accepting the thousands of rule violations if the info was shown inline while editing source files. Specifically, regarding IntelliJ -- is there a way to have the PMD part of Inspect Code work in semi-real time and do syntax highlighting? There are the built-in code quality rules in IntelliJ an those do syntax highlighting and work in close to real time. I think engineers would be inclined to fix violations in proximity to the areas they're working if it's right in their face that the violation needs fixing. If they have to read through all of the hits in the Inspect Code pane in IntelliJ, they're less likely to do that. (To be clear, I'm using the IlluminatedCloud plugin for IntelliJ which is for Salesforce development so perhaps the reason I'm not seeing real time PMD inspection output (pmd-apex) is related to that) |
Beta Was this translation helpful? Give feedback.
-
@daveespo This might not be a real answer but we use Codacy.com for exactly such a relative analysis per push or Pr. |
Beta Was this translation helpful? Give feedback.
-
@rsoesemann -- excellent recommendation, thank you! Codacy honors the ruleset and inline suppressions from PMD too. And the UI for being able to review the findings in a web browser beats the HTML report that our CI was dumping out as a build artifact. |
Beta Was this translation helpful? Give feedback.
-
@daveespo If you like codacy please also spread the word as only few Salesforce devs know it. |
Beta Was this translation helpful? Give feedback.
That's a good question!
A little bit is explained here: https://pmd.github.io/latest/pmd_userdocs_best_practices.html#choose-the-rules-that-are-right-for-you
The main take away is: Don't enable all rules at once, otherwise you'll be overwhelmed by violations...
PMD itself doesn't support history - so it can't say, whether the violation is a new one (compared to the last run) or was already there before.
Some CI systems (like Jenkins -> https://plugins.jenkins.io/warnings-ng/) support this - at least comparing between runs. Not sure, if they support comparing against builds of different branches.
A similar question was asked on gitter by @KroArtem. He wrote a script to manually determine t…