touk / sputnik Goto Github PK

There should be setting that sets maximum number of comments that can be done in one
pass.

It should add only that number of comments + global comment with total number of warnings.

Today one of our PR got 99+ comments so its a bit too much..
I should be able to write add that feature in next week..

We are using Sputnik 1.5.0 to run a quick Sonar-check on our commits, to prevent having to check and reevaluate the entire project in sonar. While running gradle, the JUnit testresults are being created (with TEST-*.xml as name), as are the jacoco testresults with the correct name in the correct directories.
During Analysis, we get the following Warning:
09:05:58.843 WARN - You are not using the latest JaCoCo binary format version, please consider upgrading to latest JaCoCo version.
quickly followed by
09:05:58.933 INFO - No information about coverage per test.

We already tried changing the paths for sonar.tests to the binaries instead of the classes, this leads to FileNotFound-errors.
The sonar-project.properties are generated with the Sonar Gradle-Plugin via extracted task and we are using the SonarQube JavaPlugin Version 3.5, which seems to have JaCoCo embedded.

Since no ammount of googling could help me, and there seems no answer in the docs for this, we have to use this way.

This is a big ask, I'm sure, but SSH connection support would be great, as it can be problematic having usernames/passwords embedded in sputnik config files (for non-interactive users like our Jenkins user).

I see that gerrit-events has ssh support... If I can find some spare time I'll try to submit a pull request.

I just pushed first public working version of sputnik-maven-plugin.

Would be nice if you could put it somewhere in documentation.
And if you could try it. :)

https://github.com/ingwarsw/sputnik-maven-plugin

There is small readme there..
but I still need work on documentation.

There seems to be a bug preventing the SonarResultParser computing the correct file path for multi level Maven project hierarchies. The following code contains the fix:

    /**
     * Returns the path of the file linked to an issue created by Sonar.
     * The path is relative to the folder where Sonar has been run.
     *
     * @param issueComponent "component" field in an issue.
     * @param components information about all components.
     */
    private String getIssueFilePath(String issueComponent, Map<String, Component> components) {
        Component comp = components.get(issueComponent);
        String file = comp.path;
        if (!Strings.isNullOrEmpty(comp.moduleKey)) {
            String theKey = comp.moduleKey;
            while (!theKey.isEmpty()) {
                Component theChildComp = components.get(theKey);

                int p = theKey.lastIndexOf(":");
                if (p>0) {
                    theKey = theKey.substring(0, p);
                } else {
                    theKey = "";
                }

                if (theChildComp != null && !Strings.isNullOrEmpty(theChildComp.path)) {
                    file = theChildComp.path + '/' + file;
                }
            }
        }
        return file;
    }      

The whole module path hierarchy must be traversed to compute the correct file path.

I'm writing maven plugin for sputnik and would be nice if I could just use sputnik as a dependency..

Not download or build it by hand..

Could you consider deploying them to any global repo?

Added post build step to run sputnik in Jenkins with Gerrit Trigger.

When we retrigger the patchset using Gerrit Trigger, sputnik is also executed against the same patchset. This causes the comments in Gerrit added by sputnik to be added again.

I would like to request for a way to prevent it inside sputnik.

Would be nice to have one! :)

Hi TouK
I have recently been using your tool, and integrating it in a CD pipeline on Jenkins.
During my testing and experimenting with reasonable configurations, I ran sputnik from command line on my local machine (usually on already closed change-sets).
For this purpose, It would have been a great help to have a --dry-run option that did the whole analysis, but skipped reporting back to Gerrit.
I actually started working on a pull-request, and have added the CliOption, but couldn't really figure out the 'correct' way to introduce the "no reporting" part in a generic matter.

Would you consider adding this feature? (I would happily send you my partial pull-request, but it is really only a couple of lines of code, and you can probably write those faster than pulling a PR).

Regards Jan

I am using Sputnik 1.5.0.

Die SonarRunner detects issues in the changed files, here is the content of sonar-report.json

{
  "version": "4.5.2",
  "issues": [
    {
      "key": "3c576370-2de6-4bbe-83a9-5deb904b1ed9",
      "component": "de.buch.shop:webshop:src\/java\/com\/freiheit\/buch\/common\/util\/LazyInitProxyFactory.java",
      "line": 111,
      "message": "Replace this usage of System.out or System.err by a logger.",
      "severity": "MAJOR",
      "rule": "squid:S106",
      "status": "OPEN",
      "isNew": true,
      "creationDate": "2015-09-21T15:56:43+0200",
      "updateDate": "2015-09-21T15:56:43+0200"
    },
    {
      "key": "ed24633d-175e-41c7-a4da-a58cec76fd37",
      "component": "de.buch.shop:webshop:src\/java\/com\/freiheit\/buch\/common\/util\/LazyInitProxyFactory.java",
      "line": 107,
      "message": "Remove this unused \"lala\" private field.",
      "severity": "MAJOR",
      "rule": "squid:S1068",
      "status": "OPEN",
      "isNew": true,
      "creationDate": "2015-09-21T15:56:43+0200",
      "updateDate": "2015-09-21T15:56:43+0200"
    }
  ],
  "components": [
    {
      "key": "de.buch.shop:webshop"
    },
    {
      "key": "de.buch.shop:webshop:src\/java\/com\/freiheit\/buch\/common\/util",
      "path": "src\/java\/com\/freiheit\/buch\/common\/util",
      "moduleKey": "de.buch.shop:webshop"
    },
    {
      "key": "de.buch.shop:webshop:src\/java\/com\/freiheit\/buch\/common\/util\/LazyInitProxyFactory.java",
      "path": "src\/java\/com\/freiheit\/buch\/common\/util\/LazyInitProxyFactory.java",
      "moduleKey": "de.buch.shop:webshop",
      "status": "CHANGED"
    }
  ],
  "rules": [
    {
      "key": "squid:S1068",
      "rule": "S1068",
      "repository": "squid",
      "name": "Unused private fields should be removed"
    },
    {
      "key": "squid:S106",
      "rule": "S106",
      "repository": "squid",
      "name": "Standard ouputs should not be used directly to log anything"
    }
  ],
  "users": [

  ]
}

However, Sputnik reports zero violations and reports +1 to gerrit:

 [java] 15:56:49.204 INFO  - Store results in database
 [java] 15:56:49.205 DEBUG - Execute org.sonar.batch.index.MeasurePersister
 [java] 15:56:49.254 DEBUG - Execute org.sonar.batch.index.DuplicationPersister
 [java] 15:56:49.255 DEBUG - Execute org.sonar.batch.index.ComponentDataPersister
 [java] 15:56:49.257 DEBUG - Execute org.sonar.batch.issue.IssuePersister
 [java] 15:56:49.257 DEBUG - IssuePersister skipped in preview mode
 [java] 15:56:49.257 DEBUG - Execute org.sonar.batch.phases.GraphPersister
 [java] 15:56:49.292 INFO  - ANALYSIS SUCCESSFUL
 [java] 15:56:49.293 DEBUG - Post-jobs : 
 [java] 15:56:49.432 [main] INFO  pl.touk.sputnik.engine.ReviewRunner - Review finished for processor Sonar. Took 11 s
 [java] 15:56:49.432 [main] INFO  pl.touk.sputnik.engine.ReviewRunner - Review for processor Sonar returned 0 violations
 [java] 15:56:49.435 [main] INFO  p.t.s.e.v.SummaryMessageVisitor - Adding summary message to review: Perfect!
 [java] 15:56:49.437 [main] INFO  p.t.s.e.v.score.ScoreAlwaysPass - Adding static passing score {Code-Review=1} to review

I am using the following configuration options:

connector.type=gerrit
connector.host=secret
connector.path=/gerrit
connector.port=80
connector.username=secret
connector.password=secret
connector.useHttps=false
checkstyle.enabled=true
checkstyle.configurationFile=lib/sputnik-1.5.0/conf/checkstyle.xml
checkstyle.propertiesFile=
pmd.enabled=false
pmd.ruleSets=rulesets/java/android.xml,rulesets/java/basic.xml
findbugs.enabled=true
findbugs.includeFilter=lib/sputnik-1.5.0/conf/findbugs.xml
findbugs.excludeFilter=
codenarc.enabled=false
codenarc.ruleSets=
codenarc.excludes=*/.java
jslint.enabled=false
jshint.enabled=false
jshint.configurationFile=jshint.json
sonar.enabled=true
sonar.configurationFiles=sonar/sonar.properties
sonar.verbose=true

Any ideas what is going wrong here?

When cloning fresh repo and running "gradle test" then I get following error:

pl.touk.sputnik.processor.sonar > SonarRunnerTest
shouldThrowWhenNoSonarFiles
java.lang.AssertionError: Expected exception: java.io.IOException

For a merge commit that no java file involved, belowing exception will throwed:

There is a problem with FindBugs: IOException: No files to analyze could be opened.

I think if it's a better idea that not throw exception for this scenario, because this is pretty normal situation for merge commit.

It would be great if Sputnik could offer a way to specify paths and naming patterns that should be excluded from the analysis. This would be useful for excluding test classes from the analysis, for instance.

10:37:06.704 [main] INFO p.t.s.p.f.CollectorBugReporter - FindBugs audit finished
10:37:06.707 [main] WARN p.t.s.p.f.CollectorBugReporter - Analysis error File not found: filesystem:/home/jenkins/components/ingestion/service/src/com/product/indexing/Indexer.javajava

It seems like a bug or I can change some option?

Right now it always leaves a Code Review of +1, regardless of the violations found. It would be nice to configure the Code Review result based on the severity of violations: for example -1 for warning and -2 for error severity levels.

FindBugs default rules are too strict - e.g. JUnit @rule triggers a rule violation. Right now we only allow exclude files from FindBugs analysis. Need to find out how to configure the rules and provide sane defaults.

Hi

Is this a known issue, can't find solution to that:

/home/marcin/projects/sputnik/src/test/java/pl/touk/sputnik/processor/findbugs/FindBugsProcessorTest.java:60: error: reference to assertThat is ambiguous
        assertThat(caughtException()).isInstanceOf(ReviewException.class);
        ^
  both method <T#1>assertThat(Iterator<T#1>) in Assertions and method <T#2>assertThat(Iterable<T#2>) in Assertions match
  where T#1,T#2 are type-variables:
    T#1 extends Object declared in method <T#1>assertThat(Iterator<T#1>)
    T#2 extends Object declared in method <T#2>assertThat(Iterable<T#2>)
/home/marcin/projects/sputnik/src/test/java/pl/touk/sputnik/processor/pmd/PmdProcessorTest.java:36: error: reference to assertThat is ambiguous
        assertThat(caughtException()).isInstanceOf(ReviewException.class);
        ^
  both method <T#1>assertThat(Iterator<T#1>) in Assertions and method <T#2>assertThat(Iterable<T#2>) in Assertions match
  where T#1,T#2 are type-variables:
    T#1 extends Object declared in method <T#1>assertThat(Iterator<T#1>)
    T#2 extends Object declared in method <T#2>assertThat(Iterable<T#2>)
/home/marcin/projects/sputnik/src/test/java/pl/touk/sputnik/connector/gerrit/GerritFacadeTest.java:67: error: reference to assertThat is ambiguous
        assertThat(caughtException()).isInstanceOf(GeneralOptionNotSupportedException.class).hasMessage(
        ^
  both method <T#1>assertThat(Iterator<T#1>) in Assertions and method <T#2>assertThat(Iterable<T#2>) in Assertions match
  where T#1,T#2 are type-variables:
    T#1 extends Object declared in method <T#1>assertThat(Iterator<T#1>)
    T#2 extends Object declared in method <T#2>assertThat(Iterable<T#2>)
/home/marcin/projects/sputnik/src/test/java/pl/touk/sputnik/connector/gerrit/GerritFacadeTest.java:67: error: cannot find symbol
        assertThat(caughtException()).isInstanceOf(GeneralOptionNotSupportedException.class).hasMessage(
                                                                                            ^
  symbol:   method hasMessage(String)
  location: class IterableAssert<Object>

This is with doing just gradle build.

We're using Gerrit not on a dedicated host, so there's https://devserver.internal/gerrit as well as https://devserver.internal/jenkins. However, it seems that Sputnik always wants to access absolute URLs (/a/...) on the given host (and it's also oblivious to https). So to be able to even use Sputnik, I need to configure the complete Gerrit URL, not just host and port number.

Alternatively, if you prefer to keep host and port number separate, I'd need additional config options (at least) for protocol scheme and Gerrit base path.

I would like the most current version of sputnik to be published on maven/gradle.

org.codehaus.sonar* is deprecated, so the official org.sonarsource groupId should be used.

I always see "Analysis error File not found" errors for a Maven project.

#69 looks like a similar issue, but the project is not empty. It includes .java files, but FindBugs doesn't find the files.

Have you ever seen similar issues?

(Some names are replaced with common names in the following error example.)

18:06:27.590 [main] INFO  p.t.s.c.ConfigurationHolder - Initializing configuration properties from file /home/bamboo/opt/sputnik-1.4.0/sputnik.conf
29-Apr-2015 18:06:28    18:06:28.403 [main] INFO  p.t.s.connector.http.HttpConnector - Request  1: GET to https://somewhere.localhost:443/a/changes/194/revisions/foo/files/?
29-Apr-2015 18:06:28    18:06:28.763 [main] ERROR o.a.http.impl.auth.HttpAuthenticator - DIGEST [complete=false, nonce=null, nc=0] authentication error: missing realm in challenge
29-Apr-2015 18:06:28    18:06:28.823 [main] INFO  p.t.s.connector.http.HttpConnector - Response 1: HTTP/1.1 200 OK
29-Apr-2015 18:06:28    18:06:28.831 [main] INFO  p.t.s.connector.http.HttpConnector - Entity 1: )]}'
29-Apr-2015 18:06:28    {
29-Apr-2015 18:06:28      "/COMMIT_MSG": {
29-Apr-2015 18:06:28        "status": "A",
29-Apr-2015 18:06:28        "lines_inserted": 9
29-Apr-2015 18:06:28      },
29-Apr-2015 18:06:28      "subdir/pom.xml": {
29-Apr-2015 18:06:28        "lines_inserted": 15,
29-Apr-2015 18:06:28        "lines_deleted": 1
29-Apr-2015 18:06:28      },
29-Apr-2015 18:06:28      "subdir/src/main/java/com/company/api/posts/ThingBody.java": {
29-Apr-2015 18:06:28        "lines_inserted": 69
29-Apr-2015 18:06:28      },
29-Apr-2015 18:06:28      "subdir/src/main/java/com/company/api/posts/interfaces/ThingBodyInterface.java": {
29-Apr-2015 18:06:28        "lines_inserted": 26,
29-Apr-2015 18:06:28        "lines_deleted": 1
29-Apr-2015 18:06:28      },
29-Apr-2015 18:06:28      "subdir/src/test/java/com/company/api/posts/ThingBodyTest.java": {
29-Apr-2015 18:06:28        "lines_inserted": 33,
29-Apr-2015 18:06:28        "lines_deleted": 6
29-Apr-2015 18:06:28      }
29-Apr-2015 18:06:28    }
29-Apr-2015 18:06:28    
29-Apr-2015 18:06:28    18:06:28.926 [main] INFO  pl.touk.sputnik.engine.ReviewRunner - Review started for processor FindBugs
29-Apr-2015 18:06:31    18:06:31.511 [main] INFO  p.t.s.r.filter.FileExtensionFilter - Filtering out review files with allowed extensions [java]
29-Apr-2015 18:06:31    18:06:31.512 [main] INFO  p.t.s.r.filter.FileExtensionFilter - File subdir/pom.xml was filtered out due to not allowed extension xml
29-Apr-2015 18:06:31    18:06:31.513 [main] INFO  p.t.s.r.filter.FileExtensionFilter - Total 3 of 4 files had allowed extensions [java]
29-Apr-2015 18:06:31    18:06:31.514 [main] INFO  p.t.s.p.findbugs.FindBugsProcessor - Using FindBugs include filter file 
29-Apr-2015 18:06:31    18:06:31.515 [main] INFO  p.t.s.p.findbugs.FindBugsProcessor - Using FindBugs exclude filter file 
29-Apr-2015 18:06:31    18:06:31.918 [main] WARN  p.t.s.p.f.CollectorBugReporter - Analysis error File not found: filesystem:/home/bamboo/bamboo/xml-data/build-dir/API-GERRIT-JOB1/subdir/target/test-classes
29-Apr-2015 18:06:31    18:06:31.919 [main] WARN  p.t.s.p.f.CollectorBugReporter - Analysis error File not found: filesystem:/home/bamboo/bamboo/xml-data/build-dir/API-GERRIT-JOB1/subdir/target/classes
29-Apr-2015 18:06:31    18:06:31.919 [main] WARN  p.t.s.p.f.CollectorBugReporter - Analysis error File not found: filesystem:/home/bamboo/bamboo/xml-data/build-dir/API-GERRIT-JOB1/subdir/pom.xmljava
29-Apr-2015 18:06:31    18:06:31.924 [main] ERROR p.t.s.p.findbugs.FindBugsProcessor - FindBugs processing error
29-Apr-2015 18:06:31    java.io.IOException: No files to analyze could be opened

Hello,

First, thanks for your work.It's a intersting project.

This is my problemes :
i execute the job :
sputnik --conf myconf.properties --changeId I445becc2a3c339f74accfc24e7c9e30be59fd218 --revisionId f77326579f8b9e668f13182b8e4bee9dcaf5b763

Result :
Sputnik version 1.4.0
15:05:10.608 [main] INFO p.t.s.c.ConfigurationHolder - Initializing configuration properties from file myconf.properties
15:05:10.966 [main] INFO p.t.s.connector.http.HttpConnector - Request 1: GET to https://gerrit.it.int:443/a/changes/I445becc2a3c339f74accfc24e7c9e30be59fd218/revisions/f77326579f8b9e668f13182b8e4bee9dcaf5b763/files/?
Exception in thread "main" pl.touk.sputnik.connector.gerrit.GerritException: Error when listing files
at pl.touk.sputnik.connector.gerrit.GerritFacade.listFiles(GerritFacade.java:56)
at pl.touk.sputnik.engine.Engine.run(Engine.java:23)
at pl.touk.sputnik.Main.main(Main.java:37)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1737)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1005)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1184)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1096)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:345)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:261)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:118)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:357)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:218)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:194)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:85)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at pl.touk.sputnik.connector.http.HttpConnector.logAndExecute(HttpConnector.java:47)
at pl.touk.sputnik.connector.gerrit.GerritConnector.listFiles(GerritConnector.java:32)
at pl.touk.sputnik.connector.gerrit.GerritFacade.listFiles(GerritFacade.java:39)
... 2 more

So, when i take the url to put in chrome , i got a file. Our gerrit is working with certifcate,
My question is, can i put a parameter to add certifcate in the config? or how can i resolved my issues.

Thnaks for your help

Hi,

I use Gerrit with the Sonar Integration.
I would like Sputnik vote -2 for blocker violations, -1 for critical, major and +1 otherwise.

The current score strategy lets me configure only two values with the score.passingValue and score.failingValue. The other problem I encounter is the enum Severity that is too coarse-grained (Blocker, Critical, Major are all mapped to the same value ERROR).

Do you think Sputnik could evolve to support this feature?
I could contribute.

Regards,

Sputnik adds a "[Checkstyle] ERROR: File not found!" comment to deleted files.

Hello,

For now, as I experimented it a little, the sputnik user only post Code-Review+1/-1 on a patchset.
It would be nice to be able to specify the label and value of the vote. i.e. Verified+1

Hi TouK
I am helping a customer running Gerrit, and have set up sputnik on some of their Java projects with great success, but many projects here are embedded C, so I would love to have CppCheck support as well. (http://cppcheck.sourceforge.net/)
I was wondering if you have any (internal?) documentation describing how to support another static analysis tool? If so, I might have a crack at it. But I would definitely welcome any support I could get.
Regards Jan

pl.touk.sputnik.connector.stash.StashFacadeTest > shouldNotAddTheSameCommentMoreThanOnce FAILED
com.github.tomakehurst.wiremock.client.VerificationException at StashFacadeTest.java:93

67 tests completed, 1 failed, 3 skipped
:test FAILED

Correct me if I'm wrong but test shall not relay on default configuration?

Hi there,

I'd like to annotate our Go reviews with the output of Go Vet. As I understand it, I'd have to provide a new collector implementation that invokes Go Vet on the before- and after-review state of the Git repo.

I'm wondering if there's any interest in implementing a plugin system for Sputnik. I imagine it would be useful if Sputnik could locate new collector implementations at runtime. I think this would make it a little easier to introduce new collector types without changing the Sputnik source code.

Thanks,
James

Results in:

08:40:49.205 [main] WARN p.t.s.p.f.CollectorBugReporter - Analysis error File not found: filesystem:/media/truecrypt/jenkins/jobs/sputnik-gerrit/workspace/target/classes
08:40:49.210 [main] ERROR p.t.s.p.findbugs.FindBugsProcessor - FindBugs process error
java.io.IOException: No files to analyze could be opened
at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:275) ~[findbugs-2.0.3.jar:na]
at pl.touk.sputnik.processor.findbugs.FindBugsProcessor.process(FindBugsProcessor.java:28) ~[sputnik-1.1.jar:na]
at pl.touk.sputnik.review.Engine.review(Engine.java:44) [sputnik-1.1.jar:na]
at pl.touk.sputnik.review.Engine.run(Engine.java:34) [sputnik-1.1.jar:na]
at pl.touk.sputnik.Main.main(Main.java:36) [sputnik-1.1.jar:na]

There is now a lot of code in both stash and gerrit connectors that are doing similar things.
They should be refactored and pulled out to engine.

Things to move:

• Filtering files to check if deleted
• Filtering comments out of context (commentOnlyChangedLines)
• Filtering duplicated comments
• After all filtering apply max comments (maxNumberOfComments)

ConnectorFacade should declare mothods needed for all filtering, and connectors should only implement them.

I have just found this project and it looks really nice.

After shortly looking into the codebase, I think a lot of code could be simplified / removed when you would use my Gerrit REST API client library: https://github.com/uwolfer/gerrit-rest-java-client

What do you think? It is not deployed yet in a public maven repository, but if there is interest in it, I could do it. At the moment I only use this lib for my IntelliJ Gerrit plugin.

Instead of manually downloading quality profiles from Sonarqube and pointing sputnik's gerrit.config at the files, it would be nice to automatically download them straight from:

http:///profiles/export?format=checkstyle&language=java&name=
http:///profiles/export?format=findbugs&language=java&name=
http:///profiles/export?format=pmd&language=java&name=

You'll need basic authentication, but otherwise it should be easy.

We have downloaded and installed version 1.2 on our suse server and got the exception/stacktrace above (until now no successfull testrun)

properties:
connector.type=gerrit
checkstyle.enabled=true
checkstyle.configurationFile=/home/xxxxxxx/opt/sputnik/ipg.checkstyle-checker.xml
checkstyle.propertiesFile=
pmd.enabled=true
pmd.ruleSets=ipg.pmd-rules.xml
findbugs.enabled=true
findbugs.includeFilter=
findbugs.excludeFilter=

part of /home/xxxxxxxx/opt/sputnik/ipg.checkstyle-checker.xml:

    <module name="TreeWalker">
            <!-- see http://jira.codehaus.org/browse/MCHECKSTYLE-159 -->
            <property name="cacheFile" value="/tmp/sput1}"/>
            <!-- Checks for Javadoc comments.                     -->
            <!-- See http://checkstyle.sf.net/config_javadoc.html -->
            <module name="JavadocMethod">
                    <property name="scope" value="package" />
                    <property name="allowUndeclaredRTE" value="true"/>
                    <property name="allowMissingPropertyJavadoc" value="true"/>
    </module>

13:20:16.924 [main] INFO p.t.s.p.c.CheckstyleProcessor - Using Checkstyle configuration file /home/xxxxxxxx/opt/sputnik/ipg.checkstyle-checker.xml
Exception in thread "main" pl.touk.sputnik.review.ReviewException: Unable to create Checkstyle checker
at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.createChecker(CheckstyleProcessor.java:59)
at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.innerProcess(CheckstyleProcessor.java:42)
at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.process(CheckstyleProcessor.java:30)
at pl.touk.sputnik.review.Engine.review(Engine.java:45)
at pl.touk.sputnik.review.Engine.run(Engine.java:33)
at pl.touk.sputnik.Main.main(Main.java:37)
Caused by: com.puppycrawl.tools.checkstyle.api.CheckstyleException: cannot initialize module TreeWalker - Unable to instantiate DoubleCheckedLocking
at com.puppycrawl.tools.checkstyle.Checker.setupChild(Checker.java:179)
at com.puppycrawl.tools.checkstyle.api.AutomaticBean.configure(AutomaticBean.java:184)
at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.createChecker(CheckstyleProcessor.java:55)
... 5 more
Caused by: com.puppycrawl.tools.checkstyle.api.CheckstyleException: Unable to instantiate DoubleCheckedLocking
at com.puppycrawl.tools.checkstyle.PackageObjectFactory.createModule(PackageObjectFactory.java:155)
at com.puppycrawl.tools.checkstyle.TreeWalker.setupChild(TreeWalker.java:161)
at com.puppycrawl.tools.checkstyle.api.AutomaticBean.configure(AutomaticBean.java:184)
at com.puppycrawl.tools.checkstyle.Checker.setupChild(Checker.java:158)
... 7 more
Caused by: com.puppycrawl.tools.checkstyle.api.CheckstyleException: Unable to instantiate DoubleCheckedLockingCheck
at com.puppycrawl.tools.checkstyle.PackageObjectFactory.doMakeObject(PackageObjectFactory.java:98)
at com.puppycrawl.tools.checkstyle.PackageObjectFactory.createModule(PackageObjectFactory.java:152)
... 10 more

I have a suspicion that PMD stops analysis after first internal error. I suspect that If one file is not found, PMD throws exception and other files are not inspected at all. It requires tests and investigation.

Would like to do a release soon - anything important against that?

Recently a few our builds failed because of external library which is used by Sputnik. Sputnik crashed and Jenkins marked build as failed.

Exception in thread "main" pl.touk.sputnik.connector.gerrit.GerritException: Error when listing files
at pl.touk.sputnik.connector.gerrit.GerritFacade.listFiles(GerritFacade.java:61)
at pl.touk.sputnik.engine.Engine.run(Engine.java:23)
at pl.touk.sputnik.Main.main(Main.java:37)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'Not': was expecting
at [Source: java.io.StringReader@65fa3e0; line: 1, column: 4]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1524)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:557)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2042)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2018)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._matchToken(ReaderBasedJsonParser.java:1870)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1389)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:679)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3024)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:2971)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2091)
at pl.touk.sputnik.connector.gerrit.GerritFacade.listFiles(GerritFacade.java:46)
... 2 more
:run FAILED

FAILURE: Build failed with an exception.

I see that this library is not used any more but there is no update on maven repository. Also recent processors are not available there.

Can you make a release and to fix this crash?

In gerrit, if you cherry-pick commit from one branch to another, you will then have two changes with the same change-id, and this cause sputnik to run into 'Content: Not found' exception.

The following is the description about {change-id} from gerrit documentation, i guess sputnik use the second format to identify change, right?

Identifier that uniquely identifies one change.
This can be:

1. an ID of the change in the format "", where for the branch the refs/heads/ prefix can be omitted ("myProjectmasterI8473b95934b5732ac55d26311a706c9c2bde9940")
2. a Change-Id if it uniquely identifies one change ("I8473b95934b5732ac55d26311a706c9c2bde9940")
3. a legacy numeric change ID ("4247")

hi,
I meet a problem, it occur in sputnik 1.5.0, and sputnik 1.4.0 has not this issue.
I setup a gerrit + jenkins + sputnik system (gerrit and jenkins are deployed at 2 PCs), it worked fine with version 1.4.0 except that some known bugs. I was exciting to get new version news, but after I changed sputnit to version 1.5.0, it cannot work.
This is part of log:

14:31:41.978 [main] INFO p.t.s.e.v.score.ScoreAlwaysPass - Adding static passing score {Code-Review=1} to review
Exception in thread "main" pl.touk.sputnik.connector.gerrit.GerritException: Error when setting review
at pl.touk.sputnik.connector.gerrit.GerritFacade.setReview(GerritFacade.java:72)
at pl.touk.sputnik.engine.Engine.run(Engine.java:44)
at pl.touk.sputnik.Main.main(Main.java:36)
Caused by: com.urswolfer.gerrit.client.rest.http.HttpStatusException: Request not successful. Message: Forbidden. Status-Code: 403. Content: Invalid authentication method. In order to authenticate, prefix the REST endpoint URL with /a/ (e.g. http://example.com/a/projects/)..
at com.urswolfer.gerrit.client.rest.http.GerritRestClient.checkStatusCode(GerritRestClient.java:359)
at com.urswolfer.gerrit.client.rest.http.GerritRestClient.request(GerritRestClient.java:121)
at com.urswolfer.gerrit.client.rest.http.GerritRestClient.postRequest(GerritRestClient.java:102)
at com.urswolfer.gerrit.client.rest.http.changes.RevisionApiRestClient.review(RevisionApiRestClient.java:65)
at pl.touk.sputnik.connector.gerrit.GerritFacade.setReview(GerritFacade.java:69)
... 2 more
Build step 'Execute shell' marked build as failure
Finished: FAILURE

I  found a strange thing, maybe this will help you to fix the bug. I also setup a test environment:  gerrit and jenkins are deployed at the same PC. Both version 1.4.0 and version 1.5.0 worked very well in this case.

  thank you

Tiger

I've got the following NPE when running sonar :

16:16:06.332 INFO  - ANALYSIS SUCCESSFUL
Exception in thread "main" java.lang.NullPointerException
        at pl.touk.sputnik.processor.sonar.SonarResultParser.getIssueFilePath(SonarResultParser.java:126)
        at pl.touk.sputnik.processor.sonar.SonarResultParser.parseResults(SonarResultParser.java:65)
        at pl.touk.sputnik.processor.sonar.SonarProcessor.process(SonarProcessor.java:48)
        at pl.touk.sputnik.engine.ReviewRunner.review(ReviewRunner.java:24)
        at pl.touk.sputnik.engine.Engine.run(Engine.java:33)
        at pl.touk.sputnik.Main.main(Main.java:37)

I'm using sonar 5.1.

When doing review again (eg. on reopening PR) do not add duplicate reviews (same comment on same line)

Its surly possible on Stash.
Im not sure if its possible (or needed) on Gerrit.

Hello...

Could you provide stash configuration example somewhere?
Explaining how to configure jenkins to get patchests etc..

Thanks..

Hi, I got the error below when trying to run sputnik command. I could access the URL successfully from browser https://gerrit-pilot.goldengekko.com:443/a/changes/I368eab9eeb91a6ccb717a960de8d0fdbe9cd8260/revisions/5b0f697deab830e493a70f564f7eee22982b2c81/files/?

17:55:18.154 [main] INFO p.t.s.c.ConfigurationHolder - Initializing configuration properties from file config-dev.properties
17:55:18.591 [main] INFO p.t.s.connector.http.HttpConnector - Request 1: GET to https://gerrit-pilot.goldengekko.com:443/a/changes/I368eab9eeb91a6ccb717a960de8d0fdbe9cd8260/revisions/5b0f697deab830e493a70f564f7eee22982b2c81/files/?
17:55:18.872 [main] ERROR o.a.http.impl.auth.HttpAuthenticator - DIGEST [complete=false, nonce=null, nc=0] authentication error: missing realm in challenge
17:55:18.908 [main] ERROR o.a.http.impl.auth.HttpAuthenticator - DIGEST [complete=false, nonce=null, nc=0] authentication error: missing realm in challenge
17:55:18.920 [main] INFO p.t.s.connector.http.HttpConnector - Response 1: HTTP/1.1 401 Unauthorized
17:55:18.922 [main] INFO p.t.s.connector.http.HttpConnector - Entity 1: Unauthorized
Exception in thread "main" pl.touk.sputnik.connector.gerrit.GerritException: Error listing files
at pl.touk.sputnik.connector.gerrit.GerritFacade.listFiles(GerritFacade.java:51)
at pl.touk.sputnik.review.Engine.run(Engine.java:26)
at pl.touk.sputnik.Main.main(Main.java:37)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'Unauthorized': was expecting
at [Source: java.io.StringReader@414f2958; line: 1, column: 25]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1524)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:557)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2042)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1412)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:679)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3024)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:2971)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2091)
at pl.touk.sputnik.connector.gerrit.GerritFacade.listFiles(GerritFacade.java:36)

Which cannot be accepted by Gerrit and fails to POST comments

09:45:06.324 [main] INFO p.t.s.c.gerrit.GerritConnector - Setting review {"message":"Total 5 violations found","labels":{"Code-Review":1},"comments":{"assembler/ServiceStub.java":[{"message":"[Checkstyle] ERROR: Unused import - java.util.MissingFormatArgumentException.","line":7},{"message":"[PMD] INFO: Avoid unused imports such as 'java.util.MissingFormatArgumentException'","line":7},{"message":"[PMD] INFO: Avoid unused private fields such as 'test2'.","line":13},{"message":"[PMD] ERROR: Avoid throwing raw exception types.","line":24},{"message":"[FindBugs] INFO: UuF: Unused field: assembler.ServiceStub.test2","line":-1}]}}
09:45:06.326 [main] INFO p.t.s.connector.http.HttpConnector - Request 2: POST to http://gerrit.xxx.com:8080/a/changes/I53418fde285f73d078dff279490858e9dc9e6d42/revisions/f1e100c1a399160f2e0390b5824c1f630505ca73/review?
09:45:06.361 [main] INFO p.t.s.connector.http.HttpConnector - Response 2: HTTP/1.1 400 Bad Request
09:45:06.361 [main] INFO p.t.s.connector.http.HttpConnector - Entity 2: negative line number -1 not allowed on assembler/ServiceStub.java

Hi TouK,
I have implemented CPD (PMD subproject) because we want to check if somebody had been copy and paste of previous code, I don´t know if you would be interested in it, it is really fast and my current implementation check all code that CPD can analyze in the directory, sending back the violations with references to duplicated files. If you are interested in it I can write some test and send to you a push.
In last versions of gerrit, you can comment a block of code, but currently is not supported by sputnik, with CPD will be very useful to mark a block of code instead to show only a comment with the number of lines detected in the beginning of the block would you interested to an implementation of this?. I am thinking that could support both ways to send violations, to make compatible with previous versions (and other plugins could use it too).

It would be a greater thing if implement as a jenkins plugin, and provide the way to config on jenkins UI.

Current configuration is a bit complex and confusing. E.g, the path of check rule (like checkstyle config file) should be absolute path，Or，sputnik always throw following exception when running on jenkins/hudson, even if you can run successfully on local with the same configuration.

17:13:47.899 [main] ERROR pl.touk.sputnik.engine.ReviewRunner - Processor Checkstyle error
pl.touk.sputnik.review.ReviewException: Unable to create Checkstyle checker
    at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.createChecker(CheckstyleProcessor.java:61) ~[sputnik-1.4.0.jar:1.4.0]
    at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.innerProcess(CheckstyleProcessor.java:44) ~[sputnik-1.4.0.jar:1.4.0]
    at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.process(CheckstyleProcessor.java:32) ~[sputnik-1.4.0.jar:1.4.0]
    at pl.touk.sputnik.engine.ReviewRunner.review(ReviewRunner.java:24) ~[sputnik-1.4.0.jar:1.4.0]
    at pl.touk.sputnik.engine.Engine.run(Engine.java:33) [sputnik-1.4.0.jar:1.4.0]
    at pl.touk.sputnik.Main.main(Main.java:37) [sputnik-1.4.0.jar:1.4.0]
Caused by: com.puppycrawl.tools.checkstyle.api.CheckstyleException: unable to find android_checks.xml
    at com.puppycrawl.tools.checkstyle.ConfigurationLoader.loadConfiguration(ConfigurationLoader.java:342) ~[checkstyle-6.1.jar:6.1]
    at com.puppycrawl.tools.checkstyle.ConfigurationLoader.loadConfiguration(ConfigurationLoader.java:286) ~[checkstyle-6.1.jar:6.1]
    at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessor.createChecker(CheckstyleProcessor.java:57) ~[sputnik-1.4.0.jar:1.4.0]
    ... 5 common frames omitted
Caused by: java.io.FileNotFoundException: android_checks.xml
    at com.puppycrawl.tools.checkstyle.ConfigurationLoader.loadConfiguration(ConfigurationLoader.java:328) ~[checkstyle-6.1.jar:6.1]
    ... 7 common frames omitted
17:13:47.906 [main] INFO  pl.touk.sputnik.engine.ReviewRunner - Review finished for processor Checkstyle. Took 0 s
17:13:47.906 [main] WARN  pl.touk.sputnik.engine.ReviewRunner - Review for processor Checkstyle returned empty review

With diff fetching support in stash it can now be enabled (or disabled) to add comments to not modified fragments of code.

In master this behaviour is enabled - whole file is subject to check, not only changed lines.

With recent pull #55 there is problem with testing. Travis says that tests pass without any problem but when checking locally with gradle I have following error

shouldReturnBasicSunViolationsOnSimpleClass
java.lang.AssertionError: 
Expected size:<3> but was:<4> in:
<[Violation(filenameOrJavaClassName=C:\git-repo\sputnik-damian\sputnik\build\resources\test\java\TestFile.java, line=0, message=File does not end with a newline., severity=ERROR), Violation(filenameOrJavaClassName=C:\git-repo\sputnik-damian\sputnik\build\resources\test\java\TestFile.java, line=0, message=Missing package-info.java file., severity=ERROR), Violation(filenameOrJavaClassName=C:\git-repo\sputnik-damian\sputnik\build\resources\test\java\TestFile.java, line=1, message=Missing a Javadoc comment., severity=ERROR), Violation(filenameOrJavaClassName=C:\git-repo\sputnik-damian\sputnik\build\resources\test\java\TestFile.java, line=2, message=Missing a Javadoc comment., severity=ERROR)]>
    at pl.touk.sputnik.processor.checkstyle.CheckstyleProcessorTest.shouldReturnBasicSunViolationsOnSimpleClass(CheckstyleProcessorTest.java:25)

Any idea?

Tried to run sputnik in a jenkins job, after the job was complete, it said sonar returned 0 violations, but you can find issues in sonar-report.json, why?

With the merge of #38 Travis build got broken.

Travis executes gradle assembly which in turn executes the signing phase. This exits with an error if not configured.

It would be sufficient to execute gradle distZip because this is what we usually do to build new sputnik distribution.

@pjagielski is it possible to change the executed command in travis web UI?