Use spotbugs 4.8.2 with more exclusions #8803

MarkEWaite · 2023-12-24T15:07:59Z

Use spotbugs plugin 4.8.2.0 with additional suppressions

The parent pom spotbugs pull request needs this change along with the changes in other repositories that use the Jenkins parent pom.

jenkinsci/pom#501 (review) recommends that the new spotbugs issues be either suppressed or resolved in the upstream release of spotbugs. This change suppresses the new warning for primitive fields that are publicly visible and the new warning for a few cases where a field could be made static.

This change skips the warnings related to CT_CONSTRUCTOR_THROWS because they are not relevant to Jenkins. jenkinsci/plugin-pom#869 (comment) provides more details along with the discussion at spotbugs/spotbugs#2695

The changes to pom.xml are flagged so that they can be removed when the other repositories that consume the parent pom have been verified that they will be able to use spotbugs plugin 4.8.2.0 without additional noise.

Additional pull requests that have been merged include:

The additional repositories that have been reviewed and confirmed they are ready for the parent pom update to use spotbugs 4.8.2 include:

Testing done

Confirmed that automated tests pass on my Linux computer with Java 21.

Proposed changelog entries

N/A

Proposed upgrade guidelines

N/A

Submitter checklist

Give feedback

The Jira issue, if it exists, is well-described.
The changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developers, depending on the change) and are in the imperative mood (see examples). Fill in the Proposed upgrade guidelines section only if there are breaking changes or changes that may require extra steps from users during upgrade.
There is automated testing or an explanation as to why this change has no tests.
New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadocs, as appropriate.
New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO"), if applicable.
New or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content Security Policy (CSP) directives (see documentation).
For dependency updates, there are links to external changelogs and, if possible, full differentials.
For new APIs and extension points, there is a link to at least one consumer.
Options

Before the changes are marked as ready-for-merge:

Maintainer checklist

Give feedback

There are at least two (2) approvals for the pull request and no outstanding requests for change.
Conversations in the pull request are over, or it is explicit that a reviewer is not blocking the change.
Changelog entries in the pull request title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood.
Proper changelog labels are set so that the changelog can be generated automatically.
If the change needs additional upgrade steps from users, the upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the pull request title (see example).
If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).
Options

Draft, not intended to be merged Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Does not need to be merged because there is no additional suppression required.

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Needs to be merged on or before the update of the parent pom that updates to use spotbugs 4.8.2.

Draft, not intended to be merged Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Does not need to be merged because there is no additional suppression required.

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Needs to be merged on or before the update of the parent pom that updates to use spotbugs 4.8.2.

Draft, not intended to be merged Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Does not need to be merged because there is no additional suppression required.

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803

Draft, not intended to be merged Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Does not need to be merged because there is no additional suppression required.

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Needs to be merged on or before the update of the parent pom that updates to use spotbugs 4.8.2.

jenkinsci/pom#510 needs this change along with checks of the other repositories that use the Jenkins parent pom. jenkinsci/pom#501 (review) recommends that the new spotbugs issues be either suppressed or resolved in the upstream release of spotbugs. This change suppresses the new warning for primitive fields that are pu9blicly visible and the new warning for a few cases where a field could be made static. This change skips the warnings related to CT_CONSTRUCTOR_THROWS because they are not relevant to Jenkins. jenkinsci/plugin-pom#869 (comment) provides more details along with the discussion at spotbugs/spotbugs#2695

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803 Needs to be merged on or before the update of the parent pom that updates to use spotbugs 4.8.2.

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803

Removes the 81c3249 workaround that was added in pull request jenkinsci#8803

Rely on spotbugs configuration from parent pom Removes the 81c3249 workaround that was added in pull request #8803

https://www.jenkins.io/doc/developer/tutorial-improve/add-more-spotbugs-checks/ describes the technique used here with an exclusions file. The specific exclusion for PA_PUBLIC_PRIMITIVE_ATTRIBUTE has been confirmed by Jenkins developers that it is not helpful in a Jenkins plugin. jenkinsci/jenkins#8803 describes the changes that were made in Jenkins core and in many Jenkins plugins to suppress the PA_PUBLIC_PRIMITIVE_ATTRIBUTE spotbugs warning.

MarkEWaite added the skip-changelog Should not be shown in the changelog label Dec 24, 2023

This was referenced Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/extras-memory-monitor#75

Closed

Confirm no new spotbugs warnings from 4.8.2 jenkinsci/bom#2777

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm no new spotbugs warnings from 4.8.2 jenkinsci/bridge-method-injector#79

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/extensibility-api#26

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/jellydoc-maven-plugin#79

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/jenkins-test-harness-htmlunit#136

Closed

This was referenced Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-access-modifier#177

Closed

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-annotation-indexer#83

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-crypto-util#87

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Use spotbugs 4.8.2 with more exclusions jenkinsci/lib-file-leak-detector#164

Merged

This was referenced Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-mock-javamail#67

Closed

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-process-utils#17

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-support-log-formatter#59

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-symbol-annotation#51

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/lib-task-reactor#80

Closed

MarkEWaite changed the title ~~Use spotbugs plugin 4.8.2.0 with additional suppressions~~ Use spotbugs 4.8.2.0 with more suppressions Dec 24, 2023

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/plugin-compat-tester#622

Closed

MarkEWaite mentioned this pull request Dec 24, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/plugin-installation-manager-tool#633

Closed

This was referenced Dec 24, 2023

Use spotbugs 4.8.2 with more exclusions jenkinsci/remoting#708

Merged

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/stapler-maven-plugin#88

Closed

MarkEWaite added a commit to MarkEWaite/stapler that referenced this pull request Dec 25, 2023

Summary: Use spotbugs 4.8.2 with more exclusions

beada6d

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803

This was referenced Dec 25, 2023

Use spotbugs 4.8.2 with more exclusions jenkinsci/stapler#507

Merged

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/trilead-ssh2#172

Closed

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/winp#106

Closed

This was referenced Dec 25, 2023

Confirm that spotbugs 4.8.2 adds no new warnings jenkinsci/winstone#356

Closed

Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.2.0 jenkinsci/pom#510

Merged

MarkEWaite force-pushed the use-spotbugs-4.8.2.0 branch from 95bfb6f to 8ee3539 Compare December 29, 2023 21:54

MarkEWaite added a commit to jenkinsci/stapler that referenced this pull request Jan 1, 2024

Summary: Use spotbugs 4.8.2 with more exclusions (#507)

8537eb1

Prep for * jenkinsci/pom#510 Part of the checklist in: * jenkinsci/jenkins#8803

timja approved these changes Jan 2, 2024

View reviewed changes

timja merged commit 81c3249 into jenkinsci:master Jan 2, 2024
17 checks passed

MarkEWaite deleted the use-spotbugs-4.8.2.0 branch January 2, 2024 23:01

MarkEWaite added a commit to MarkEWaite/jenkins that referenced this pull request Jan 10, 2024

Rely on spotbugs configuration from parent pom

c554c6a

Removes the 81c3249 workaround that was added in pull request jenkinsci#8803

MarkEWaite mentioned this pull request Jan 10, 2024

Rely on parent pom spotbugs configuration #8855

Merged

MarkEWaite added a commit that referenced this pull request Jan 13, 2024

Rely on parent pom spotbugs configuration (#8855)

d36cf82

Rely on spotbugs configuration from parent pom Removes the 81c3249 workaround that was added in pull request #8803

MarkEWaite mentioned this pull request Oct 9, 2024

Suppress spotbugs PA_PUBLIC_PRIMITIVE_ATTRIBUTE warnings jenkinsci/jacoco-plugin#290

Closed

6 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use spotbugs 4.8.2 with more exclusions #8803

Use spotbugs 4.8.2 with more exclusions #8803

MarkEWaite commented Dec 24, 2023 •

edited

Loading

Submitter checklist

Maintainer checklist

Use spotbugs 4.8.2 with more exclusions #8803

Use spotbugs 4.8.2 with more exclusions #8803

Conversation

MarkEWaite commented Dec 24, 2023 • edited Loading

Use spotbugs plugin 4.8.2.0 with additional suppressions

Testing done

Proposed changelog entries

Proposed upgrade guidelines

Submitter checklist

Maintainer checklist

MarkEWaite commented Dec 24, 2023 •

edited

Loading