Enhancing Project Integrity: A Modernization for Bug-Free Code

Transcript

1. ENHANCING PROJECT INTEGRITY A MODERNIZATION FOR BUG-FREE CODE

2. ELIAS NOGUEIRA Senior Principal Software Engineer Brazil Oracle Ace Pro

   Java Magazine NL Editor Java Champion

3. AGENDA Demonstrate the usage of 5 tools to enhance the

   project integrity by the usage of moder testing tools, like: • SpotBugs • ArchUnit • PiTest • Sonar • TestContainers 80% hands on, 20% boring slides.

4. COMMON PITFALLS IN SOFTWARE QUALITY Developers often rely on basic

   unit and integration tests but may overlook deeper issues. Code complexity and architectural introduce hidden risks over time. Late-stage bug discovery leads to higher fixing costs and delays. ⑴ ⑵ ⑶

5. THE PROJECT

6. THE PROJECT Simple API that creates a Payment request with

   an id, amount and timestamp and process the payment simulating that someone is paying the request. The objective of the project is focusing on the tools, not in the validity of the use case as it is for educational purpose only.

7. SPOTBUGS

8. SPOTBUGS – DETECTING CODE ISSUES EARLY ❑ Static code analysis

   tool to detect common programming errors. ❑ Identifies potential null pointer, concurrency, and performance issues. ❑ Helps maintain cleaner, more maintainable code.

9. SPOTBUGS – BUG DESCRIPTIONS ▪ Bad practice ▪ Correctness ▪

   Experimental ▪ Internationalization ▪ Malicious code vulnerability ▪ Multithread correctness ▪ Bogus random noise ▪ Security ▪ Dodgy code

10. SPOTBUGS – HOW TO 1. Add the sportbugs dependency 2.

    Run mvn spotbugs:check

11. STATIC ANALISYS – OTHER TOOLS Static code analyzer from Google

    implemented as a javac compiler plugin, so checks are performed during code compilation. It can detect over 400 bug patterns, but they need to be enabled as most of them emit only warnings. There is an overlap between SpotBugs and Error Prone. ERROR PRONE Cross-language static code analyzer that has over 300 rules for Java. Rules should be enabled in an XML file (ruleset), but it can be done per category. PMD

12. ARCHUNIT

13. ARCHUNIT – ENFORCING ARCHITECTURAL RULES ❑ Ensures adherence to architectural

    patterns and constraints. ❑ Prevents undesirable dependencies between packages/modules. ❑ Enables automated checks to maintain consistency across teams.

14. ARCHUNIT – ENFORCING ARCHITECTURAL RULES UI Layer Application Layer Domain

    Layer DDD Infrastructure Layer Domain Model Adapter Adapter Clien t Clien t Hexagonal

15. ARCHUNIT – HOW TO 1. Add the library 2. Create

    the test 3. Import the package and determine the architectural constraints @Test void shouldRestrictAccessFromService() { ArchRule myRule = classes() .that().resideInAPackage("..service..") .should().onlyBeAccessed() .byAnyPackage("..controller..", "..service.."); }

16. ARCHUNIT – HOW TO If you want to run the

    ArchUnit Tests first, there’s a workaround 1. Name the tests starting with ArchUnit 2. Include the test in the maven-surefire-plugin execution unit-test execution id 3. In the configuration section, set the runOrder to alphabetical <runOrder>alphabetical</runOrder> includes> <include>**/*Test.java</include> <include>%regex[.*(ArchUnit)*.*Tests.*]</include> </includes>

17. PITEST

18. PITEST – MUTATION TESTING FOR STRONGER TESTS ❑ Goes beyond

    traditional unit testing by introducing mutations in code. ❑ Ensures test cases actually catch faulty logic. ❑ Helps improve test effectiveness and reduce false positives.

19. PITEST – MUTATION TESTING FOR STRONGER TESTS

20. PITEST – HOW TO Add the plugin and exclude the

    Model objects <plugin> <groupId>org.pitest</groupId> <artifactId>pitest-maven</artifactId> <version>1.18.2</version> <configuration> <excludedClasses>com.eliasnogueira.paymentsystem.model.*</excludedClasses> </configuration> </plugin>

21. PITEST – HOW TO mvn -DwithHistory test-compile / org.pitest:pitest-maven:mutationCoverage How

    to run

22. PITEST – HOW TO mvn -DwithHistory test-compile / org.pitest:pitest-maven:mutationCoverage How

    to run Speed-up repeated analysis

23. PITEST – HOW TO mvn -DwithHistory test-compile / org.pitest:pitest-maven:mutationCoverage How

    to run Run on specific Maven Lifecycle

24. PITEST – HOW TO mvn -DwithHistory test-compile / org.pitest:pitest-maven:mutationCoverage How

    to run Mutation Coverage command

25. SONARQUBE

26. SONARQUBE – CODE QUALITY ANALYSIS ❑ Provides code metrics, technical

    debt analysis, and security insights. ❑ Establishes quality gates to enforce predefined standards. ❑ Supports continuous integration by integrating into build pipelines.

27. SONARQUBE – CODE QUALITY ANALYSIS

28. SONARQUBE – CODE QUALITY ANALYSIS

29. SONARQUBE – CODE QUALITY ANALYSIS

30. TESTCONTAINERS

31. TESTCONTAINERS – TESTING REAL DEPENDENCIES ❑ Provides lightweight, disposable containers

    for integration testing. ❑ Tests with real databases, message brokers, and external services. ❑ Eliminates the need for complex manual setup.
32. None
33. None

34. TESTCONTAINERS – USE CASE 1 When multiple databases must be

    supported the following approach can be applied: 1. Create additional application properties with the specific datasources 2. Add specific profiles in the pom.xml activating the application properties 3. Add the spring.profile.active in the maven-failsafe plugin for the integration-test phase 4. Add in the database-related tests the @ActiveProfiles 5. Run the tests using the profile Multi-database support @ActiveProfiles("${spring.profiles.active}") mvn verify -Pmssql

35. TESTCONTAINERS – USE CASE 2 It’s important to run the

    tests using all the supported databases during any merge request. Using GitHub Actions we can set a parallel job execution based on all supported databases as a matrix Multi-database support with parallel execution in GHA

36. TESTCONTAINERS – USE CASE 2 Multi-database support with parallel execution

    in GHA database-tests: needs: integration-tests runs-on: ubuntu-latest strategy: matrix: profile: [ mysql, mssql ] steps: - name: Run Database Tests with Profile ${{ matrix.profile }} run: mvn verify -P${{ matrix.profile }} -DskipUnitTests database tests (mysql) database tests (mssql) build unit and integration tests

37. ELEVATING CODE QUALITY WITH MINIMAL EFFORT Quality assurance is an

    ongoing process, not an afterthought Automating testing and code quality analysis reduces maintenance overhead These tools help build robust, scalable, and maintainable applications Next Steps: Adopt these tools incrementally and refine your quality strategy

38. THANK YOU! Slides & Project