Slide 1

Slide 1 text

Continuous code quality in java projects

Slide 2

Slide 2 text

Igor Suhorukov Continuous code quality in java projects Information from this report is my subjective opinion based on my experience, knowledge, mistakes... ;-) Subjective opinion 6/27/19 2010 DB Blue template 2

Slide 3

Slide 3 text

Igor Suhorukov Continuous code quality in java projects Subjective opinion 6/27/19 2010 DB Blue template 3 https://youtu.be/mGiDkLgy7IM?t=279

Slide 4

Slide 4 text

Igor Suhorukov Continuous code quality in java projects Why Java? 6/27/19 2010 DB Blue template 4 https://madnight.github.io/githut/#/pull_requests/2019/1

Slide 5

Slide 5 text

Igor Suhorukov Continuous code quality in java projects Software functional quality reflects how well it complies with or conforms to a given design, based on functional requirements or specifications. Quality is subjective from end user point of view and is not constant in software development life cycle. ISO/IEC 9126, ISO/IEC 25000:2014, Сonsortium for IT Software Quality(CISQ), Software Quality Assessment based on Lifecycle Expectations(SQALE) Software quality 6/27/19 2010 DB Blue template 5

Slide 6

Slide 6 text

Igor Suhorukov Continuous code quality in java projects Software development process 6/27/19 2010 DB Blue template 6

Slide 7

Slide 7 text

Igor Suhorukov Continuous code quality in java projects Software development process constraints 6/27/19 2010 DB Blue template 7 Quality Cost Schedule Scope

Slide 8

Slide 8 text

Igor Suhorukov Continuous code quality in java projects Metrics measure the quantitative assessment of some property of software or its specification. Metrics usage and holy wars: ● How to choose the right metrics? ● Are metrics set blessed? ● What I need to do with metrics results? Metrics 6/27/19 2010 DB Blue template 8

Slide 9

Slide 9 text

Igor Suhorukov Continuous code quality in java projects ● Reliability ● Security ● Maintainability ● Duplications ● Complexity ● Issues/Code smell https://docs.sonarqube.org/latest/user-guide/metric-definitions/ Complexity metrics for software development 6/27/19 2010 DB Blue template 9

Slide 10

Slide 10 text

Igor Suhorukov Continuous code quality in java projects Technical debt / big ball of mud 6/27/19 2010 DB Blue template 10

Slide 11

Slide 11 text

Igor Suhorukov Continuous code quality in java projects Fragile code and unpredictable application failure after small changes Delayed improvements and miss deadlines Tight coupling code Technical debt 6/27/19 2010 DB Blue template 11

Slide 12

Slide 12 text

Igor Suhorukov Continuous code quality in java projects Technical debt is related to new code or bug fixes. Examples: increased code complexity, absence of tests for new code, subsystem or code decomposition issues and spaghetti code . Tech debt as violation of SOLID principles (single responsibility, open-closed, Liskov substitution, interface segregation and dependency inversion). Root cause: dev experience, limited time, team player discipline. Technical debt 6/27/19 2010 DB Blue template 12

Slide 13

Slide 13 text

Igor Suhorukov Continuous code quality in java projects Test-driven development (TDD) Behavior driven development (BDD) Performance Test Driven Development Continuous Code Quality Inspection Is it mandatory or recommended only? Depends on – team size, project complexity, outsourcing/in house project, schedule, management culture, team qualification/experience/velocity. Software quality should be part of SDLC 6/27/19 2010 DB Blue template 13

Slide 14

Slide 14 text

Igor Suhorukov Continuous code quality in java projects Agile Manifesto Individuals and interactions over processes and tools. Working software over comprehensive documentation. Customer collaboration over contract negotiation. Responding to change over following a plan. Individuals and interactions Software quality should be part of SDLC 6/27/19 2010 DB Blue template 14

Slide 15

Slide 15 text

Igor Suhorukov Continuous code quality in java projects Based on functional and non functional requirements: Black/White-box testing Manual/Unit/Integration testing/System testing Mutation testing/Fuzzing Load testing/Stress Testing/Performance testing Usability testing Software quality validation approach 6/27/19 2010 DB Blue template 15

Slide 16

Slide 16 text

Igor Suhorukov Continuous code quality in java projects ● Static code analysis just one tool in the box to reach good quality. Helps team to focus on some issues in large codebase. ● Formal verification of software programs. Too difficult to explain specification and limited usage. ● Running dynamic program analysis of software on emulator or real hardware. Time consuming method. Software quality. White box testing 6/27/19 2010 DB Blue template 16

Slide 17

Slide 17 text

Igor Suhorukov Continuous code quality in java projects ● Search by template in abstract syntax tree(AST). ● Rice's theorem. Theorem states that all non-trivial, semantic properties of programs are undecidable. ● False positive alerts. ● Nested method invocation. Static analysis constraints 6/27/19 2010 DB Blue template 17

Slide 18

Slide 18 text

Igor Suhorukov Continuous code quality in java projects ● IntelliJ Idea Community Edition - code inspections ● PVS-Studio Java free for several projects on github. Too many usage constraints. License key may be revoked in any time. ● SonarJava static analyzer for SonarLint & SonarQube Java code static analyzers 6/27/19 2010 DB Blue template 18

Slide 19

Slide 19 text

Igor Suhorukov Continuous code quality in java projects IntelliJ Idea code inspections 6/27/19 2010 DB Blue template 19

Slide 20

Slide 20 text

Igor Suhorukov Continuous code quality in java projects IntelliJ Idea code inspections 6/27/19 2010 DB Blue template 20

Slide 21

Slide 21 text

Igor Suhorukov Continuous code quality in java projects PSV Studio 6/27/19 2010 DB Blue template 21

Slide 22

Slide 22 text

Igor Suhorukov Continuous code quality in java projects SonarLint 6/27/19 2010 DB Blue template 22

Slide 23

Slide 23 text

Igor Suhorukov Continuous code quality in java projects https://www.sonarqube.org Community Edition/Developer Edition/Enterprise Edition/Data Center Edition https://sonarcloud.io SonarQube. Сontinuous code quality server 6/27/19 2010 DB Blue template 23

Slide 24

Slide 24 text

Igor Suhorukov Continuous code quality in java projects From first day SonarQube. New project 6/27/19 2010 DB Blue template 24

Slide 25

Slide 25 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Code smells 6/27/19 2010 DB Blue template 25

Slide 26

Slide 26 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Strategy how to use it in legacy project 6/27/19 2010 DB Blue template 26 ● Ignore existing issues, don’t pass new issue in code. QualityGate by default. ● Fix all issue ● Don’t use Sonar ● ?

Slide 27

Slide 27 text

Igor Suhorukov Continuous code quality in java projects git clone https://github.com/apache/ignite.git mvn sonar:sonar SonarQube. Project dashboard 6/27/19 2010 DB Blue template 27

Slide 28

Slide 28 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Duplicate code 6/27/19 2010 DB Blue template 28

Slide 29

Slide 29 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Maintainability 6/27/19 2010 DB Blue template 29

Slide 30

Slide 30 text

Igor Suhorukov Continuous code quality in java projects git clone https://github.com/apache/ignite.git mvn sonar:sonar SonarQube. Issues 6/27/19 2010 DB Blue template 30

Slide 31

Slide 31 text

Igor Suhorukov Continuous code quality in java projects SonarQube. New language feature inspection 6/27/19 2010 DB Blue template 31

Slide 32

Slide 32 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Code complexity example 6/27/19 2010 DB Blue template 32

Slide 33

Slide 33 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Issue description 6/27/19 2010 DB Blue template 33

Slide 34

Slide 34 text

Igor Suhorukov Continuous code quality in java projects SonarQube. Rules 6/27/19 2010 DB Blue template 34 https://rules.sonarsource.com/java/

Slide 35

Slide 35 text

Igor Suhorukov Continuous code quality in java projects ● https://docs.sonarqube.org/display/SCAN/Analyzing+with+Son arQube+Scanner+for+Jenkins ● https://docs.sonarqube.org/latest/analysis/pull-request/ ● https://sonarcloud.io/documentation/analysis/pull-request/ CI/CD integration 6/27/19 2010 DB Blue template 35

Slide 36

Slide 36 text

Igor Suhorukov Continuous code quality in java projects ● Black Duck Software ● Sonatype Nexus ● Artifactory ● Looks good to me LGTM Alternatives ● https://www.codacy.com ● https://github.com/marketplace/category/code-quality License compatibility/ known library issues 6/27/19 2010 DB Blue template 36

Slide 37

Slide 37 text

Igor Suhorukov Continuous code quality in java projects ● https://github.com/checkstyle/checkstyle https://github.com/spring-io/spring-javaformat/blob/master/src/checkstyle/checkstyle.xml Code style 6/27/19 2010 DB Blue template 37

Slide 38

Slide 38 text

Igor Suhorukov Continuous code quality in java projects https://github.com/TNG/ArchUnit-Examples/blob/master/example- junit5/src/test/java/com/tngtech/archunit/exampletest/junit5/DaoRulesTest.java Code structure tests 6/27/19 2010 DB Blue template 38

Slide 39

Slide 39 text

Igor Suhorukov Continuous code quality in java projects ● javadoc ● Use case(BDD) report - net.masterthought::maven-cucumber-reporting ● SchemaSpy (javadoc for RDBMS) ● PlantUML Is project documentation actual? 6/27/19 2010 DB Blue template 39

Slide 40

Slide 40 text

Igor Suhorukov Continuous code quality in java projects BDD scenarios reports 6/27/19 2010 DB Blue template 40

Slide 41

Slide 41 text

Igor Suhorukov Continuous code quality in java projects SchemaSpy 6/27/19 2010 DB Blue template 41

Slide 42

Slide 42 text

Igor Suhorukov Continuous code quality in java projects PlantUml 6/27/19 2010 DB Blue template 42

Slide 43

Slide 43 text

Igor Suhorukov Continuous code quality in java projects ● Measured technical debt is good argument to ask management for more resources or change project scope. ● Quick project state assessment. ● Focus team attention on most important issues. ● Helps to find untested code. Continuous Code Quality and enterprise project 6/27/19 2010 DB Blue template 43

Slide 44

Slide 44 text

Igor Suhorukov Continuous code quality in java projects ● Large open source project can use continuous code quality approach on regular basis or occasionally ● Some projects just looks like community friendly but is not in real interactions – too many bureaucracy. ● ML libraries code from scientists developers are very specific and not so frequently follow common code style. ● I’ve cleaned code and fixed some issues in Spring framework, Spring Boot, Elasticsearch, H2Database Continuous Code Quality and open source 6/27/19 2010 DB Blue template 44

Slide 45

Slide 45 text

Igor Suhorukov Continuous code quality in java projects Conclusion 6/27/19 2010 DB Blue template 45

Slide 46

Slide 46 text

Igor Suhorukov Continuous code quality in java projects 6/27/19 2010 DB Blue template 46

Slide 47

Slide 47 text

Thanks! [email protected] github.com/igor-suhorukov