Building better software with maven and sonar
-
Upload
rohit-ghatol -
Category
Education
-
view
4.960 -
download
2
description
Transcript of Building better software with maven and sonar
Building better software with Maven & Sonar
By Rohit Ghatol
About Me
What is Maven?
Build Tool Reporting Tool
Software Distribution Project
Management
For Java
Maven Quick Demo
Requirements for Maven
• JDK 6+• Maven 2.x
mvn archetype:generate -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false-DgroupId=com.mycompany.app -DartifactId=my-app
Directory Structure
Dir
src
main
java resources
test
java resources
pom.xml
com/mycompany/app/App.java com/mycompany/app/AppTest.java
mvn install
Directory Structure
Dir
src
main
java resources
test
java resources
pom.xml target
my-app-1.0-SNAPSHOT.jar
Directory Name Description
src/main/java Application/Library sourcessrc/main/resources Application/Library resourcessrc/main/filters Resource filter filessrc/main/assembly Assembly descriptorssrc/main/config Configuration filessrc/main/webapp Web application sourcessrc/test/java Test sourcessrc/test/resources Test resourcessrc/test/filters Test resource filter filessrc/site SiteLICENSE.txt Project's licenseNOTICE.txt Notices and attributions required by libraries that the
project depends onREADME.txt Project's readme
Maven Directory Structure
Why Maven?
But Ma, I have Ant?
Project Dependency in Ant
Project 1 Project 2
C:\project1 C:\project2
C:\Project2\dist
Build.xml Build.xmlUsing Relative Path
I only need Project 1, but I still need to checkout Project 2
Checking in Dependencies
Project 1 Project 2 Project 3
libs libs libs
• project2.jar• servlet-api.jar
• project3.jar• commons.jar
• logging.jar• hamcrest.jar
What about CIT?3rd Party Dependencies are checked in!
Snapshot builds
Convention Vs Configuration
Clean
Prepare
Compile
Jar
Test
Almost Every one is doing following?
Is it Time to define a
HighLevel Lifecyle ?
Custom Ant TasksProject 1
libs
• project2.jar• servlet-api.jar• android-build.jar
Clean
Compile
Dex
APT
Jar
Build Cycle
What about
Reuse?
What about
Distribution?
When to call the
task Life cycle?
Reporting
Test Run Report
Code Coverage Report
PMD
FindBugs
Change Log
……
Can I get these by
default?
Software Distribution
Internet
Synerzip
RepoRepo
Repo1
Repo2
Repo2
Repo
Project1
Project2
Project3
SpringMaven
Xyz..
Going Deeper into Maven
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi=”….> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany.app</groupId> <artifactId>my-app</artifactId> <packaging>jar</packaging> <version>1.0-SNAPSHOT</version> <name>my-app</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies></project>
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi=”….> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany.app</groupId> <artifactId>my-app</artifactId> <packaging>jar</packaging> <version>1.0-SNAPSHOT</version> <name>my-app</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies></project>
pom.xml
Understanding Repositories
~/.m2/repository
Maven Project
Central
Proxy/Internal Repo
Synerzip
mvn packageDownload needed dependencies e.g junit
mvn installInstall the artifact in to local repository (~/.m2/repository
mvn deployPush artifact to Internal/Central repository
Maven Architecture
Maven Core
• Parsing Maven XML File• Maven LifeCycle• Basic Plugins
compilecompile
jarjar
surefiretest
…….
…….
Core Plugins
Maven Concepts
Goals LifeCycle
mvn archetype:generate mvn install
mvn <<Plugin>>:<<Goal>> mvn <<LifeCycle Phase>>
Maven Plugins & Goals
Plugin Goals
compilercompiletestCompile
jarjartest-jarsignSign-verify
surefiretest
Command: mvn help:describe –Dplugin:jar
Maven LifeCycle
process-resources
compile
process-classes
process-test-resources
test-compile
test
prepare-package
package
Phases
resources:resources
compiler:compile
resources:testResources
compiler:testCompile
surefire:test
jar:jar
Goals
mvn clean install
• maven-clean-plugin:2.4.1:clean• maven-resources-plugin:2.4.3:resources• maven-compiler-plugin:2.3.2:compile• maven-resources-plugin:2.4.3:testResources• maven-compiler-plugin:2.3.2:testCompile• maven-surefire-plugin:2.7.2:test• maven-jar-plugin:2.3.1:jar• maven-install-plugin:2.3.1:install
Standalone Maven Project
Effective POM
Make Changes
• Add Employee Model Class• Add Employee Service (Use Map for
persistence)• Add Employee Test Cases• Add Reporting Plugins to generate site
Maven Site Generation
Maven Reporting<reporting>
<plugins><!-- surefire-reports --><plugin>
<groupId>org.apache.maven.plugins</groupId><artifactId>maven-surefire-report-plugin</artifactId><version>2.6</version>
</plugin><!-- JavaDoc Plugin --><plugin> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId><version>2.8</version>
</plugin><!-- jxrsource code browsing plugin --><plugin>
<groupId>org.codehaus.mojo</groupId> <artifactId>jxr-maven-plugin</artifactId> <version>2.0-beta-1</version>
</plugin></reporting>
Maven Site
Maven Site
Maven Site
Maven Site
Maven Site
Maven Site
Maven Site
Maven Site
Maven Web App Project
Web.xml
mvn package tomcat:run-war
Look Ma, No need to download Tomcat by myself
Maven Repositories
Repository Options
• Archiva• Artifactory• Nexus
Internal Maven Repositories
<repositories> <repository> <id>archiva.internal</id> <name>Archiva Managed Internal Repository</name> <url>http://xyz:8080/archiva/repository/internal/</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>false</enabled> </snapshots> </repository> <repository> <id>archiva.snapshots</id> <name>Archiva Managed Snapshot Repository</name> <url>http://xyz:8080/archiva/repository/snapshots/</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository>
</repositories>
Maven Distribution
Distribution Management<distributionManagement> <repository> <id>archiva.internal</id> <name>Internal Release Repository</name> <url>dav:http://xyz:8080/archiva/repository/internal/</url> </repository> <snapshotRepository> <id>archiva.snapshots</id> <name>Internal Snapshot Repository</name> <url>dav:http://xyz:8080/archiva/repository/snapshots/</url> </snapshotRepository> <site> <id>website</id> <url>scp://xyz/var/www/mavensite/MavenTraining</url> </site>
</distributionManagement>
Multi Module Projects
Multi Module Project
employee
service
webapp
pom.xml
pom.xml
pom.xml
<project ….> <modelVersion>4.0.0</modelVersion> <groupId>com.technext.maven</groupId> <artifactId>parent-project</artifactId> <version>1.0-SNAPSHOT</version> <packaging>pom</packaging> <modules> <module>service</module> <module>webapp</module> </modules>
</project>
$employee> mvn package[INFO] Scanning for projects...[INFO] Reactor build order: [INFO] Employee Parent Project[INFO] Employee-Backend-Services[INFO] Employee-WebApp
Parent Child Relationship
Parent Child Relationship
employee
service
webapp
pom.xml
pom.xml
pom.xml
<project …> <modelVersion>4.0.0</modelVersion> <parent> <artifactId>employee-parent</artifactId> <groupId>com.technext.maven.multimodule</groupId> <version>0.0.1-SNAPSHOT</version> </parent> <groupId>com.technext.maven.multimodule</groupId> <artifactId>employee-service</artifactId> <version>0.0.1-SNAPSHOT</version> <name>Employee-Backend-Services</name></project>
Maven Profiles
How Often you customize your builds?
Production Vs Development
Developer Vs QA
Manager Vs Individual Contributer
Windows Vs Linux
Build Portability
Welcome Maven Profiles
Lets Declare a Maven Profile
More Details
http://maven.apache.org/guides/introduction/introduction-to-
profiles.html
Maven Settings.xml
Scenario
Archiva Server(Repository Server)
CVS
pom.xml
pom.xml pom.xmlpom.xml
<project> ... <distributionManagement> <repository> <id>archiva.internal</id> <name>Internal Release Repository</name> <url>dav:http://reposerver.mycompany.com:8080/archiva/repository/internal/</url> </repository> <snapshotRepository> <id>archiva.snapshots</id> <name>Internal Snapshot Repository</name> <url>dav:http://reposerver.mycompany.com:8080/archiva/repository/snapshots/</url> </snapshotRepository> </distributionManagement> ... </project>
Where to specify Username andPassword?
<settings> ... <servers> <server> <id>deployment.webdav</id> <username>{archiva-deployment-user}</username> <password>{archiva-deployment-pwd}</password> </server> ... </servers> ... </settings>
settings.xml
More Details
• http://maven.apache.org/settings.html• http
://archiva.apache.org/docs/1.0.1/userguide/deploy.html
Sonar
What is Sonar?
Code Quality Analysis tool
Install Sonar
• Download Sonar - http://www.sonarsource.org/downloads/
• Change DB Settings if needed• $>sonar start• http://xyz:9000
Using Sonar with Maven
• Provide Sonar DB Settings in maven’s Settings.xml
• $>mvn clean package sonar:sonar
• Visit http://xyz:9000/
Sonar Report for EmployeeService
Basic Metrics (Starter pack)
• Lines of Code/Classes/Methods• Rules Compliance Index & Violations• Comments and Duplicate Code• Package Tangle Index• Method/Class Complexity (Cyclometric)• LCOM4 and RFC• Code Coverage and Test Results
Lines of Code/Classes/Method
Lines of Code/Classes/Method
• General Demographics about– Total lines– Total lines of code– Total Statements– Total Packages– Total Classes– Total Methods
Rules Compliance Index & Violations
Rules Compliance Index & Violations
• Compare to PMD, Find Bugs, Code analysis tool
• Violations Categorized into– Blocker– Critical– Major– Minor
• This all is customizable
Comments and Duplicate Code
Comments and Duplicate Code
• How many public APIs are documented?• How many APIs are undocumented?• How much of code is commented?• How much code is duplicated?
Package Tangle Index
Package Tangle Index
• Architectural health• Detects Cyclic Dependency between Packages• Shows if Architecture is layered architecture
Method/Class Complexity
Method/Class Complexity
• Cyclometric Complexity• Complexity is 1 for empty function• Add 1 for every block• Addition of all this is complexity of the
method• More complex the method harder to test• Default complexity level = 10
LCOM4 and RFC
LCOM4
• Lets Start with SOLID Design Principle– S = Single Responsibility Principle
• A Class should have only one responsibility• If Class has more than one– Then break the class into smaller classes
• This ensures– Modularity– Reusability
How to measure LCOM4
• If a class as 2+ sets of method totally disjoint, then we can very much say class has 2 responsibility
• http://www.sonarsource.org/clean-up-design-at-class-level-with-sonar/
RFC – Response for Class
• Total number of methods/constructor invoked as a result of calling the method of a class
Code Coverage and Test Results
Code Coverage and Test Results
• Code Coverage is the paths of code covered by unit test
• Test Results is how many test cases passed or fail
Time Machine
Time Machine
• Compare any of the metrics over a period of time
• Instant Dashboard of – What’s improving– What’s degrading
Design
Design
Design
• Tells about Cyclic Dependencies in Packages• Tells about the state of Layered Architecture
Violations DrillDown
Hotspots
Hotspots
• One Place to see all risks area• Drill Down to the problem areas
And Many More
• Visit this link for more details http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library
Sample Sonar Reports
• http://nemo.sonarsource.org/
References
Must Own Book for Maven http://www.sonarsource.org/
Buy a Copy Today