Merge pull request #1003 from spotbugs/beta

🚀 Ship the major release v6

.github/workflows/codeql.yml

@@ -5,7 +5,7 @@ on:
   push:
     branches:
       - master
-  pull_request:
+  pull_request: {}
 
 jobs:
   CodeQL-Build:
@@ -23,18 +23,17 @@ jobs:
       # Only include this step if you are running this workflow on pull requests.
       - run: git checkout HEAD^2
         if: ${{ github.event_name == 'pull_request' }}
-      - name: Set up JDK 11
+      - name: Set up JDK
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
-          java-version: 11
-      - name: Gradle cache
+          java-version-file: .java-version
+      - name: Build with Gradle
         uses: gradle/gradle-build-action@v2
-      - name: Build
-        run: |
-          ./gradlew spotbugsMain
+        with:
+          arguments: detekt --scan
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2
         with:
           # Path to SARIF file relative to the root of the repository
-          sarif_file: build/reports/spotbugs/main.sarif
+          sarif_file: build/reports/detekt/detekt.sarif

.github/workflows/javadoc.yml → .github/workflows/dokka.yml

@@ -3,6 +3,7 @@ on:
   push:
     branches:
       - master
+
 jobs:
   javadoc:
     runs-on: ubuntu-latest
@@ -12,20 +13,20 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Set up JDK 11
+      - name: Set up JDK
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
-          java-version: 11
+          java-version-file: .java-version
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: npm
-      - name: Gradle cache
+      - name: Generate Dokka HTML
         uses: gradle/gradle-build-action@v2
-      - name: Generate Groovydoc
-        run: ./gradlew groovydoc
+        with:
+          arguments: dokkaHtml
       - name: Prepare to Deploy
         run: |
           npm ci
@@ -35,4 +36,4 @@ jobs:
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           BRANCH: gh-pages
-          FOLDER: build/docs/groovydoc/
+          FOLDER: build/dokka/html/

.github/workflows/gradle-wrapper.yml

@@ -12,4 +12,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/wrapper-validation-action@v1
+      - uses: gradle/wrapper-validation-action@v1

.github/workflows/gradle.yml

@@ -4,38 +4,38 @@ on:
   push:
     branches:
       - master
-  pull_request:
-  workflow_dispatch:
+  pull_request: {}
+  workflow_dispatch: {}
 
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        gradle: ['7.6.2', 'current']
+        gradle: ['7.6.2', '8.1', 'current']
     steps:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - name: Set up JDK 11
+    - name: Set up JDK
       uses: actions/setup-java@v4
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version-file: .java-version
     - name: Set up Node.js
       uses: actions/setup-node@v4
       with:
         node-version-file: '.nvmrc'
         cache: npm
       if: matrix.gradle == '7.6.2'
-    - name: Gradle cache
-      uses: gradle/gradle-build-action@v2
     - name: Build with Gradle
-      run: ./gradlew build -Psnom.test.functional.gradle=${{ matrix.gradle }}
+      uses: gradle/gradle-build-action@v2
+      with:
+        arguments: build -Psnom.test.functional.gradle=${{ matrix.gradle }} --scan
     - run: |
         echo Verifying the java version used in class files...
-        cd build/classes/groovy/main
-        javap -v com.github.spotbugs.snom.SpotBugsPlugin | grep -q 'major version: 52'
+        cd build/classes/kotlin/main
+        javap -v com.github.spotbugs.snom.SpotBugsPlugin | grep -q 'major version: 55'
     - name: Run Semantic Release
       run: |
         echo "gradle.publish.key=${{ secrets.GRADLE_PUBLISH_KEY }}" > ~/.gradle/gradle.properties

.java-version

@@ -0,0 +1 @@
+17

README.md

@@ -29,13 +29,45 @@ Refer [the Gradle Plugin portal](https://plugins.gradle.org/plugin/com.github.sp
 
 Configure `spotbugs` extension to configure the behaviour of tasks:
 
+```kotlin
+// require Gradle 8.2+
+import com.github.spotbugs.snom.Confidence
+import com.github.spotbugs.snom.Effort
+spotbugs {
+    ignoreFailures = false
+    showStackTraces = true
+    showProgress = true
+    effort = Effort.DEFAULT
+    reportLevel = Confidence.DEFAULT
+    visitors = listOf("FindSqlInjection", "SwitchFallthrough")
+    omitVisitors = listOf("FindNonShortCircuit")
+    reportsDir = file("$buildDir/spotbugs")
+    includeFilter = file("include.xml")
+    excludeFilter = file("exclude.xml")
+    baselineFile = file("baseline.xml")
+    onlyAnalyze = listOf("com.foobar.MyClass", "com.foobar.mypkg.*")
+    maxHeapSize = "1g"
+    extraArgs = listOf("-nested:false")
+    jvmArgs = listOf("-Duser.language=ja")
+}
+```
+
+<details>
+<summary>with Groovy DSL</summary>
+
 ```groovy
+import com.github.spotbugs.snom.Confidence
+import com.github.spotbugs.snom.Effort
 spotbugs {
     ignoreFailures = false
     showStackTraces = true
     showProgress = true
-    effort = 'default'
-    reportLevel = 'default'
+
+    // https://discuss.kotlinlang.org/t/bug-cannot-use-kotlin-enum-from-groovy/1521
+    // https://touk.pl/blog/2018/05/28/testing-kotlin-with-spock-part-2-enum-with-instance-method/
+    effort = Effort.valueOf('DEFAULT')
+    reportLevel = Confidence.valueOf('DEFAULT')
+
     visitors = [ 'FindSqlInjection', 'SwitchFallthrough' ]
     omitVisitors = [ 'FindNonShortCircuit' ]
     reportsDir = file("$buildDir/spotbugs")
@@ -48,63 +80,41 @@ spotbugs {
     jvmArgs = [ '-Duser.language=ja' ]
 }
 ```
-
-<details>
-<summary>with Kotlin DSL</summary>
-
-```kotlin
-spotbugs {
-    ignoreFailures.set(false)
-    showStackTraces.set(true)
-    showProgress.set(true)
-    effort.set(com.github.spotbugs.snom.Effort.DEFAULT)
-    reportLevel.set(com.github.spotbugs.snom.Confidence.DEFAULT)
-    visitors.set(listOf("FindSqlInjection", "SwitchFallthrough"))
-    omitVisitors.set(listOf("FindNonShortCircuit"))
-    reportsDir.set(file("$buildDir/spotbugs"))
-    includeFilter.set(file("include.xml"))
-    excludeFilter.set(file("exclude.xml"))
-    baselineFile.set(file("baseline.xml"))
-    onlyAnalyze.set(listOf("com.foobar.MyClass", "com.foobar.mypkg.*"))
-    maxHeapSize.set("1g")
-    extraArgs.set(listOf("-nested:false"))
-    jvmArgs.set(listOf("-Duser.language=ja"))
-}
-```
 </details>
 
 Configure `spotbugsPlugin` to apply any SpotBugs plugin:
 
-```groovy
+```kotlin
 dependencies {
-    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0'
+    spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0")
 }
 ```
 
 <details>
-<summary>with Kotlin DSL</summary>
+<summary>with Groovy DSL</summary>
 
-```kotlin
+```groovy
 dependencies {
-    spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0")
+    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0'
 }
 ```
 </details>
 
 Configure `spotbugs` to choose your favorite SpotBugs version:
 
-```groovy
+```kotlin
 dependencies {
-    spotbugs 'com.github.spotbugs:spotbugs:4.7.1'
+    spotbugs("com.github.spotbugs:spotbugs:4.8.0")
 }
 ```
 
+
 <details>
-<summary>with Kotlin DSL</summary>
+<summary>with Groovy DSL</summary>
 
-```kotlin
+```groovy
 dependencies {
-    spotbugs("com.github.spotbugs:spotbugs:4.7.1")
+    spotbugs 'com.github.spotbugs:spotbugs:4.8.0'
 }
 ```
 </details>
@@ -125,6 +135,19 @@ TBU
 Configure [`SpotBugsTask`](https://spotbugs-gradle-plugin.netlify.com/com/github/spotbugs/snom/spotbugstask) directly,
 to set task-specific properties.
 
+```kotlin
+// require Gradle 8.2+
+tasks.spotbugsMain {
+    reports.create("html") {
+        required = true
+        outputLocation = file("$buildDir/reports/spotbugs.html")
+        setStylesheet("fancy-hist.xsl")
+    }
+}
+```
+
+<details>
+<summary>with Groovy DSL</summary>
 ```groovy
 // Example to configure HTML report
 spotbugsMain {
@@ -137,50 +160,32 @@ spotbugsMain {
     }
 }
 ```
+</details>
 
-<details>
-<summary>with Kotlin DSL</summary>
+### Migration guides
 
-```kotlin
-tasks.spotbugsMain {
-    reports.create("html") {
-        required.set(true)
-        outputLocation.set(file("$buildDir/reports/spotbugs.html"))
-        setStylesheet("fancy-hist.xsl")
-    }
-}
-```
-</details>
+- [v4 to v5: Bump up Gradle to v7 or later](https://github.com/spotbugs/spotbugs-gradle-plugin/releases/tag/5.0.0)
+- [v5 to v6: Bump up Gradle to v7.1 or later, and update the `effort` and `reportLevel` properties of `SpotBugsTask` and `SpotBugsExtension` to enum value](https://github.com/spotbugs/spotbugs-gradle-plugin/releases/tag/6.0.0-rc.1)
 
 ## SpotBugs version mapping
 
-By default, this Gradle Plugin uses the SpotBugs version listed in this table.
+By default, this Gradle Plugin uses the SpotBugs version listed in the following table.
 
 You can change SpotBugs version by [the `toolVersion` property of the spotbugs extension](https://spotbugs-gradle-plugin.netlify.com/com/github/spotbugs/snom/spotbugsextension#toolVersion) or the `spotbugs` configuration.
 
 | Gradle Plugin | SpotBugs |
 |--------------:|---------:|
-|        5.2.5  |    4.8.2 |
-|        5.2.3  |    4.8.1 |
-|        5.1.5  |    4.8.0 |
+|         6.0.0 |    4.8.2 |
+|         5.2.5 |    4.8.2 |
+|         5.2.3 |    4.8.1 |
+|         5.1.5 |    4.8.0 |
 |        5.0.13 |    4.7.3 |
 |        5.0.12 |    4.7.2 |
 |         5.0.9 |    4.7.1 |
 |         5.0.7 |    4.7.0 |
 |         5.0.4 |    4.5.3 |
 |         5.0.3 |    4.5.2 |
 |         5.0.2 |    4.5.1 |
-|        4.7.10 |    4.5.0 |
-|         4.7.8 |    4.4.2 |
-|         4.7.5 |    4.4.1 |
-|         4.7.3 |    4.4.0 |
-|         4.7.2 |    4.3.0 |
-|         4.6.1 |    4.2.1 |
-|         4.5.0 |    4.1.1 |
-|         4.4.4 |    4.0.6 |
-|         4.4.2 |    4.0.5 |
-|         4.0.7 |    4.0.2 |
-|         4.0.0 |    4.0.0 |
 
 ### Refer the version in the build script