[DE-1049] SonarCloud (#11)

* SonarCloud configuration

* updated dependencies versions

* jacoco

* spotbugs

* fix CI

* fix plugin

Author: rashtao

.circleci/config.yml

@@ -117,6 +117,27 @@ jobs:
           command: mvn test -Dtest.graph.type=<<parameters.graphType>> <<parameters.args>>
       - store_cache
 
+  sonar:
+    executor: 'j21'
+    steps:
+      - timeout
+      - checkout
+      - setup_remote_docker
+      - start-db
+      - load_cache
+      - restore_cache:
+          name: Restore Sonar cache
+          key: sonar-{{ .Environment.CIRCLE_JOB }}-{{ checksum "/tmp/maven_cache_seed" }}
+      - run:
+          name: Analyze
+          command: mvn verify -Dtest.graph.type=simple org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=arangodb_arangodb-tinkerpop-provider -Pstatic-code-analysis
+      - save_cache:
+          name: Save Sonar cache
+          key: sonar-{{ .Environment.CIRCLE_JOB }}-{{ checksum "/tmp/maven_cache_seed" }}
+          paths:
+            - ~/.sonar/cache
+      - store_cache
+
   test-demo:
     executor: 'j21'
     steps:
@@ -212,6 +233,13 @@ workflows:
               args:
                 - '-Dtest.ssl'
 
+  sonar:
+    when:
+      not: <<pipeline.parameters.docker-img>>
+    jobs:
+      - sonar:
+          name: sonar
+
   test-adb-topology:
     when: <<pipeline.parameters.docker-img>>
     jobs:

dev-README.md

@@ -0,0 +1,15 @@
+# dev-README
+
+## Start DB
+```
+./docker/start_db.sh
+```
+
+## SonarCloud
+Check results [here](https://sonarcloud.io/project/overview?id=arangodb_arangodb-tinkerpop-provider).
+
+## check dependencies updates
+```shell
+mvn versions:display-dependency-updates -Pstatic-code-analysis -Prelease
+mvn versions:display-plugin-updates -Pstatic-code-analysis -Prelease
+```

pom.xml

@@ -31,7 +31,12 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <arangodb-java-driver.version>7.22.0-SNAPSHOT</arangodb-java-driver.version>
         <test.graph.type>simple</test.graph.type>
+        <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+        <sonar.organization>arangodb-1</sonar.organization>
+        <sonar.java.spotbugs.reportPaths>target/spotbugsXml.xml</sonar.java.spotbugs.reportPaths>
+        <sonar.coverage.jacoco.xmlReportPaths>site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
         <jpms.argLine/>
+        <argLine/>
     </properties>
 
     <dependencies>
@@ -90,7 +95,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>
-                <version>2.19.0</version>
+                <version>2.19.2</version>
                 <scope>import</scope>
                 <type>pom</type>
             </dependency>
@@ -141,6 +146,60 @@
             </properties>
         </profile>
 
+        <profile>
+            <id>static-code-analysis</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.github.spotbugs</groupId>
+                        <artifactId>spotbugs-maven-plugin</artifactId>
+                        <version>4.9.3.2</version>
+                        <executions>
+                            <execution>
+                                <phase>compile</phase>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                        <dependencies>
+                            <dependency>
+                                <groupId>com.github.spotbugs</groupId>
+                                <artifactId>spotbugs</artifactId>
+                                <version>4.9.3</version>
+                            </dependency>
+                        </dependencies>
+                        <configuration>
+                            <excludeFilterFile>spotbugs/spotbugs-exclude.xml</excludeFilterFile>
+                        </configuration>
+                    </plugin>
+                    <plugin>
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
+                        <version>0.8.13</version>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>prepare-agent</goal>
+                                </goals>
+                            </execution>
+                            <execution>
+                                <id>report</id>
+                                <goals>
+                                    <goal>report</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                        <configuration>
+                            <formats>
+                                <format>XML</format>
+                            </formats>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
         <profile>
             <id>release</id>
             <build>
@@ -221,26 +280,6 @@
                 </configuration>
             </plugin>
 
-            <plugin>
-                <groupId>org.jacoco</groupId>
-                <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.13</version>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>prepare-agent</goal>
-                        </goals>
-                    </execution>
-                    <execution>
-                        <id>report</id>
-                        <phase>prepare-package</phase>
-                        <goals>
-                            <goal>report</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-
             <plugin>
                 <groupId>com.google.code.maven-replacer-plugin</groupId>
                 <artifactId>replacer</artifactId>
@@ -289,8 +328,21 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.6.0</version>
+                <version>3.6.1</version>
                 <executions>
+                    <execution>
+                        <id>enforce-maven-version</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireMavenVersion>
+                                    <version>[3.6.3,)</version>
+                                </requireMavenVersion>
+                            </rules>
+                        </configuration>
+                    </execution>
                     <execution>
                         <id>enforce-all</id>
                         <goals>
@@ -306,9 +358,6 @@
                                     <scopes>compile</scopes>
                                     <maxJdkVersion>1.8</maxJdkVersion>
                                 </enforceBytecodeVersion>
-                                <requireMavenVersion>
-                                    <version>[3.5.3,)</version>
-                                </requireMavenVersion>
                                 <requirePluginVersions/>
                                 <requireExplicitDependencyScope/>
                             </rules>
@@ -369,7 +418,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>flatten-maven-plugin</artifactId>
-                <version>1.7.1</version>
+                <version>1.7.2</version>
                 <configuration>
                     <flattenMode>oss</flattenMode>
                 </configuration>
@@ -409,6 +458,12 @@
                     </descriptors>
                 </configuration>
             </plugin>
+
+            <plugin>
+                <groupId>org.sonarsource.scanner.maven</groupId>
+                <artifactId>sonar-maven-plugin</artifactId>
+                <version>5.1.0.4751</version>
+            </plugin>
         </plugins>
 
         <pluginManagement>

spotbugs/spotbugs-exclude.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file specifies a spotbugs filter for excluding reports that
+     should not be considered errors.
+     The format of this file is documented at:
+       https://spotbugs.readthedocs.io/en/latest/filter.html
+     When possible, please specify the full names of the bug codes,
+     using the pattern attribute, to make it clearer what reports are
+     being suppressed.  You can find a listing of codes at:
+       https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html
+  -->
+
+<FindBugsFilter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xmlns="https://github.com/spotbugs/filter/3.0.0"
+                xsi:schemaLocation="https://github.com/spotbugs/filter/3.0.0 https://raw.githubusercontent.com/spotbugs/spotbugs/release-3.1/spotbugs/etc/findbugsfilter.xsd">
+
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP"/>
+    </Match>
+
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP2"/>
+    </Match>
+
+    <Match>
+        <Bug pattern="CT_CONSTRUCTOR_THROW"/>
+    </Match>
+
+    <Match>
+        <Class name="com.arangodb.tinkerpop.gremlin.jsr223.ArangoDBGremlinPlugin"/>
+        <Bug pattern="SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR"/>
+    </Match>
+
+</FindBugsFilter>

src/main/java/com/arangodb/tinkerpop/gremlin/utils/ArangoDBUtil.java

@@ -20,6 +20,7 @@
 import com.arangodb.tinkerpop.gremlin.structure.ArangoDBGraphConfig;
 import com.arangodb.tinkerpop.gremlin.PackageVersion;
 
+import java.io.Serializable;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -89,7 +90,7 @@ public static void checkVersion(String version) {
         }
     }
 
-    private static class VersionComparator implements Comparator<String> {
+    private static class VersionComparator implements Comparator<String>, Serializable {
         @Override
         public int compare(String a, String b) {
             Objects.requireNonNull(a);