Pmd 7 pmd7 merge master

.github/workflows/build.yml

@@ -1,11 +1,21 @@
-name: Build
+name: Build and test
 
 on:
   push:
+    paths-ignore:
+      - '.github/**'
+      - '**/*.md'
+    tags-ignore:
+      - '**'
     branches: [ master ]
   pull_request:
     branches: [ master ]
   workflow_dispatch:
+    inputs:
+      skipTests:
+        description: "Skip Tests?"
+        required: true
+        default: "no"
 
 defaults:
   run:
@@ -14,33 +24,43 @@ defaults:
 jobs:
   build:
     runs-on: ubuntu-latest
-    timeout-minutes: 60
+    timeout-minutes: 20
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Set Release version env variable
         run: |
           echo "TAG_NAME=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
 
-      # if no tag exists, this is expected to fail
-      - name: Switch to git tag for release
+      # only build SNAPSHOTS, use release for tagged releases
+      - name: Check if tag contains SNAPSHOT
         if: contains(env.TAG_NAME, 'SNAPSHOT') != true
         run: |
-          git fetch --all --tags
-          git checkout tags/${{ env.TAG_NAME }} -b ${{ env.TAG_NAME }}-tmp-branch
+          echo "Tag '$TAG_NAME' does not contain 'SNAPSHOT', failing build."
+          exit 1
 
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: 11
+          server-id: sonatype-nexus
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+          gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}
 
-      - name: Build
+      - name: Deploy SNAPSHOT to maven central
+        env:
+          MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSWORD }}
+          SKIP_TESTS: ${{ github.event.inputs.skipTests }}
         run: |
-          ./mvnw clean verify
+          ./mvnw --batch-mode $(if [ "$SKIP_TESTS" = "yes" ]; then echo "-DskipTests"; fi) clean deploy
 
       - name: Upload jar
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: sonar-pmd-plugin-${{ env.TAG_NAME }}
           path: sonar-pmd-plugin/target/sonar-pmd-plugin-*.jar

.github/workflows/release.yml

@@ -1,6 +1,9 @@
-name: Release
+name: Release to Maven Central
 
 on:
+  push:
+    tags:
+      - '*'
   workflow_dispatch:
 
 defaults:
@@ -10,23 +13,27 @@ defaults:
 jobs:
   release:
     runs-on: ubuntu-latest
-    timeout-minutes: 60
+    timeout-minutes: 20
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+
+      - uses: olegtarasov/get-tag@v2.1.3
+        id: tagName
+        with:
+          tagRegex: "(.*)"
 
       - name: Set Release version env variable
         run: |
-          echo "TAG_NAME=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
+          echo "TAG_NAME=${{ steps.tagName.outputs.tag }}" >> $GITHUB_ENV
 
       # if no tag exists, this is expected to fail
       - name: Switch to git tag for release
-        if: contains(env.TAG_NAME, 'SNAPSHOT') != true
         run: |
-          git fetch --all --tags
+          git fetch --all --tags -f
           git checkout tags/${{ env.TAG_NAME }} -b ${{ env.TAG_NAME }}-tmp-branch
 
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: 11
@@ -42,4 +49,11 @@ jobs:
           MAVEN_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSWORD }}
         run: |
-          ./mvnw --batch-mode -P release deploy
+          ./mvnw --batch-mode -Drevision=${{ env.TAG_NAME }} -P release clean deploy
+
+      - name: Create GHA release
+        uses: ncipollo/release-action@v1
+        with:
+          draft: true
+          artifacts: "sonar-pmd-plugin/target/*.jar"
+          bodyFile: CHANGELOG.md

.gitignore

@@ -27,3 +27,5 @@ Thumbs.db
 # Folder config file
 Desktop.ini
 .java-version
+
+.flattened-pom.xml

.mvn/wrapper/maven-wrapper.properties

@@ -5,14 +5,15 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip

CHANGELOG.md

@@ -1,14 +1,43 @@
 # Changelog
 
-## [3.4.1-SNAPSHOT](https://github.com/jborgers/sonar-pmd/tree/master) (tbd)
-[Full Changelog](https://github.com/jborgers/sonar-pmd/compare/3.4.0...master)
 
-- nothing yet
+## [3.5.2-SNAPSHOT](https://github.com/jborgers/sonar-pmd/tree/3.5.2-SNAPSHOT) (2024-xx-xx)
+[Full Changelog](https://github.com/jborgers/sonar-pmd/compare/3.5.1..master)
+
+**Implemented highlights:**
+
+
+## [3.5.1](https://github.com/jborgers/sonar-pmd/tree/3.5.1) (2024-05-07)
+[Full Changelog](https://github.com/jborgers/sonar-pmd/compare/3.5.0..3.5.1)
+
+**Implemented highlights:**
+- Supports latest SonarQube [9.9.4 - 10.5+]
+- Supports running on Java 11 on analysis side for SQ 9.9.4 - 10.2.x
+- Supports running on Java 17 for all supported versions
+- Updated Sonar Plugin API+impl for SonarQube 9.9.4+
+- Upgraded various dependencies
+
+- ## [3.5.0](https://github.com/jborgers/sonar-pmd/tree/3.5.0) (2024-04-23)
+[Full Changelog](https://github.com/jborgers/sonar-pmd/compare/3.4.0...3.5.0)
+
+**Contributors:**
+- [jborgers](https://github.com/jborgers) 
+- [renewolfert](https://github.com/renewolfert)
+
+**Implemented highlights:**
+- Updated PMD (6.55.0) (last PMD-6) #422
+- Support analyzing up to Java 20-preview (close to 21) #422
+- Java 21+ falls back to 20-preview with warning (no error) #422
+- Updated Sonar Plugin API+impl (9.8.0.63668) (SonarQube 9.8+) 
+- Upgraded various dependencies
+- Needs Java 17, the class file version is 61 
 
 ## [3.4.0](https://github.com/jborgers/sonar-pmd/tree/3.4.0) (2022-05-11)
 [Full Changelog](https://github.com/jborgers/sonar-pmd/compare/3.3.1...3.4.0)
 
 **Contributors:**
+- [jborgers](https://github.com/jborgers)
+- [stokpop](https://github.com/stokpop)
 - [jensgerdes](https://github.com/jensgerdes) (Many thanks for his great maintenance and decision to transfer)
 
 **Implemented highlights:**

README.md

@@ -1,4 +1,8 @@
 # SonarQube PMD7 Plugin [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.sonarsource.pmd/sonar-pmd-plugin/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.sonarsource.pmd/sonar-pmd-plugin) [![Build Status](https://api.travis-ci.org/jborgers/sonar-pmd.svg?branch=master)](https://travis-ci.org/jborgers/sonar-pmd) [![SonarStatus](https://sonarcloud.io/api/project_badges/measure?project=org.sonarsource.pmd%3Asonar-pmd&metric=alert_status)](https://sonarcloud.io/dashboard?id=org.sonarsource.pmd%3Asonar-pmd) [![SonarStatus](https://sonarcloud.io/api/project_badges/measure?project=org.sonarsource.pmd%3Asonar-pmd&metric=coverage)](https://sonarcloud.io/dashboard?id=org.sonarsource.pmd%3Asonar-pmd)
+
+[![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.sonarsource.pmd/sonar-pmd-plugin/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.sonarsource.pmd/sonar-pmd-plugin)
+![Build Status](https://github.com/jborgers/sonar-pmd/actions/workflows/build.yml/badge.svg)
+
 Sonar-PMD is a plugin that provides coding rules from [PMD](https://pmd.github.io/) for use in SonarQube.
 
 Starting April 2022, the project has found a new home. We, [jborgers](https://github.com/jborgers) and [stokpop](https://github.com/stokpop), 
@@ -9,6 +13,7 @@ For a list of all rules and their status, see: [RULES.md](https://github.com/jbo
 ## Installation
 The plugin should be available in the SonarQube marketplace and is preferably installed from within SonarQube (Administration -->  Marketplace --> Search _pmd_).
 
+This plugin is available again from the Marketplace with the release of version 3.4.0.
 Alternatively, download the [latest JAR file](https://github.com/jborgers/sonar-pmd/releases/latest), put it into the plugin directory (`./extensions/plugins`) and restart SonarQube.
 
 ## Usage
@@ -20,18 +25,20 @@ Usage should be straight forward:
 Sonar-PMD analyzes the given source code with the Java source version defined in your Gradle or Maven project.
 In case you are not using one of these build tools, or if that does not match the version you are using, set the `sonar.java.source` property to tell PMD which version of Java your source code complies to. 
 
-Possible values : 1.4 to 1.8/8 to 18
+Possible values : 1.6 to 1.8/8 to 20-preview
 
 ## Table of supported versions
-| PMD Plugin                  |2.5|2.6|3.0.0|3.1.x|3.2.x|3.3.x| 3.4.0          |
-|-----------------------------|---|---|---|---|---|---|----------------|
-| PMD                         |5.4.0|5.4.2|5.4.2|6.9.0|6.10.0|6.30.0| 6.45.0         |
-| Max. supported Java Version | 1.7 | 1.8 | 1.8 | 11 | | 15| 18             |
-|  Min. SonarQube Version     | 4.5.4 | 4.5.4 | 6.6 | | | 6.7| _8.9(*)_ / 9.3 |
+| Sonar-PMD Plugin       | 3.1.x | 3.3.x  | 3.4.0           | 3.5.0         | 3.5.1         | 4.0.0 (planned) |
+|------------------------|-------|--------|-----------------|---------------|---------------|-----------------|
+| PMD                    | 6.9.0 | 6.30.0 | 6.45.0          | 6.55.0        | 6.55.0        | 7.2.0           |
+| Max. Java Version      | 11    | 15     | 18              | 20-preview *2 | 20-preview *2 | 22              |
+| Min. SonarQube Version | 6.6   | 6.7    | _8.9(*1)_ / 9.3 | 9.8           | 9.9.4         | 10.0            |
+| Max. SonarQube Version |       |        | 9.9             | 10.4          | 10.5+         | 10.5+           |
 
-(*) Note: Plugin version 3.4.x runs in SonarQube 8.9, however, Java 17+ is only fully supported in SonarQube 9.3+.
+(*1) Note: Plugin version 3.4.x runs in SonarQube 8.9, however, Java 17+ is only fully supported in SonarQube 9.3+.   
+(*2) Note: Supports all tested Java 21 features; on parsing errors, warns instead of breaks 
 
-A majority of the PMD rules have been rewritten in the Java plugin. Rewritten rules are marked "Deprecated" in the PMD plugin, but a [concise summary of replaced rules](http://dist.sonarsource.com/reports/coverage/pmd.html) is available.
+A majority of the PMD rules have been rewritten in the Sonar Java plugin. Rewritten rules are marked "Deprecated" in the PMD plugin, but a [concise summary of replaced rules](http://dist.sonarsource.com/reports/coverage/pmd.html) is available.
 
 ## Rules on test
 PMD tool provides some rules that can check the code of JUnit tests. Please note that these rules (and only these rules) will be applied only on the test files of your project.
@@ -42,7 +49,7 @@ Sonar-PMD is licensed under the [GNU Lesser General Public License, Version 3.0]
 Parts of the rule descriptions displayed in SonarQube have been extracted from [PMD](https://pmd.github.io/) and are licensed under a [BSD-style license](https://github.com/pmd/pmd/blob/master/LICENSE).  
 
 ## Build and test the plugin
-To build the plugin and run the integration tests:
+To build the plugin and run the integration tests (use java 11):
 
     ./mvnw clean verify
-
+

RELEASE.md

@@ -1,29 +1,36 @@
-To release a build
+# Create release
 
-- change all `x.y.z-SNAPSHOT` to `x.y.z` in all poms
-- change tag `HEAD` to `x.y.z` in scm tag in parent pom
-- finish and update `CHANGELOG.md`, update `..master` to `..x.y.z`
-- commit and push with comment "Release x.y.z"
+To create a new release, set git tag with new version number and push the tag.
+The Github Actions `release.yml` will build and release to Github actions and Maven Central.
+
+Make sure that all commits have been pushed and build 
+with `build.yml` workflow before setting and pushing the tag.
+
+Steps:
+- create release notes in `CHANGELOG.md`, update `..master` to `..x.y.z`; and update `README.md`
+- commit both
 - `git tag x.y.z`
 - `git push --tags`
-- use github action `release` to deploy to maven central
-- release staging repo in Sonatype ui
-- change all `x.y.z` in all poms to `x.y.z+1-SNAPSHOT`
-- change tag `x.y.z` in scm tag in parent pom to `HEAD`
+
+The release workflow will be triggered, using the git tag for `-Drevision=<tag>`. 
+
+- manually release staging repo in [Sonatype](https://oss.sonatype.org/#welcome) for Maven Central
+- manually change Github actions release from draft to final and limit the changelog here: [releases](https://github.com/jborgers/sonar-pmd/releases) 
+
+Next prepare for next SNAPSHOT:
+
+- change `revision` property in `x.y.z+1-SNAPSHOT` in parent pom
 - prepare `CHANGELOG.md` for `x.y.z+1-SNAPSHOT`
-- commit and push with comment "Prepare for release x.y.z+1-SNAPSHOT"
+- commit and push with comment "Prepare release x.y.z+1-SNAPSHOT"
 
-When release fails before "release staging in Sonatype ui"
+When release fails before "release staging in Sonatype"
 - drop staging repo
-- `git tag -d x.y.z`
-- `git push origin :refs/tags/x.y.z`
+- `git tag -d x.y.z` or delete tag in IntelliJ
+- `git push origin :refs/tags/x.y.z` or delete tag in context menu, delete remotes
 - fix-commit-push and start release again with tagging steps above
 
 In GitHub:
 
-- create release from tag via Actions
-- update release notes with `CHANGELOG.md` contents
-- download `sonar-pmd-plugin-x.y.z.jar` and upload in release notes
 - close milestone `x.y.z`
 - create new milestone `x.y.z+1`
 

integration-test/pom.xml

@@ -25,7 +25,7 @@
   <parent>
     <groupId>org.sonarsource.pmd</groupId>
     <artifactId>sonar-pmd</artifactId>
-    <version>3.4.1-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <artifactId>integration-test</artifactId>
@@ -42,13 +42,19 @@
       <groupId>org.sonarsource.orchestrator</groupId>
       <artifactId>sonar-orchestrator</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.sonarsource.orchestrator</groupId>
+      <artifactId>sonar-orchestrator-junit4</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.codehaus.sonar</groupId>
       <artifactId>sonar-ws-client</artifactId>
+      <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>org.sonarsource.sonarqube</groupId>
+      <groupId>org.sonarsource.api.plugin</groupId>
       <artifactId>sonar-plugin-api</artifactId>
+      <scope>provided</scope>
     </dependency>
     <dependency>
       <groupId>net.sourceforge.pmd</groupId>
@@ -58,13 +64,17 @@
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
-      <version>3.12.0</version>
       <scope>test</scope>
     </dependency>
   </dependencies>
 
   <build>
     <plugins>
+      <plugin>
+        <groupId>org.sonarsource.scanner.maven</groupId>
+        <artifactId>sonar-maven-plugin</artifactId>
+        <version>${sonar.maven.plugin.version}</version>
+      </plugin>
       <plugin>
         <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
         <artifactId>sonar-packaging-maven-plugin</artifactId>