Default QA plugins to ignore generated source

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Change log
 
 ## Release in-progress
+* Default QA plugins to ignore generated code #61
 * Update OWASP plugin skip property default to use bt.qa.skip #79
 * Move enforcer convergence check into verify phase. Can be skipped using bt.convergence.check.skip=true property. #78
 * Move versions-maven-plugin into a profile display-versions to allow projects to opt in or out #74

README.md

@@ -151,6 +151,32 @@ By default qa checks (i.e. Checkstyle, PMD, Spotbugs, OWASP, Convergence Check)
 </property>
 ```
 
+#### Generated Sources
+
+By default, qa-parent configures the code analysis plugins to ignore generated source code and only analyse the project's main source directory.
+
+The following properties are set in qa-parent for Checkstyle and PMD:
+
+``` xml
+<property>
+  <bt.checkstyle.src>${project.build.sourceDirectory}</bt.checkstyle.src>
+  <bt.pmd.src>${project.build.sourceDirectory}</bt.pmd.src>
+</property>
+```
+
+Spotbugs is different from Checkstyle and PMD as it requires an exclude filter to be configured to ignore generated files.
+
+The following properties are set in qa-parent for Spotbugs:
+
+``` xml
+<property>
+  <!-- Exclude files in the generated-sources directory -->
+  <spotbugs.excludeFilterFile>bordertech/bt-spotbugs-exclude-generated-files.xml</spotbugs.excludeFilterFile>
+  <!-- Need to add sources for source tag in exclude and include filters to work -->
+ <spotbugs.addSourceDirs>true</spotbugs.addSourceDirs>
+</property>
+```
+
 #### Checkstyle
 
 Refer to [Checkstyle plugin](https://maven.apache.org/plugins/maven-checkstyle-plugin) for all override details.
@@ -289,6 +315,16 @@ Example filter file:-
 </FindBugsFilter>
 ```
 
+When adding a custom exclude filter and the module still needs to ignore generated source, then merge the excludes used in the default filter [bt-spotbugs-exclude-generated-files](https://github.com/BorderTech/java-common/blob/master/build-tools/src/main/resources/bordertech/bt-spotbugs-exclude-generated-files.xml):
+
+```
+<FindBugsFilter>
+  <!-- Exclude files in the generated-sources directory. For the source tag to work with the full path of the source files the addSourceDirs property on the plugin must be set to true. -->
+  <Match>
+    <Source name="~.*generated-sources.*" />
+  </Match>
+</FindBugsFilter>```
+
 #### OWASP
 
 Refer to [OWASP plugin](https://jeremylong.github.io/DependencyCheck/dependency-check-maven) for all override details.

build-tools/src/main/resources/bordertech/bt-spotbugs-exclude-generated-files.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+	<!-- Exclude files in the generated-sources directory. For the source tag to work with the full path of the source files the addSourceDirs property on the plugin must be set to true. -->
+	<Match>
+		<Source name="~.*generated-sources.*" />
+	</Match>
+</FindBugsFilter>

qa-parent/pom.xml

@@ -31,6 +31,8 @@
 		<!-- Checkstyle -->
 		<!-- Config file -->
 		<checkstyle.config.location>bordertech/bt-checkstyle.xml</checkstyle.config.location>
+		<!-- Override default to only use main src (ignore generated) -->
+		<bt.checkstyle.src>${project.build.sourceDirectory}</bt.checkstyle.src>
 		<!-- PMD -->
 		<pmd.printFailingErrors>true</pmd.printFailingErrors>
 		<!-- Priority: 1 (High) - 5 (Low) -->
@@ -39,6 +41,8 @@
 		<pmd.verbose>true</pmd.verbose>
 		<!-- Rules file -->
 		<bt.pmd.rules.file>bordertech/bt-pmd-rules.xml</bt.pmd.rules.file>
+		<!-- Override default to only use main src (ignore generated) -->
+		<bt.pmd.src>${project.build.sourceDirectory}</bt.pmd.src>
 		<!-- CPD (Default to report only) -->
 		<cpd.failOnViolation>false</cpd.failOnViolation>
 
@@ -49,6 +53,11 @@
 		<spotbugs.threshold>Medium</spotbugs.threshold>
 		<!-- Rank: Scariest (1-4), Scary (5-9), Troubling (10-14), Of concern (15-20) -->
 		<spotbugs.maxRank>14</spotbugs.maxRank>
+		<!-- To ignore generated files Spotbugs is different from checkstyle and PMD as it requires an exclude filter to be configured. -->
+		<!-- Exclude files in the generated-sources directory -->
+		<spotbugs.excludeFilterFile>bordertech/bt-spotbugs-exclude-generated-files.xml</spotbugs.excludeFilterFile>
+		<!-- Need to add sources for source tag in exclude and include filters to work -->
+		<spotbugs.addSourceDirs>true</spotbugs.addSourceDirs>
 
 		<!-- OWASP (Default to Critical) -->
 		<!-- Check every 12 hours (default is 4) -->
@@ -199,6 +208,11 @@
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-checkstyle-plugin</artifactId>
 				<version>${bt.checkstyle.plugin.version}</version>
+				<configuration>
+					<sourceDirectories>
+						<sourceDirectory>${bt.checkstyle.src}</sourceDirectory>
+					</sourceDirectories>
+				</configuration>
 				<dependencies>
 					<!-- Latest checkstyle version -->
 					<dependency>
@@ -233,6 +247,7 @@
 					<rulesets>
 						<ruleset>${bt.pmd.rules.file}</ruleset>
 					</rulesets>
+					<compileSourceRoots>${bt.pmd.src}</compileSourceRoots>
 				</configuration>
 				<dependencies>
 					<!-- Latest pmd version -->