Merge pull request #17 from spdx/sonarfixes

Add Sonar Cloud to CI and improve code quality

.github/workflows/build.yml

@@ -0,0 +1,41 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Set up JDK 11
+      uses: actions/setup-java@v1
+      with:
+        java-version: 11
+    - name: Cache SonarCloud packages
+      uses: actions/cache@v1
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+    - name: Cache Maven packages
+      uses: actions/cache@v1
+      with:
+        path: ~/.m2
+        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+        restore-keys: ${{ runner.os }}-m2
+    - name: Build and analyze
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install sonar:sonar

README.md

@@ -7,6 +7,10 @@ The Software Package Data Exchange (SPDX) specification is a standard format for
 These tools are published by the SPDX Workgroup
 see [http://spdx.org/](http://spdx.org/)
 
+# Code quality badges
+
+|   [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=bugs)](https://sonarcloud.io/dashboard?id=tools-java)    | [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=security_rating)](https://sonarcloud.io/dashboard?id=tools-java) | [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=tools-java) | [![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_index)](https://sonarcloud.io/dashboard?id=tools-java) |
+
 ## Getting Starting
 
 The SPDX Tool binaries can be downloaded from the [BinTray SPDX Tools Java](https://bintray.com/spdx/spdx-tools/tools-java) repo under the respective release.  The package is also available in [Maven Central](https://search.maven.org/artifact/org.spdx/tools-java) (organization org.spdx, artifact tools-java).

pom.xml

@@ -4,7 +4,7 @@
 
 	<groupId>org.spdx</groupId>
 	<artifactId>tools-java</artifactId>
-	<version>0.0.7-SNAPSHOT</version>
+	<version>1.0.0</version>
 	<packaging>jar</packaging>
 
 	<name>tools-java</name>
@@ -45,13 +45,16 @@
 	</ciManagement>
     <distributionManagement>
       <repository>
-        <id>bintray-spdx-spdx-tools</id>
+        <id>ossrh</id>
         <name>spdx-spdx-tools</name>
-        <url>https://api.bintray.com/maven/spdx/spdx-tools/tools-java/;publish=1</url>
+        <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
       </repository>
 	</distributionManagement>
     <properties>
       <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+	  <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+	  <sonar.organization>spdx</sonar.organization>
+	  <sonar.projectKey>tools-java</sonar.projectKey>
     </properties>
 	<profiles>
 		<profile>
@@ -99,17 +102,17 @@
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>java-spdx-library</artifactId>
-	  	<version>1.0.3</version>
+	  	<version>1.0.6</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-rdf-store</artifactId>
-	  	<version>1.0.0</version>
+	  	<version>1.0.2</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-jackson-store</artifactId>
-	  	<version>0.0.5</version>
+	  	<version>1.0.0</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.apache.ws.xmlschema</groupId>
@@ -119,12 +122,12 @@
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-spreadsheet-store</artifactId>
-	  	<version>0.0.5</version>
+	  	<version>1.0.0</version>
 	  </dependency>
 	  <dependency>
 	  	<groupId>org.spdx</groupId>
 	  	<artifactId>spdx-tagvalue-store</artifactId>
-	  	<version>0.0.5</version>
+	  	<version>1.0.0</version>
 	  </dependency>
 	</dependencies>
     <build>

src/main/java/org/spdx/tools/CompareSpdxDocs.java

@@ -24,6 +24,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.spdx.library.InvalidSPDXAnalysisException;
 import org.spdx.library.model.SpdxDocument;
 import org.spdx.spreadsheetstore.SpreadsheetException;
@@ -44,6 +46,7 @@ public class CompareSpdxDocs {
 	static final int MIN_ARGS = 3;
 	static final int MAX_ARGS = 14;
 	static final int ERROR_STATUS = 1;
+	static final Logger logger = LoggerFactory.getLogger(CompareSpdxDocs.class);
 
 
 	/**
@@ -116,7 +119,7 @@ public static void onlineFunction(String[] args) throws OnlineToolException {
 				try {
 					outSheet.close();
 				} catch (SpreadsheetException e) {
-					throw new OnlineToolException("Warning - error closing spreadsheet: "+e.getMessage());
+					logger.warn("Warning - error closing spreadsheet: "+e.getMessage());
 				}
 			}
 		}

src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java

@@ -31,6 +31,7 @@
 import org.apache.jena.rdf.model.ModelFactory;
 import org.spdx.tools.schema.OwlToJsonContext;
 
+import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
@@ -75,19 +76,23 @@ public static void main(String[] args) {
 			System.err.println("File not found for "+fromFile.getName());
 			return;
 		} finally {
-			if (Objects.nonNull(is)) {
+			if (is != null) {
 				try {
 					is.close();
 				} catch (IOException e) {
 					System.err.println("Error closing input file stream: "+e.getMessage());
 				}
 			}
 		}
+		if (Objects.isNull(owlToJsonContext)) {
+		    System.err.println("Unable to load ontology from file "+fromFile.getName());
+		    return;
+		}
 		ObjectNode context = owlToJsonContext.convertToContext();
-		OutputStream os = null;
+		JsonGenerator jsonGenerator = null;
 		try {
-			os = new FileOutputStream(toFile);
-			OwlToJsonContext.jsonMapper.writeTree(OwlToJsonContext.jsonMapper.getFactory().createGenerator(os).useDefaultPrettyPrinter(), 
+			jsonGenerator = OwlToJsonContext.jsonMapper.getFactory().createGenerator(new FileOutputStream(toFile));
+			OwlToJsonContext.jsonMapper.writeTree(jsonGenerator.useDefaultPrettyPrinter(), 
 					context);
 		} catch (FileNotFoundException e) {
 			System.err.println("File not found for "+fromFile.getName());
@@ -99,9 +104,9 @@ public static void main(String[] args) {
 			System.err.println("I/O error: "+e.getMessage());
 			return;
 		} finally {
-			if (Objects.nonNull(os)) {
+			if (Objects.nonNull(jsonGenerator)) {
 				try {
-					os.close();
+				    jsonGenerator.close();
 				} catch (IOException e) {
 					System.err.println("Error closing output file stream: "+e.getMessage());
 				}

src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java

@@ -31,6 +31,7 @@
 import org.apache.jena.rdf.model.ModelFactory;
 import org.spdx.tools.schema.OwlToJsonSchema;
 
+import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
@@ -76,7 +77,7 @@ public static void main(String[] args) {
 			System.err.println("File not found for "+fromFile.getName());
 			return;
 		} finally {
-			if (Objects.nonNull(is)) {
+			if (is != null) {
 				try {
 					is.close();
 				} catch (IOException e) {
@@ -88,10 +89,10 @@ public static void main(String[] args) {
 		ObjectNode root = owlToJson.convertToJsonSchema();
 		ObjectMapper jsonMapper = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT);
 
-		OutputStream os = null;
+		JsonGenerator jsonGenerator = null;
 		try {
-			os = new FileOutputStream(toFile);
-			jsonMapper.writeTree(jsonMapper.getFactory().createGenerator(os).useDefaultPrettyPrinter(), 
+		    jsonGenerator = jsonMapper.getFactory().createGenerator(new FileOutputStream(toFile));
+			jsonMapper.writeTree(jsonGenerator.useDefaultPrettyPrinter(), 
 					root);
 		} catch (JsonProcessingException e) {
 			System.err.println("JSON error "+e.getMessage());
@@ -107,9 +108,9 @@ public static void main(String[] args) {
 					System.err.println("Error closing input file stream: "+e.getMessage());
 				}
 			}
-			if (Objects.nonNull(os)) {
+			if (Objects.nonNull(jsonGenerator)) {
 				try {
-					os.close();
+				    jsonGenerator.close();
 				} catch (IOException e) {
 					System.err.println("Error closing output file stream: "+e.getMessage());
 				}

src/main/java/org/spdx/tools/RdfSchemaToXsd.java

@@ -75,7 +75,7 @@ public static void main(String[] args) {
 			System.err.println("File not found for "+fromFile.getName());
 			return;
 		} finally {
-			if (Objects.nonNull(is)) {
+			if (is != null) {
 				try {
 					is.close();
 				} catch (IOException e) {

src/main/java/org/spdx/tools/SpdxConverter.java

@@ -23,6 +23,8 @@
 import java.io.IOException;
 import java.util.Objects;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.spdx.library.InvalidSPDXAnalysisException;
 import org.spdx.library.ModelCopyManager;
 import org.spdx.library.SpdxConstants;
@@ -41,7 +43,8 @@
  *
  */
 public class SpdxConverter {
-
+    static final Logger logger = LoggerFactory.getLogger(SpdxConverter.class);
+
 	static final int ERROR_STATUS = 1;
 
 	static final int MIN_ARGS = 2;
@@ -178,14 +181,14 @@ public static void convert(String fromFilePath, String toFilePath, SerFileType f
 				try {
 					input.close();
 				} catch (IOException e) {
-					throw new SpdxConverterException("Error closing input file: "+e.getMessage());
+					logger.warn("Error closing input file: "+e.getMessage());
 				}
 			}
 			if (Objects.nonNull(output)) {
 				try {
 					output.close();
 				} catch (IOException e) {
-					throw new SpdxConverterException("Error closing output file: "+e.getMessage());
+					logger.warn("Error closing output file: "+e.getMessage());
 				}
 			}
 		}

src/main/java/org/spdx/tools/SpdxViewer.java

@@ -19,6 +19,7 @@
 
 import java.io.PrintWriter;
 import java.util.List;
+import java.util.Objects;
 import java.util.Properties;
 
 import org.spdx.library.InvalidSPDXAnalysisException;
@@ -57,17 +58,19 @@ public static void main(String[] args) {
 			System.out.printf("Warning: Extra arguments will be ignored");
 		}
 		SpdxDocument doc = null;
-		RdfStore store = new RdfStore();
-		try {
-			String documentUri = store.loadModelFromFile(args[0], false);
-			doc = new SpdxDocument(store, documentUri, null, false);
-		} catch (Exception ex) {
-			System.out
-					.print("Error creating SPDX Document: " + ex.getMessage());
-			return;
-		}
-		PrintWriter writer = new PrintWriter(System.out);
+		RdfStore store = null;
+		PrintWriter writer = null;
 		try {
+	      store = new RdfStore();    
+	      try {
+	            String documentUri = store.loadModelFromFile(args[0], false);
+	            doc = new SpdxDocument(store, documentUri, null, false);
+	        } catch (Exception ex) {
+	            System.out
+	                    .print("Error creating SPDX Document: " + ex.getMessage());
+	            return;
+	        }
+	        writer = new PrintWriter(System.out);
 			List<String> verify = doc.verify();
 			if (verify.size() > 0) {
 				System.out.println("This SPDX Document is not valid due to:");
@@ -88,7 +91,16 @@ public static void main(String[] args) {
 			System.out.print("Unexpected error displaying SPDX Document: "
 					+ e.getMessage());
 		} finally {
-			writer.close();
+		    if (Objects.nonNull(writer)) {
+		        writer.close();
+		    }
+		    if (Objects.nonNull(store)) {
+    			try {
+                    store.close();
+                } catch (Exception e) {
+                    System.out.println("Warning - unable to close RDF store: "+e.getMessage());
+                }
+		    }
 		}
 	}
 }

src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java

@@ -207,11 +207,11 @@ private void setCellAllEqual(Cell cell) {
 	 * @throws InvalidSPDXAnalysisException 
 	 */
 	private Optional<String> getNextFileName(List<List<SpdxFile>> files, int[] fileIndexes) throws InvalidSPDXAnalysisException {
-		Optional<String> retval = null;
+		Optional<String> retval = Optional.empty();
 		for (int i = 0; i < files.size(); i++) {
 			if (files.get(i).size() > fileIndexes[i]) {
 				Optional<String> fileName = files.get(i).get(fileIndexes[i]).getName();
-				if (retval == null || normalizedFileNameComparator.compare(retval, fileName) > 0) {
+				if (!retval.isPresent() || normalizedFileNameComparator.compare(retval, fileName) > 0) {
 					retval = fileName;
 				}
 			}