Building better software with Maven & Sonar

By Rohit Ghatol

About Me

What is Maven?

Build Tool Reporting Tool

Software Distribution Project

Management

For Java

Maven Quick Demo

Requirements for Maven

• JDK 6+• Maven 2.x

mvn archetype:generate -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false-DgroupId=com.mycompany.app -DartifactId=my-app

Directory Structure

Dir

src

main

java resources

test

java resources

pom.xml

com/mycompany/app/App.java com/mycompany/app/AppTest.java

mvn install

Directory Structure

Dir

src

main

java resources

test

java resources

pom.xml target

my-app-1.0-SNAPSHOT.jar

Directory Name Description

src/main/java Application/Library sourcessrc/main/resources Application/Library resourcessrc/main/filters Resource filter filessrc/main/assembly Assembly descriptorssrc/main/config Configuration filessrc/main/webapp Web application sourcessrc/test/java Test sourcessrc/test/resources Test resourcessrc/test/filters Test resource filter filessrc/site SiteLICENSE.txt Project's licenseNOTICE.txt Notices and attributions required by libraries that the

project depends onREADME.txt Project's readme

Maven Directory Structure

Why Maven?

But Ma, I have Ant?

Project Dependency in Ant

Project 1 Project 2

C:\project1 C:\project2

C:\Project2\dist

Build.xml Build.xmlUsing Relative Path

I only need Project 1, but I still need to checkout Project 2

Checking in Dependencies

Project 1 Project 2 Project 3

libs libs libs

• project2.jar• servlet-api.jar

• project3.jar• commons.jar

• logging.jar• hamcrest.jar

What about CIT?3rd Party Dependencies are checked in!

Snapshot builds

Convention Vs Configuration

Clean

Prepare

Compile

Jar

Test

Almost Every one is doing following?

Is it Time to define a

HighLevel Lifecyle ?

Custom Ant TasksProject 1

libs

• project2.jar• servlet-api.jar• android-build.jar

Clean

Compile

Dex

APT

Jar

Build Cycle

What about

Reuse?What about

Distribution?

When to call the

task Life cycle?

Reporting

Test Run Report

Code Coverage Report

PMD

FindBugs

Change Log

……

Can I get these by

default?

Software Distribution

Internet

Synerzip

RepoRepo

Repo1

Repo2

Repo2

Repo

Project1

Project2

Project3

SpringMaven

Xyz..

Going Deeper into Maven

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi=”….> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany.app</groupId> <artifactId>my-app</artifactId> <packaging>jar</packaging> <version>1.0-SNAPSHOT</version> <name>my-app</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies></project>

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi=”….> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany.app</groupId> <artifactId>my-app</artifactId> <packaging>jar</packaging> <version>1.0-SNAPSHOT</version> <name>my-app</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies></project>

pom.xml

Understanding Repositories

~/.m2/repository

Maven Project

Central

Proxy/Internal Repo

Synerzip

mvn packageDownload needed dependencies e.g junit

mvn installInstall the artifact in to local repository (~/.m2/repository

mvn deployPush artifact to Internal/Central repository

Maven Architecture

Maven Core

• Parsing Maven XML File• Maven LifeCycle• Basic Plugins

compilecompile

jarjar

surefiretest

…….

…….

Core Plugins

Maven Concepts

Goals LifeCycle

mvn archetype:generate mvn install

mvn <<Plugin>>:<<Goal>> mvn <<LifeCycle Phase>>

Maven Plugins & Goals

Plugin Goals

compilercompiletestCompile

jarjartest-jarsignSign-verify

surefiretest

Command: mvn help:describe –Dplugin:jar

Maven LifeCycle

process-resources

compile

process-classes

process-test-resources

test-compile

test

prepare-package

package

Phases

resources:resources

compiler:compile

resources:testResources

compiler:testCompile

surefire:test

jar:jar

Goals

mvn clean install

• maven-clean-plugin:2.4.1:clean• maven-resources-plugin:2.4.3:resources• maven-compiler-plugin:2.3.2:compile• maven-resources-plugin:2.4.3:testResources• maven-compiler-plugin:2.3.2:testCompile• maven-surefire-plugin:2.7.2:test• maven-jar-plugin:2.3.1:jar• maven-install-plugin:2.3.1:install

Standalone Maven Project

Effective POM

Make Changes

• Add Employee Model Class• Add Employee Service (Use Map for

persistence)• Add Employee Test Cases• Add Reporting Plugins to generate site

Maven Site Generation

Maven Reporting<reporting>

<plugins><!-- surefire-reports --><plugin>

<groupId>org.apache.maven.plugins</groupId><artifactId>maven-surefire-report-plugin</artifactId><version>2.6</version>

</plugin><!-- JavaDoc Plugin --><plugin> <groupId>org.apache.maven.plugins</groupId>

<artifactId>maven-javadoc-plugin</artifactId><version>2.8</version>

</plugin><!-- jxrsource code browsing plugin --><plugin>

<groupId>org.codehaus.mojo</groupId> <artifactId>jxr-maven-plugin</artifactId> <version>2.0-beta-1</version>

</plugin></reporting>

Maven Site

Maven Site

Maven Site

Maven Site

Maven Site

Maven Site

Maven Site

Maven Site

Maven Web App Project

Web.xml

mvn package tomcat:run-war

Look Ma, No need to download Tomcat by myself

Maven Repositories

Repository Options

• Archiva• Artifactory• Nexus

Internal Maven Repositories

<repositories> <repository> <id>archiva.internal</id> <name>Archiva Managed Internal Repository</name> <url>http://xyz:8080/archiva/repository/internal/</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>false</enabled> </snapshots> </repository> <repository> <id>archiva.snapshots</id> <name>Archiva Managed Snapshot Repository</name> <url>http://xyz:8080/archiva/repository/snapshots/</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository>

</repositories>

Maven Distribution

Distribution Management<distributionManagement> <repository> <id>archiva.internal</id> <name>Internal Release Repository</name> <url>dav:http://xyz:8080/archiva/repository/internal/</url> </repository> <snapshotRepository> <id>archiva.snapshots</id> <name>Internal Snapshot Repository</name> <url>dav:http://xyz:8080/archiva/repository/snapshots/</url> </snapshotRepository> <site> <id>website</id> <url>scp://xyz/var/www/mavensite/MavenTraining</url> </site>

</distributionManagement>

Multi Module Projects

Multi Module Project

employee

service

webapp

pom.xml

pom.xml

pom.xml

<project ….> <modelVersion>4.0.0</modelVersion> <groupId>com.technext.maven</groupId> <artifactId>parent-project</artifactId> <version>1.0-SNAPSHOT</version> <packaging>pom</packaging> <modules> <module>service</module> <module>webapp</module> </modules>

</project>

$employee> mvn package[INFO] Scanning for projects...[INFO] Reactor build order: [INFO] Employee Parent Project[INFO] Employee-Backend-Services[INFO] Employee-WebApp

Parent Child Relationship

Parent Child Relationship

employee

service

webapp

pom.xml

pom.xml

pom.xml

<project …> <modelVersion>4.0.0</modelVersion> <parent> <artifactId>employee-parent</artifactId> <groupId>com.technext.maven.multimodule</groupId> <version>0.0.1-SNAPSHOT</version> </parent> <groupId>com.technext.maven.multimodule</groupId> <artifactId>employee-service</artifactId> <version>0.0.1-SNAPSHOT</version> <name>Employee-Backend-Services</name></project>

Maven Profiles

How Often you customize your builds?

Production Vs Development

Developer Vs QA

Manager Vs Individual Contributer

Windows Vs Linux

Build Portability

Welcome Maven Profiles

Lets Declare a Maven Profile

More Details

http://maven.apache.org/guides/introduction/introduction-to-

profiles.html

Maven Settings.xml

Scenario

Archiva Server(Repository Server)

CVS

pom.xml

pom.xml pom.xmlpom.xml

<project> ... <distributionManagement> <repository> <id>archiva.internal</id> <name>Internal Release Repository</name> <url>dav:http://reposerver.mycompany.com:8080/archiva/repository/internal/</url> </repository> <snapshotRepository> <id>archiva.snapshots</id> <name>Internal Snapshot Repository</name> <url>dav:http://reposerver.mycompany.com:8080/archiva/repository/snapshots/</url> </snapshotRepository> </distributionManagement> ... </project>

Where to specify Username andPassword?

<settings> ... <servers> <server> <id>deployment.webdav</id> <username>{archiva-deployment-user}</username> <password>{archiva-deployment-pwd}</password> </server> ... </servers> ... </settings>

settings.xml

More Details

• http://maven.apache.org/settings.html• http

://archiva.apache.org/docs/1.0.1/userguide/deploy.html

Sonar

What is Sonar?

Code Quality Analysis tool

Install Sonar

• Download Sonar - http://www.sonarsource.org/downloads/

• Change DB Settings if needed• $>sonar start• http://xyz:9000

Using Sonar with Maven

• Provide Sonar DB Settings in maven’s Settings.xml

• $>mvn clean package sonar:sonar

• Visit http://xyz:9000/

Sonar Report for EmployeeService

Basic Metrics (Starter pack)

• Lines of Code/Classes/Methods• Rules Compliance Index & Violations• Comments and Duplicate Code• Package Tangle Index• Method/Class Complexity (Cyclometric)• LCOM4 and RFC• Code Coverage and Test Results

Lines of Code/Classes/Method

Lines of Code/Classes/Method

• General Demographics about– Total lines– Total lines of code– Total Statements– Total Packages– Total Classes– Total Methods

Rules Compliance Index & Violations

Rules Compliance Index & Violations

• Compare to PMD, Find Bugs, Code analysis tool

• Violations Categorized into– Blocker– Critical– Major– Minor

• This all is customizable

Comments and Duplicate Code

Comments and Duplicate Code

• How many public APIs are documented?• How many APIs are undocumented?• How much of code is commented?• How much code is duplicated?

Package Tangle Index

Package Tangle Index

• Architectural health• Detects Cyclic Dependency between Packages• Shows if Architecture is layered architecture

Method/Class Complexity

Method/Class Complexity

• Cyclometric Complexity• Complexity is 1 for empty function• Add 1 for every block• Addition of all this is complexity of the

method• More complex the method harder to test• Default complexity level = 10

LCOM4 and RFC

LCOM4

• Lets Start with SOLID Design Principle– S = Single Responsibility Principle

• A Class should have only one responsibility• If Class has more than one– Then break the class into smaller classes

• This ensures– Modularity– Reusability

How to measure LCOM4

• If a class as 2+ sets of method totally disjoint, then we can very much say class has 2 responsibility

• http://www.sonarsource.org/clean-up-design-at-class-level-with-sonar/

RFC – Response for Class

• Total number of methods/constructor invoked as a result of calling the method of a class

Code Coverage and Test Results

Code Coverage and Test Results

• Code Coverage is the paths of code covered by unit test

• Test Results is how many test cases passed or fail

Time Machine

Time Machine

• Compare any of the metrics over a period of time

• Instant Dashboard of – What’s improving– What’s degrading

Design

Design

Design

• Tells about Cyclic Dependencies in Packages• Tells about the state of Layered Architecture

Violations DrillDown

Hotspots

Hotspots

• One Place to see all risks area• Drill Down to the problem areas

And Many More

• Visit this link for more details http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library

Sample Sonar Reports

• http://nemo.sonarsource.org/

References

Must Own Book for Maven http://www.sonarsource.org/

Buy a Copy Today