©2015 GlobalLogic Inc.
©2015 GlobalLogic Inc.
Battle for Code Quality Story of One Java Project
Ilya TsvetkovDec 2015, Krakow
3
Few words about speaker
• I enjoy doing Java development since year 1999, 10+ years I lead teams on their road to successful delivery of products that makes customer happy
• I’m big fan of Agile and XP, although I started as RUP trainer back in 2000
• Yes, I can remember Java 1.2, EJB 1.1 and TopLink 1.0
Image
4
Quality
Image
5
Image
6
Image
Good code makes you feel good when you read it
7
Image
8
Before we start…
• 5 locations (USA, Ukraine, India) with team of 100+ members
• Java backend + 3 clients (iOS, Android, Web)
• Backend built with JPA, Spring, REST API
• > 10 releases in 3 years, 50+ enterprise customers worldwide
What kind of project we are talking about?
Image
Looks quite standard for today’s outsourcing industry!
9
Quality pyramid
Manual tests
UI Acceptance tests
Integration tests
Unit tests
• More unreliability• Greater cost (harder to automate)• Slower feedback
The higher we go:
10
Sad but true
Unit tests
Integration tests
UI Acceptance tests
Manual tests
11
Quality: who is in charge?
Image
Manual tests
UI Acceptance tests
Integration tests
Unit tests
What teams build software quality?
Develo
pmen
t
team
Auto
mat
ion
team
Test
team
12
Quality: what it takes to inject into development process
• Build system + Dependency management
• Continuous Integration & Delivery• Test automation on CI• Code Quality Standard
13
Continuous Integration tests vs Continuous Delivery tests
14
Continuous Integration tests vs Continuous Delivery testsContinuous Integration
Watch code
Build
Unit Tests
Publish results
Continuous Integration and Deployment
Watch code
Build
Unit Tests
Automatic Deployment
Functional tests
Performancetests
Publish results
16
What are your tests?
Data Access Layer (JPA)
Business Logic (Services)
Presentation (REST)
Providers (Connectors)
Java Unit tests
Java Integration
tests
SOAP UI tests
17
Unit tests
• Is there a developer in this room who doesn’t develop unit tests?
• Unit tests today are as common as regular code of your app
• What else can we say about them?
Test classes and methods in isolation
Image
I want coverage, man
19
What is always green test?
What is
Typical Unit test:
−Verify test results
−What Feature is tested−Fixture Setup−Call feature that is tested (“Stimulus“)
Count test antipatterns here
Can you see steps?
What about Verify step?
Unit test #1 wtf
wtf
wtf
feature
fixture setup
stimulus
What about Stimulus?
Unit test #2
feature
fixture setupverify
Unit test #3
feature
verify
Unit test #4feature
fixture setup
26
“Always green” unit test
• It counts in all reports for unit tests
• Management receives nice reports about coverage
• Never fails: “A test that never fails is worse than having no test at all”
• A lot of WTFs
Image
27
Can we fight “always green” tests?
• Code reviews (yep, let’s talk about them a bit later)
• Kill mutants!• Stop using Java for unit
tests! Image
28
Unit test (nice one)
feature
fixture setup
stimulus
verify
BDD style: test is no longer a piece of code that only developer can understandTest is human readable executable specificationLet DSL and BDD empower your tests
Spock test
feature
fixture setup
stimulus
verify
− Easy to learnIf you know Java and JUnit, you are almost ready to go.
− Powered by GroovyJava's dynamic companion lets you do more in less time. Plus, it's a lot of fun!
− Eliminates wasteNo assertion API. No record/replay mocking API. No superfluous annotations.
− Compatible with JUnit− Open-minded
Test-first? Test-last? Unit-level? Integration-level? Test-driven? Behavior-driven? We believe there are many ways to create good software, and try to give you the flexibility to do it your way.
− Beautiful languageExpress your thoughts in a beautiful and highly expressive specification language.
Why Spock
32
Dev Integration tests
Data Access Layer (JPA)
Business Logic (MyIT Services)
Presentation (REST)
MyIT providers
Java Unit tests
Java Integration
tests
SOAP UI tests
34
Integration test: JPA layer
Image
35
Integration test: Service layer
Image
36
REST API tests
Data Access Layer (JPA)
Business Logic (MyIT Services)
Presentation (REST)
MyIT providers
Java Unit tests
Java Integration
tests
SOAP UI tests
37
REST API tests
• In servlet container or not?
• With Java or not?
• Plain Apache HttpClient?
• Jersey Test framework?
• Spring MVC Test framework and its RestTemplate?
Who runs tests on REST API? What tool do you use? Do you run it on CI?
Image
38
Our choice: SmartBear SOAP UI
• REST API is Java agnostic so no need for Java here
• REST tests could be developed by QA team, not only by Dev team
• Same tests can be used for Load tests and Security tests
Image
39
REST API tests runtime
• Embedded Servlet container - Jetty
• Embedded database HSQLDB
• Test xml datasets with DbUnit
• Tests executed on Jenkins with Maven SOAP UI plugin
• Coverage collected by Jacoco and published to SonarQube portal
Remember tests run on Jenkins
Image
− Java code analysis tools: PMD, CheckStyle, FindBugs, etc
− Continuous Code Inspection with SonarQube:− Tests coverage− Coding rules violations− LCOM4 (Lack of Cohesion of Methods)− Cyclomatic complexity− Total quality index− etc
©2013 GlobalLogic Inc.
Continuous Code InspectionBMC KIEV LAB: MYIT TEAM – Best practices
41
Image
42
Image
43
44
Code quality standard
Publish it on project WIKI
Image
45
Image
46
Image
47
Image
48
Image
49
Image
50
What is missing?
• Let SonarQube analysis be part of developer’s IDE
• Let SonarQube analysis be part of CI• Fail the build if SonarQube is unhappy• Code reviews
Add some salt before serving it to team (or to your customer)
Image
51
Let SonarQube analysis be part of developer’s IDE
• SonarLint plugin (IntelliJ IDEA, Eclipse)
• SonarQube Community plugin (IntelliJ IDEA)
• SonarQube plugin (IntelliJ IDEA, Eclipse) - commercial
Image
52
Image
53
Image
54
Let SonarQube analysis be part of CI• All CI servers have SonarQube plugins
• Maven/Gradle have SonarQube plugin
• Run SonarQube analysis with CI on daily basis
• Setup SonarQube notifications to make developers react!
Image
55
Fail the build if SonarQube is unhappy• Sonar Quality Gate – simply makes indication on portal
• Why failing the build? Because developers cannot ignore this. Try it • Sonar Build Breaker plugin – deprecated
• Some commercial alternatives available
• Develop your plugin – this is simple!
Image
56
…and finally – Code reviews
• Both are manual check of quality• Expensive and slow to run• Unreliable (depend on human being)• Feedback is not instant• Can be pain if process is bad
Code reviews vs Manual tests
Image
• Both educate team members during execution
• Knowledge sharing• Both find quality problems that tools cannot
find• Fun if process is good
57
Make your code reviews fun
• If you are not small collocated team – use tool support!
• No tests – no review• Do not run code reviews if SonarQube is
unhappy• Use your code quality standard!• Show love to your code
Image