Skip to content

Open Source

SonarLint for Visual Studio: Let’s Fix Some Real Issues in Code!

Sonar - Wed, 02/10/2016 - 10:38

As part of the development process of SonarLint for Visual Studio we regularly check a couple of open source projects, such as Roslyn, to filter out false positives and to validate our rule implementations. In this post we’ll highlight a couple of issues found recently in Roslyn project.

Short-circuit logic should be used to prevent null pointer dereferences in conditionals (S1697)

This rule recognizes a few very specific patterns in your code. We don’t expect any false positives from it, so whenever it reports an issue, we know that it found a bug. Check it out for yourself; here is the link to the problem line.

When body is null, the second part of the condition will be evaluated and throw a NullReferenceException. You might think that the body of a method can’t be null, but even in syntactically correct code it is possible. For example method declarations in interfaces, abstract or partial methods, and expression bodied methods or properties all have null bodies. So why hasn’t this bug shown up yet? This code is only called in one place, on a method declaration with a body.

The ternary operator should not return the same value regardless of the condition (S2758)

We’re not sure if this issue is a bug or just the result of some refactoring, but it is certainly confusing. Why would you check isStartToken if you don’t care about its content?

 ”IDisposables” should be disposed (S2930)

Lately we’ve spent some effort on removing false positives from this rule. For example, we’re not reporting on MemoryStream uses anymore, even though it is an IDisposable. SonarLint only reports on resources that should really be closed, which gives us high confidence in this rule. Three issues ([1], [2][3]) are found on the Roslyn project, where a FileStream, a TcpClient, and a TcpListener are not being disposed.

Method overloads with default parameter values should not overlap (S3427)

Mixing method overloads and default parameter values can result in cases when the default parameter value can’t be used at all, or can only be used in conjunction with named arguments. These three cases ([1], [2], [3]) fall into the former category, the default parameter values can’t be used at all, so it is perfectly safe to remove them. In each case, whenever only the first two arguments are supplied, another constructor will be called. Additionally, in this special case, if you call the method like IsEquivalentTo(node: myNode), then the default parameter value is used, but if you use IsEquivalentTo(myNode), then another overload is being called. Confusing, isn’t it?

Flags enumerations should explicitly initialize all their members (S2345)

It is good practice to explicitly set a value for your [Flags] enums. It’s not strictly necessary, and your code might function correctly without it, but still, it’s better safe than sorry. If the enum has only three members, then the automatic 0, 1, 2 field initialization works correctly, but when you have more members, you most probably don’t want to use the default values. For example here FromReferencedAssembly == FromSourceModule | FromAddedModule. Is this the desired setup? If so, why not add it explicitly to avoid confusion?

“async” methods should not return “void” (S3168)

As you probably know, async void methods should only be used in a very limited number of scenarios. The reason for this is that you can’t await on async void method calls. Basically, these are fire and forget methods, such as event handlers. So what happens when a test method is marked async void? Well, it depends. It depends on your test execution framework. For example NUnit 2.6.3 handles them correctly, but the newer NUnit 3.0 dropped support. Roslyn uses xUnit 2.1.0 at the moment, which does support running async void test methods, so there is no real issue with them right now. But changing the return value to Task would probably be advisable. To sum up, double check your async void methods; they might or might not work as you expect. Here are two occurrences from Roslyn ([1], [2]).

Additionally, here are some other confusing pieces of code that are marked by SonarLint. Rule S2275 (Format strings should be passed the correct number of arguments) triggers on this call, where the formatting arguments 10 and 100 are not used, because there are no placeholders for them in the format string. Finally, here are three cases ([1], [2], [3]) where values are bitwise OR-ed (|) with 0 (Rule S2437).

We sincerely hope you already use SonarLint daily to catch issues early. If not, you can download SonarLint from the Visual Studio Extension Gallery or install it directly from Visual Studio (Tools/Extensions and Updates). SonarLint is free and already trusted by thousands of developers, so start using it today!

Categories: Open Source

Selenium Conf India 2016 Update

Selenium - Mon, 02/08/2016 - 19:47

Selenium Conf India is happening this June 24-26 in Bangalore, India.

Tickets, call for speakers, and sponsorship slots are now available!

http://2016.seleniumconf.in/

 


Categories: Open Source

SCaLE 14x Conference Report

Historically January has always been a very big month for the Jenkins community. Between FOSDEM Southern California Linux Expo (also known as SCaLE) we seem to hand out more stickers during the last week in January than any other week of the year. This year’s SCaLE 14X conference finally outgrew the LAX Hilton in Los Angeles, where it had been hosted in years past, and moved over to the Pasadena Convention Center in Pasadena California. While the organizers of the conference expanded their scope, so did the Jenkins project! In addition to our normal Jenkins stickers, we also had some special edition stickers with special logos to give away this...
Categories: Open Source

SonarQube 5.3 in Screenshots

Sonar - Thu, 01/28/2016 - 10:02

The team is proud to announce the release of 5.3, another paradigm-shifting version, with the addition of significant new features, and the return of popular functionality that didn’t make it in to 5.2:

  • New Project Space which puts the focus on the Quality Gate and the Leak Period
  • User tokens for authenticated analysis without passwords
  • New web services to facilitate a build breaker strategy
  • Cross-project duplication is back!

New Project Space which puts the focus on the Quality Gate and the Leak Period

The most striking change in this version is the replacement of the default project dashboard with a new, fixed Project space highlighting the top four data domains: technical debt, coverage, duplications, and structure (which includes both size and complexity):

Because managing technical debt introduced during the Leak Period is so crucial, this streamlined, new project home page keeps the leak period (first differential period, which is now overridable at the project level), in the forefront. Both current and differential values are shown both textually and graphically:

Each of the four domains offers a detailed sub-page, available either through the “more” links on the Project Space or the relevant project menu items:

Technical Debt:
Coverage:
Duplications:
Structure:

Each domain page offers the same combination of current values (in blue, with clickthroughs) and leak period changes (yellow background) found on the main page, along with detailed numeric and graphical presentations designed to help you quickly zero-in on the worst offenders in your projects.

SonarSource feels so strongly about the value of the new Project Space and the domain pages that none of them are configurable. But your old dashboards are still available under the “Dashboards” menu item.

User tokens for authenticated analysis without passwords

In version 5.2, we cut the last ties between analysis and the database. Now an analysis report is submitted to the server and all database updates take place server-side. In 5.3 we take the next step down the road of enhanced analysis security with the introduction of authentication tokens.

Now an administrator can create authentication tokens for any user.

Tokens may be used in for analysis and with web services. Simply pass the token as the login, and leave the password blank.

The list of user token names (but not values!) is easily visible, and existing tokens can be revoked at any time:

Users can’t generate their own tokens yet, but that’s coming soon.

New web services to facilitate a build breaker strategy

In the implementation of a Continuous Inspection strategy, many people use Continuous Integration servers, such as Jenkins, to execute their SonarQube scans, and want to show as broken a run that includes new code that breaks fails the Quality Gate. Because of time constraints, the old hooks for that were removed in 5.2 and not replaced. In 5.3. we made it a priority to close this gap, so the functionality is now available to allow you to implement a build breaker strategy.

When the client-side scanner is done, it writes out a data file with the URL to call for the server-side processing status

Once the processing is successful,

you can use the analysis id to get the quality gate status

Cross-project duplication is back!

Also under the heading of returning favorites is cross-project duplication. The changes in 5.2 required serious API updates. In turn a rewrite of cross-project duplication detection was required – another priority in 5.3

Notably, 5.3 only provides cross-project duplication detection, not the detection of duplications across modules within a project, which is planned for 5.4.

That’s All, Folks!

Time now to download the new version and try it out. But don’t forget to read the installation or upgrade guide first!

Categories: Open Source

Jenkins World 2016: Call For Papers Is Open!

This is a guest post by Alyssa Tong. Alyssa works for CloudBees, helping to organize Jenkins community events around the world. Planning is underway for Jenkins World, a major Jenkins event for developers, release engineers and others interested in automation. The conference will be held from September 13th to 15th in Santa Clara, California and is being organized and sponsored in part by CloudBees. Just like the "Jenkins User Conferences" before it, this year’s event will feature many experts from the Jenkins community that help make Jenkins the most popular open source automation server on the planet. We’ve found that we outgrew the popular multi-city one-day Jenkins User Conferences, so unlike previous...
Categories: Open Source

Office Hour: The State of JavaScript in Jenkins

Tom Fennelly will host tomorrow’s office hour on JavaScript in Jenkins. The intended audience for this presentation is core and plugin developers. In his own words: I believe strongly that we can make meaningful user experience improvements to Jenkins, but it will require having more weapons in our arsenal in terms of how we build plugins etc. This is what we’ll be talking about in this week’s office hour. It will be a developer-focused session where we’ll start off by talking a little about how UI development has traditionally been done in Jenkins, before moving on to some newer patterns and tools that...
Categories: Open Source

A beautiful Jenkins dashboard

This is a guest post by Julian Kleinhans, Software Architect at AOE, who is outlining some of the Jenkins dashboard work he’s done with dashing-js Jenkins offers a handful of third party dashboards, but none of them are really beautiful and flexible enough from my point of view. For example, I could not find a solution which gives me the possibility to easily decide which data should be display in the widget and which not. It also doesn`t have the possibility to add additional widgets to the dashboard which have nothing to do with Jenkins. So I came up with something interesting that includes Jenkins data. But I cannot do...
Categories: Open Source

Jenkins Code of Conduct

Over the past couple months, we have been working on a long overdue Code of Conduct for the Jenkins project (meeting minutes here and here). Following in the footsteps of other projects like the Apache Software Foundation, Go lang and countless others, we have adopted this code of conduct to help set guidelines for what behaviors are acceptable, and what behaviors are not, when acting within the Jenkins community or on behalf of the Jenkins project. I would like to extend our gratitude to the authors of the Contributor Covenant who provided us with a very good and mostly finished Code of Conduct template. We have adapted the covenant to meet the unique needs of...
Categories: Open Source

A new Jenkins website

When I first started working on the Jenkins website, then called by a different name, I selected Drupal, an extensible content management system, to get the job done. Like Jenkins itself, Drupal is easy to set up, install plugins and authoring content is done in a web UI. For the past seven years Drupal has served us well, but it is time to move on to something better suited for our needs. The general requirements for something newer were: Easy to edit and create content Changes to content should be tracked and reviewable Any Jenkins contributor should be able to participate Support mixed content types The consensus was that a statically-generated...
Categories: Open Source

Jenkins at SCaLE 14x

For the past few years, a couple members of the Jenkins project have made the trip to Los Angeles for the Southern California Linux Expo. Despite the name it’s a fairly broad open source technology conference and since it is hosted prior to FOSDEM, it’s also a good conference to get us in the open source mood after the holiday break. Unlike previous years, when SCaLE was hosted at the LAX Hilton, this year it has grown and moved to the Pasadena Convention Center. There, as with previous years, we’ll have a table in the expo hall with plenty of stickers and perhaps some other forms of swag available for...
Categories: Open Source

December JAM World Tour: Toulouse, France

On December 15, the Toulouse JAM was co-hosted with the Toulouse JUG and Toulouse DevOps. Indeed it made sense since Jenkins is written in Java, makes use of Groovy code in many places (system groovy script, job dsl, workflow...), and it also made sense to co-organize with the local DevOps community since Jenkins is also a great tool to enable Continuous Integration, Continuous Delivery and automation in general. There were 103 RSVPs, with 80 to 90 people in attendance.

There were 3 talks planned for the evening:

Note: presentations have been recorded (in french). They are still being processed, and once they are posted we will update this blog.

Photos: https://goo.gl/photos/1Usd96trfreFnWrZ8

Categories: Open Source

Selenium Conf India — Save The Date!

Selenium - Mon, 12/21/2015 - 18:28

In our last update we mentioned there will be 2 Selenium Confs in 2016 — one in India, another somewhere else (TBD).

Well, we are pleased to announce the official dates and location for Selenium Conf India!

When: June 24th & 25th, 2016

Where: Bangalore, India (at The Chancery Pavilion Hotel)

Mark you calendars! We’ll have more details as they become available (e.g., call for speakers, ticket sales, etc.). To get the latest updates, be sure to sign up for the Selenium Conf mailing list.


Categories: Open Source

December JAM World Tour: Toulouse, France

On December 15, the Toulouse JAM was co-hosted with the Toulouse JUG and Toulouse DevOps. Indeed it made sense since Jenkins is written in Java, makes use of Groovy code in many places (system groovy script, job dsl, workflow…), and it also made sense to co-organize with the local DevOps community since Jenkins is also a great tool to enable Continuous Integration, Continuous Delivery and automation in general. There were 103 RSVPs, with 80 to 90 people in attendance. There were 3 talks planned for the evening: Job DSL Intro [fr], by Ghislain Mahieux Video recording ...
Categories: Open Source

December JAM World Tour: Jenkins Developers and Users Meetup Group, SF

Thank you to Netflix for sponsoring the yummy burrito bar and offered up their brand new auditorium to host Jenkins Developers and Users Meetup group on Dec 16. We had 96 RSVPs which was impressive. Our speaker for the evening was Akshay Dayal, Software Engineer at Google. Akshay's session was about Scaling Jenkins - how and why Google decided to scale their existing Jenkins cluster (OSS) to meet their security/availability and failover requirements and how heavy automation played an important role in this effort.

The second talk was about how Google worked with Jenkins to read config data externally. Slides are listed below. The video will be posted HERE once it becomes available.

Scaling Jenkins slides can be found HERE

External Project slides can be found HERE.

Check out where Jenkins Area Meetups are located in the world. Don't see a JAM in your area? why not start your own. Here's HOW.

Categories: Open Source

December JAM World Tour: Lima, Peru

Although December is a short month due to the holidays, there has been a good amount of local Jenkins activities that took place regardless of holiday obligations. Today and tomorrow I will be doing a series of posts to summarize December JAM World Tour. Special thanks to the JAM organizers and co-organizers who made it all happen in these cities:

On December 9 Lima JAM hosted their first Jenkins meetup in Lima, Peru. There were attendance from various roles of DevOps: Dev, QA, and Ops. There was also a good mixture of different levels of Jenkins users, some were new and just starting to use Jenkins while others had extensive Jenkins experience.

The group has been invited by Docker and Ansible meetup organizers for a joint event in January to showcase technologies from Jenkins, Docker, and Ansible. Congrats to Lima JAM group.

Slides from the meetup can be found HERE. Additional shared resources used in the Lima JAM can be found HERE.

Check out where Jenkins Area Meetups are located in the world. Don't see a JAM in your area? why not start your own. Here's HOW.

Categories: Open Source

December JAM World Tour: St. Petersburg, Russia

The first Jenkins meetup in Saint Petersburg, Russia took place on December 9th. The event has been organized with the help from Yandex and CloudBees.

In total there were about 80 attendees at the meetup. In addition to meetup.com the event has been promoted by Yandex so we quickly reached capacity limit.

There were 3 talks conducted, speakers from Yandex, ZeroTurnaround and CloudBees. We discussed the current open-source project state, ongoing activities in the community, Jenkins-powered CD case studies from ZeroTurnaround and Jenkins plugin development approaches.

Intro slides:

"Who is Mr. Jenkins? Current State, common usage issues and trends in the community"

"Jenkins beyond CI. ZeroTurnaround's experience"

"When to write your own plugin and when not to"

Jenkins QA Session:

Check out where Jenkins Area Meetups (JAM) are located in the world. Don't see a JAM in your area? why not start your own. Here's HOW.

Categories: Open Source

Join us at the Jenkins 2.0 Contributor Summit!

As I mentioned in yesterday's post, we're planning a "Contributor Summit" on February 1st, after FOSDEM 2016 (January 30th/31st), to focus on Jenkins 2.0. Since many of us are already planning, the Monday following the event turned out to be the ideal time to discuss 2.0.

Note: If you're not already familiar with some of the key proposals that were put forth, you can review them in the Jenkins 2.0 proposals summery page.

We've hosted one or two Contributor Summits in the past, and they're usually a day-long event where we try to gather a number of Jenkins core/plugin developers and active/power users to have detailed discussions around the theme of the summit. For this "Jenkins 2.0 Contributor Summit" we do not have a complete agenda yet, but we will post that to the Meetup event once it is fully prepared in the next couple weeks.

Suffice it to say, we'll be discussing a lot!

Venue and RSVP

The Contributor Summit will be hosted in a CloudBees office at: Rue des Colonies, 11, Brussels, Belgium. If you're already planning on attending FOSDEM, the office is near Grand Place and Cafe Delerium (where the Friday beer event is hosted).

The venue is of limited size, so if you're planning to join us, please RSVP to the Meetup event as soon as you're certain you will be able to attend. If you find yourself unable to attend, please remove yourself from the list to ensure that we can fit as many active contributors into the office as possible!

Categories: Open Source

Join us at the Jenkins 2.0 Contributor Summit!

As I mentioned in yesterday's post, we're planning a "Contributor Summit" on February 1st, after FOSDEM 2016 (January 30th/31st), to focus on Jenkins 2.0. Since many of us are already planning, the Monday following the event turned out to be the ideal time to discuss 2.0. Note: If you're not already familiar with some of the key proposals that were put forth, you can review them in the Jenkins 2.0 proposals summery page. We've hosted one or two Contributor Summits in the past, and they're usually a day-long event where we try to gather a number of Jenkins core/plugin developers and active/power...
Categories: Open Source

December JAM World Tour: St. Petersburg, Russia

The first Jenkins meetup in Saint Petersburg, Russia took place on December 9th. The event has been organized with the help from Yandex and CloudBees. In total there were about 80 attendees at the meetup. In addition to meetup.com the event has been promoted by Yandex so we quickly reached capacity limit. There were 3 talks conducted, speakers from Yandex, ZeroTurnaround and CloudBees. We discussed the current open-source project state, ongoing activities in the community, Jenkins-powered CD case studies from ZeroTurnaround and Jenkins plugin development approaches. Intro slides [ru] Who is Mr. Jenkins? Current State, common usage issues and trends in the community [ru], by Oleg...
Categories: Open Source

December JAM World Tour: Lima, Peru

Although December is a short month due to the holidays, there has been a good amount of local Jenkins activities that took place regardless of holiday obligations. Today and tomorrow I will be doing a series of posts to summarize December JAM World Tour. Special thanks to the JAM organizers and co-organizers who made it all happen in these cities: Lima, Peru St.Petersburg, Russia Toulouse, France Bay Area, CA On December 9 Lima JAM hosted their first Jenkins meetup in Lima, Peru. There were attendance from various roles of DevOps: Dev, QA, and Ops. There was also a good mixture of different levels of...
Categories: Open Source