Design an Effective Build Stage for Continuous Integration

• PMD

  5 4,143 9.9 Java

  An extensible multilanguage static code analyzer.

  

  sem-version java 11 checkout wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.32.0/pmd-bin-6.32.0.zip unzip pmd-bin-6.32.0.zip ./pmd-bin-6.32.0/bin/run.sh pmd -d . -R rulesets/java/quickstart.xml -f text

• infer

  26 13,805 9.9 OCaml

  A static analyzer for Java, C, C++, and Objective-C

  

  checkout cache restore mvn clean curl -sSL "https://github.com/facebook/infer/releases/download/v1.0.0/infer-linux64-v1.0.0.tar.xz" | tar -xJ ./infer-linux64-v1.0.0/bin/infer run -- mvn package artifact push job --expire-in 1w infer-out ./infer-linux64-v1.0.0/bin/infer analyze --fail-on-issue

• InfluxDB

  www.influxdata.com

  sponsored

  Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  

• Checkstyle

  6 7,503 9.8 Java

  Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

  

  sem-version java 11 wget https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.41/checkstyle-8.41-all.jar java -jar checkstyle-8.41-all.jar -c /sun_checks.xml MyFile.java

• nvm

  104 64,430 8.2 Shell

  Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions

  

  If the project includes a .nvmrc config file, you can replace sem-version with nvm use:

• berry

  71 5,957 9.8 TypeScript

  📦🐈 Active development trunk for Yarn ⚒

  

  The CI machine includes yarn as well:

• warehouse

  115 3,135 9.4 Python

  The Python Package Index

  

  Python’s package format allows you to upload modules to the official PyPI index or distribute it on your website.

• JSHint

  10 8,843 4.0 JavaScript

  JSHint is a tool that helps to detect errors and potential problems in your JavaScript code

  

  As you can imagine, the language changed a lot over time, and not all its parts are good. Using a linter will help us stay away from the bad parts of JavaScript. In my experience, the ESlint and JSHint linters integrate very well into the CI environment. Any of these can be installed with npm install --save-dev.

• Sonar

  www.sonarsource.com

  sponsored

  Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  

• Gradle

  31 14,314 10.0 Groovy

  Adaptable, fast automation for all

  

  The leading popular build tools in Java are Apache Maven and Gradle, both are included in Semaphore’s machines. Let’s go with Maven; it handles dependencies and compiles the source with a single command: mvn compile. Use these commands in your CI job to build the application:

• find-sec-bugs

  1 2,028 5.4 Java

  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  

  Find Security Bugs uses a security database to detect almost 140 different vulnerability types in Java web applications.

• ESLint

  160 22,128 9.8 JavaScript

  Find and fix problems in your JavaScript code.

  

  As you can imagine, the language changed a lot over time, and not all its parts are good. Using a linter will help us stay away from the bad parts of JavaScript. In my experience, the ESlint and JSHint linters integrate very well into the CI environment. Any of these can be installed with npm install --save-dev.

Suggest a related project