Skip to content

fix(build): restore SpotBugs quality gate on main (RAN-26)#68

Merged
aksOps merged 1 commit into
mainfrom
fix/ran-26-spotbugs-gate
Apr 25, 2026
Merged

fix(build): restore SpotBugs quality gate on main (RAN-26)#68
aksOps merged 1 commit into
mainfrom
fix/ran-26-spotbugs-gate

Conversation

@aksOps

@aksOps aksOps commented Apr 24, 2026

Copy link
Copy Markdown
Contributor

Summary

Restores the SpotBugs quality gate on mainmvn spotbugs:check was failing with 13 Medium findings on cab71a4 before this change. All 13 findings are fixed in-place; no suppressions added.

Closes RAN-26.

Findings fixed

Finding Type Fix
CodeIqApplication isIndex, isEnrich locals DLS_DEAD_LOCAL_STORE x2 Removed (only isServe is read).
Analyzer dead stores around inventory DLS_DEAD_LOCAL_STORE x2 Dropped unused buildFileInventory() + FileEntry/FileInventory/FileClassification imports.
EnrichCommand:154 dead local DLS_DEAD_LOCAL_STORE Removed dead flushed + recoveredEdges locals; replaced the inline comment with a WHY-comment explaining the flush + flushDeferred side effects still matter.
EnrichCommand:425 over-broad catch REC_CATCH_EXCEPTION Narrowed to catch (IOException | RuntimeException e).
FileDiscovery:167 swallowed IOException DE/SF (swallow) Now logs the skipped path + cause at debug before returning.
AnalysisCache constructor-escape CT_CONSTRUCTOR_THROW x2 Marked class final so the partially-constructed-instance escape path is no longer reachable.
ReactComponentDetector:113 allDetected/hookNames UC_USELESS_OBJECT Removed; nothing reads the set.
GoStructuresDetector methodPositions UC_USELESS_OBJECT Removed; nothing reads the set.
TopologyService edgeKinds map in blastRadius UC_USELESS_OBJECT Removed; nothing reads the map.

No behavioural changes: every removal is of values/objects that were written but never read, and the catch narrowing only widens what propagates.

Diff stats

 8 files changed, 17 insertions(+), 38 deletions(-)

Test plan

  • mvn spotbugs:check passes on this branch (BugInstance size is 0, BUILD SUCCESS)
  • mvn test — not run locally; pre-existing infra issue tracked as RAN-27 blocks the frontend compile phase (TS 6.x baseUrl deprecation). RAN-27 is in_review and unrelated to this change.
  • CI green after merge
  • Follow-up RAN-24 (spotbugs:check + dependency-check bound to mvn verify) becomes actionable once this lands.

Scope note

Original local-fix work was authored by BackendEngineer (Paperclip agent b94a8dd0) mixed into fix/ran-9-max-file-bytes-cap alongside RAN-9/10/12 WIP. This PR carves out the 8 RAN-26 files onto a clean branch off main so the quality-gate restoration lands as a single, reversible, independently-reviewable change. Co-credited in the commit trailer.

🤖 Generated with Claude Code via Paperclip

@aksOps @Paperclip-Paperclip
fix(build): restore SpotBugs quality gate on main (RAN-26)
6217521 
Clears the 13 Medium SpotBugs findings that were failing the gate on main:

- DLS_DEAD_LOCAL_STORE x6 — drop unused `isIndex`/`isEnrich` locals
  in CodeIqApplication; drop dead `fileInventory`/`recoveredEdges`
  locals and the unused `buildFileInventory()` helper (plus its now
  orphaned `FileEntry`/`FileInventory`/`FileClassification` imports)
  in Analyzer; drop dead `flushed`/`recoveredEdges` locals in
  EnrichCommand (replace with a comment documenting why the flush
  + flushDeferred side effects must still run).
- REC_CATCH_EXCEPTION — narrow EnrichCommand top-level catch to
  `IOException | RuntimeException` so unexpected checked types
  surface instead of being silently caught.
- DE/SF (swallow) — FileDiscovery.addGitDiscoveredFile now logs the
  skipped path and IOException cause at debug before returning.
- CT_CONSTRUCTOR_THROW x2 — mark AnalysisCache final so the
  partially-constructed-instance escape path is no longer reachable.
- UC_USELESS_OBJECT x3 — remove the unread `allDetected`/`hookNames`
  set in ReactComponentDetector, the unread `methodPositions` set
  in GoStructuresDetector, and the unread `edgeKinds` map in
  TopologyService#blastRadius.

No behavioural changes; all removals are of values/objects that were
written but never read, and the catch change only widens what
propagates. `mvn spotbugs:check` passes with `BugInstance size = 0`.

Co-authored-by: BackendEngineer (Paperclip agent b94a8dd0)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
@sonarqubecloud

sonarqubecloud Bot commented Apr 24, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@aksOps aksOps merged commit 0e93226 into main Apr 25, 2026
7 of 8 checks passed
@aksOps aksOps deleted the fix/ran-26-spotbugs-gate branch April 25, 2026 13:19
@aksOps aksOps mentioned this pull request Apr 25, 2026
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aksOps