Analyse java 11 maven project

vainyksi · November 23, 2021, 5:32pm

Hello,
I am trying to setup Lift free for java/maven project on GitHub.
I noticed that lift analyzes source commit and destination commit for my pull-requests.
The project which I want to analyze is built on java 11, so I set the jdk11 = true,
and for the destination commit it looks like the setting is applied & tool errorprone_jdk11 is used

...
List of tools to try:
    errorprone_jdk8, errorprone_jdk11, luacheck, bill of materials, open source vulnerabilities, closure-compiler, clippy, securityscan, cobra, gosec, rubocop, staticcheck, golangci-lint, shellcheck, semgrep, hlint, findsecbugs, jshint, pyre, eslint, detekt, bandit, infer
9 applicable tools detected:
    errorprone_jdk11, bill of materials, open source vulnerabilities, cobra, gosec, shellcheck, semgrep, findsecbugs, infer
...

however, for the source commit it looks like the settings is not applied.
See log:

...
List of tools to try:
    errorprone_jdk8, errorprone_jdk11, luacheck, bill of materials, open source vulnerabilities, closure-compiler, clippy, securityscan, cobra, gosec, rubocop, staticcheck, golangci-lint, shellcheck, semgrep, hlint, findsecbugs, jshint, pyre, eslint, detekt, bandit, infer
9 applicable tools detected:
    errorprone_jdk8, bill of materials, open source vulnerabilities, cobra, gosec, shellcheck, semgrep, findsecbugs, infer
...

I suppose this causes the build fail and thus the tools requiring the build could not finish successfully

...
ErrorProne (JDK8)	./	Failure	
ErrorProne_JDK11	./	Failure	
Bill Of Materials	./	Success	
Cobra	./	Success	
FindSecBugs	./	Failure	
GoSec	./	Success	
Infer	./	Failure	
Open Source Vulnerabilities	./	Success	
Semgrep	./	Success	
Shellcheck	./	Success	
...

I tried to disable jdk8 tools by adding disableTools = [ "errorprone_jdk8" ] to .lift.toml file but that did not help neither.
Please, does anyone know how to configure Lift to build java 11 projects properly?
Do I need to set up something more to run all tools successfully?

This is my .lift.toml file:

build = "maven"
jdk11 = true
summaryComments = true

link to analysis results: 01FN6TNVJVMW0JQ3SAJ3M4DQC6

Thank you very much

tdubuisson · November 23, 2021, 6:18pm

Michal,

Thanks for reporting this. It appears the source (your feature branch) has a Lift configuration specifying the use of JDK11 and its analysis succeeds (as shown in the build log and the issues reported under the results tab). However, your destination branch (master) does not have a Lift configuration. The system defaults analysis of this branch to JDK8 and the build fails (along with subsequent analysis passes). Commit a .lift/config.tol to master to fix the issue.

We see the underlying problem isnt’ at all clear and are trying to figure out the best way to expose this information or select a better default. Thank you for surfacing it.

-Tom

vainyksi · November 24, 2021, 9:07am

Tom, thank you so much for help.
I did not realize that lift config could be taken from both commits separately.
Adding lift config to target branch solved the problem and (almost) all tools finished successfully, thank you.

Now it looks like only one issue remains. ErrorProne_JDK11 failed & exited with code 4

Running Error Prone
Capture:
Failed when invoking process
Error Prone complete in 6.019821479s
ErrorProne_JDK11 tool error: Capture:
Execution Failed: Script "javac -J-classpath .............. exited with code 4.

I am going to explore the cause.
Do you have any idea what the problem might be?
report: 01FN8G83C757KJNN0T8QAC4JY3

TIA
Michal