Source Code Quality Checks using PMD Plugin

These automated source code quality checks and verifies still cannot ensure that the application itself is designed correctly. However, it can help some of the lesser experienced programmers adhere to standards expected of them.

Create Simple Maven Project

The Apache Maven PMD plugin automatically runs the PMD code analysis tool on the source code and generates a site report with results. In a typical configuration, the build fails if PMD detects quality issues in the source. This plugin introduces four goals:
  • pmd:pmd creates a PMD site report based on the rulesets and configuration set in
  • the plugin
  • pmd:cpd generates a report for PMD's Copy/Paste Detector (CPD) tool
  • pmd:check verifies that the PMD report is empty and fails the build if it is not
  • pmd:cpd-check verifies that the CPD report is empty and fails the build if it is not
How to do it The following steps need to be taken to integrate source code quality checks into your Apache Maven project's build cycle.
Let's start a new Maven project, use the Maven Archetype plugin from the command line.
You will need somewhere for your project to reside, create a directory somewhere and start a shell in that directory. On your command line, execute the following Maven goal:
mvn archetype:generate -DgroupId=com.companyname.projectname  -DartifactId=simple-maven-project  -Dpackage=com.companyname.projectname  -Dversion=1.0-SNAPSHOT
Note that whole command should be single line. After build success, we will see below output in command line console.
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:23 min
[INFO] Finished at: 2018-06-20T10:50:40+05:30
[INFO] ------------------------------------------------------------------------
You will notice that the generate goal created a directory with the same name given as the artifactId. Change into that directory.
cd simple-maven-project

Maven Standard Directory Layout

Once we’ve generated a project, take a look at the directory structure Maven created under the simple directory:
|-- pom.xml
`-- src
    |-- main
    |   `-- java
    |       `-- com
    |           `-- mycompany
    |               `-- app
    |                   `--
    `-- test
        `-- java
            `-- com
                `-- mycompany
                    `-- app
This generated directory adheres to the Maven Standard Directory Layout.

Configure Apache Maven PMD plugin

Launch the project's POM file in a text editor for editing. The PMD plugin needs to be integrated into your project. It can be added to the project POM file under the reporting element:
This can be used to run the PMD checks with default rulesets and configuration. Here's an optional step: if you wish to use a custom set of rules and configuration for code-quality checks, it can be done by adding a configuration block to the plugin declaration. Have a look at the following code:
To execute these PMD checks, start the command line, navigate to the project POM folder, and execute the pmd goal in the pmd plugin, as shown as follows:
mvn pmd:pmd
The PMD checks can be integrated with Maven's default build lifecycle, as shown in the following code:

How it works

PMD is an open source tool that scans Java code and generates code quality reports. The reports are generated based on identification of potential bugs, dead code, non-optimized code, duplicate code, and so on.
The following diagram visualizes the build cycle with a quality check integrated with the repository:
Embedding the Apache Maven PMD plugin eliminates the need to otherwise install or configure PMD as a third-party application.
As we just saw, there are two ways to invoke PMD's code quality checks. You could either do it manually or automatically. In the first case, the individual developer would be responsible for executing code quality check each time a change is made. This approach needlessly adds another task for the already busy programmer. It makes more sense to follow the second approach for full automation.
Source code quality checks are most beneficial when they are fully integrated with your build automation and continuous integration processes. Whenever a build is run on the developer's machine, Apache Maven automatically executes the PMD plugin. And when the code is committed into the SCM, the SCM triggers an Apache Maven build that would execute the PMD plugin automatically. If the new code fails to meet the code quality standards, the build should fail and the team must be automatically notified.