[HN Gopher] Inspectopedia: Analyze code against inspections in y...
___________________________________________________________________
Inspectopedia: Analyze code against inspections in your IDE or CI
pipeline
Author : KerryBeetge
Score : 81 points
Date : 2024-04-02 08:09 UTC (3 days ago)
(HTM) web link (www.jetbrains.com)
(TXT) w3m dump (www.jetbrains.com)
| bugbuddy wrote:
| This is super cool of them. It makes me feel like renewing my
| license.
| armchairhacker wrote:
| JetBrains inspections are great, but I wish there was a way to
| run them programmatically so they could be checked in CI.
|
| (EDIT: should have RTFA)
| RockRobotRock wrote:
| Do they integrate existing linters in their IDE or have their
| own secret sauce? Probably a bit of both.
| varikin wrote:
| All the Jetbrains IDEs have their own custom linter. It's
| pretty good, but my complaint has always been the inability
| to use it in CI/CD and to generate reports. The way I read
| this, they pulled their custom linter out of the IDEs and
| made it a standalone tool that can be added to CI/CD, which
| is great.
| lpapez wrote:
| > JetBrains inspections are great, but I wish there was a way
| to run them programmatically so they could be checked in CI.
|
| Which is literally what the post is about...
| Denvercoder9 wrote:
| > I wish there was a way to run them programmatically so they
| could be checked in CI.
|
| I haven't used it, but thIs seems to be what their Qodana
| product is for: https://www.jetbrains.com/qodana/
| s900mhz wrote:
| I THINK that's exactly what this product is?
|
| https://www.jetbrains.com/qodana/
|
| Edited: Oops, should have refreshed. Someone beat me to it
| RockRobotRock wrote:
| PyCharm has saved me from so many stupid mistakes that would
| easily waste 15 minutes if I hadn't noticed them. I don't know
| how you could write high level code without an IDE.
| zer00eyz wrote:
| I use jet brains products, and I spend a fair bit of time in
| all sorts of flavors and setups in vim.
|
| Neovim will let you configure your env to provide 90 percent of
| what an ide will do.
|
| The 10 percent isnt "missing" its just going to be very
| different...
|
| See how the other half lives and you might find some features
| you like and bring back home. You might find yourself running
| vim in pycharm ;)
| jiggawatts wrote:
| You really can't even begin to approach what the IntelliJ
| tools can do with a mere text editor. You'll also spend more
| time tinkering with your Vim plugins than actually coding.
| xcv123 wrote:
| Yep. With IntelliJ you just install the ideavim editor
| plugin with default settings then get to work.
|
| https://github.com/JetBrains/ideavim
|
| Or you can waste months pissing around with Vim plugins to
| create a poor mans IDE out of sticks and stones like a
| caveman.
| jeroenhd wrote:
| Neovim can be configured to practically become an IDE,
| complete with code analysis, refactoring tools, and AI
| assistants.
|
| It'll also become as slow as an IDE, though. I think it's
| the Arch Linux (or maybe the Gentoo) of IDEs, where you
| have to know and configure every subcomponent of your IDE
| yourself.
|
| I have tweaked my Neovim for small code snippets where a
| full IDE is overkill, but I can't be bothered to turn it
| into a full IDE like some others do.
| pvorb wrote:
| And that's the USP of JetBrains IDEs. You don't have to
| spend days to configure your editor/IDE until it works
| for you. Just pick the right flavor for your favorite
| language and start working on your actual code.
| sva_ wrote:
| I wonder what type of errors that are? My last experience with
| PyCharm was on an older 2014 ThinkPad on which it lagged too
| much, so I abandoned it. Could probably run it much better with
| my current laptop...
|
| I just use VSCode for most things, or nvim if I want to edit
| something very specific that doesn't require much navigation
| between files. I'm not a huge fan of my editor annoying me with
| stuff all the time, but I'm wondering if I'm missing out.
| xcv123 wrote:
| > I wonder what type of errors that are?
|
| The type of errors are type checking errors.
| albertzeyer wrote:
| I think some free-for-open-source-projects licence or so would
| make sense here. Or maybe make this completely free? It's good
| advertisement for their IDEs.
|
| Note, I basically have scripted the same functionality as Qodana
| for our CI, but using the already existing capabilities of the
| IDE:
| https://github.com/rwth-i6/returnn/blob/master/tests/pycharm...
|
| This script generates exactly the same warnings as the IDE does.
|
| It downloads some PyCharm Community version and installs it.
|
| It uses the bin/inspect.sh tool which is provided by the IDE.
|
| The IDE bin/inspect.sh needs an existing PyCharm project (all the
| XML files etc), so this script creates the project files
| automatically.
|
| This also needs the Python stubs, so this script can create those
| as well, in the same way the IDE would create them, or
| alternatively it can download them (I created them in advance for
| some PyCharm versions).
|
| But then, bin/inspect.sh does not generate all the warnings you
| see in the IDE. The IDE additionally runs pycodestyle, and so I
| do the same in the script.
|
| So, as you see, it took a bit of effort to get to all that within
| the CI, but now it works and I get the same warnings as in the
| IDE.
| ellisv wrote:
| There is a community license, which includes a subset of their
| supported languages.
|
| https://www.jetbrains.com/help/qodana/pricing.html#license-c...
| lol768 wrote:
| Must admit this seems like a very odd way of doing it, to me.
| Normally JetBrains are pretty decent at supporting OSS
| endeavours.
|
| At present, OSS Java libraries can use Qodana Community, but
| OSS .NET libraries can't.
| Denvercoder9 wrote:
| Qodana Community for .NET is currently in Early Access:
| https://www.jetbrains.com/help/qodana/qodana-dotnet-
| communit...
| suumcuique wrote:
| If you are running an OSS project you can request a free
| license for their premium tools:
| https://www.jetbrains.com/community/opensource/#support
| dflock wrote:
| How long does that CI job take to run, roughly?
| albertzeyer wrote:
| It's a quite big project (maybe 100k-200k lines, not sure),
| takes about 10 minutes or less on the GitHub Action node I
| get, which is not so fast.
|
| It's completely from scratch through the whole project, every
| time. Maybe I could do it more cleverly and cache the last
| state somehow and only check changes files or so. But I
| wanted to keep that logic simple.
| khaki54 wrote:
| They already have a free for OSS you can get which gives you
| everything as far as I know.
| https://www.jetbrains.com/community/opensource/#support
| keybored wrote:
| Intellij has some nice static analysis for Java.[1] But I want it
| in my face. Because we had a bug where we used `==` on a boxed
| primitive. And the inspection didn't help because it was just
| sitting there with some faint yellow background or whatever it is
| if you happened to visit that file. And the light-bulb action
| thing is effectively active on any line since you get the option
| of "invert conditional" or "use block in lambda" and useless
| things like that.
|
| Well I'll just hedge and say that it wasn't obvious to the three
| of us how to get an in-your-face warning.
|
| [1] EDIT: I realize now that my brain for some reason thought
| that "in your face" would immediately translate to everybody else
| as "fail the build". What a drunken (but not drunk though)
| mistake.
| red0point wrote:
| If I remember correctly, there is an extensive ,,Inspection"
| settings page where you can enable / disable / set the levels
| (hoe much in-your/face) of exactly such checks.
|
| Maybe this would suit you?
|
| https://www.jetbrains.com/help/idea/code-inspection.html#acc...
| jupp0r wrote:
| You shouldn't rely on a human reading an in-their-face warning.
| If you consider a particular static analysis check to be vital,
| run it in CI and make the PR introducing it red. Everything
| else is just an upcoming post mortem with "we should have
| noticed this" waiting to happen to you.
| keybored wrote:
| > You shouldn't rely on a human reading an in-their-face
| warning. If you consider a particular static analysis check
| to be vital, run it in CI and make the PR introducing it red.
|
| That's what I meant (edited now). I want compilation to fail.
| Or whatever "CI" is.
|
| We didn't find a way to promote inspections to some kind of
| static analysis run.
| Denvercoder9 wrote:
| You can change how inspection errors are shown under the Color
| Scheme settings. You can make it bold, striked out text with a
| bright red background if you want. I seem to remember at some
| point you could also make it blink, though I can't find that
| anymore (probably for the best).
| phyzome wrote:
| Generally you'll want to have some kind of linter in your build
| tool.
| __jonas wrote:
| When I was using IDEA a lot I've had this one come up a couple of
| times and I've really appreciated it every time:
|
| https://www.jetbrains.com/help/inspectopedia/SuspiciousNameC...
|
| I thought it was so sweet that someone had thought of this very
| specific possible mistake and warned me about it to save me a
| little bit of time and trouble.
|
| (Maybe not this exact one since it was in JS not Java I believe,
| but the same idea)
| MichaelMug wrote:
| Does this do the same thing as SonarQube?
| galaxyLogic wrote:
| In WebStorm if I write: let see =
| someOb.comments;
|
| it tells me I have the error : "Unresolved
| Variable 'comments' ".
|
| But the error goes away if I rewrite it as: let
| see = someOb ['comments'];
|
| Why is that?
| GenerocUsername wrote:
| AST and Static Code analysis.
|
| Much easier to interpolate the hardcoded token rather than a
| string...despite the string being a final string and not some
| concatenation or dynamic value
| wslh wrote:
| No Rust.
| jasonlotito wrote:
| Probably because RustRover is still in preview.
|
| https://www.jetbrains.com/rust/
| rglover wrote:
| > The influx of AI-generated code, an ever-evolving threat
| landscape, and the push for shorter release cycles can jeopardize
| code quality. All of these factors dictate the need for
| continuous and accurate code analysis to help development teams
| spot and fix code issues early on so they can consistently
| deliver readable, maintainable and secure code.
|
| You know, I read stuff like this and I wonder if anybody has
| thought maybe those things jeopardizing code quality should be
| discouraged as opposed to adding yet-another-tool.
| alfalfasprout wrote:
| Sadly, it's like outsourcing. People only learn once it comes
| back to bite them. It'll typically be in the form of a major
| security breach or the codebase becoming so painful to work in
| that it affects the business.
| sb8244 wrote:
| I mean, once the cat is out of the bag you have to care for it.
|
| It can be discouraged, but people will still use it, so helping
| is still good.
|
| Plus it helps non AI use cases at same time
| jasonlotito wrote:
| I mean, this isn't adding yet-another-tool. These inspections
| have existed for years inside of JetBrains IDEs. I feel like
| this is just an "encyclopedia of inspections." I don't see any
| other uses for it. They are just providing everything they are
| testing in the various tools they offer.
___________________________________________________________________
(page generated 2024-04-05 23:00 UTC)