“This article has participated in the good article call order activity, click to see: back end, big front end double track submission, 20,000 yuan prize pool for you to challenge!”

With the expansion of technical teams and the growth of developers, software development must become engineering, so the practice process of code specification management with static scanning combined with Gitlab branch management emerged.

Background and Issues

In a project with multiple people working together, code style specifications are inevitable due to code stability and code security (unsafe API use and logic writing), and in order to solve the problem of “code writing with style specifications on the developer’s own initiative, and lack of prompt, check and dot mechanism”, Static code scanning is an essential part of a collaborative software engineering project.

The problem for

  • Log must be printed using the unified packaging method. Do not use system.out.print \android.util.Log to prevent data leakage in logcat output information of release version.

    Error model

    class MainActivity : AppCompatActivity() { override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) // ...... Log.d("writelog", "start activity") // ...... }}Copy the code

  • Set ALLOW_ALL_HOSTNAME_VERIFIER attribute to avoid manin – man attack hijacking. The application uses the STRICT_HOSTNAME_VERIFIER attribute.

    Error model

    class MainActivity : AppCompatActivity() { override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) // ...... val schemeregistry = SchemeRegistry() val sslsocketfactory = SSLSocketFactory.getSocketFactory() // set STRICT_HOSTNAME_VERIFIER sslsocketfactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) // ...... }}Copy the code

  • For example, you must annotate files that inherit activities and fragments. An Activity must inherit from the base Activity class; Fragments must inherit team development specification issues such as the Fragment base class.

Selection of static code scanning tools

Since our team development has been fully kotlinization, Kotlin commonly used static code scanning schemes are Detekt and KtLint.

Here’s a comparison:

Since I don’t need to analyze potential performance and bug issues, and for lightweight purposes, I use the kTLint tool that Kotlin officially recommends.

Integration and use of KTLint

To integrate ktLint rules, we use Gradle to integrate ktLint rules in our project. See the ktLint home page.

Add the following configuration to build.gradle in the app directory under the project root directory

. configurations { ktlint } ... dependencies { ... Ktlint (" com. Pinterest: ktlint: 0.41.0 ") {attributes {attribute (Bundling BUNDLING_ATTRIBUTE, getObjects().named(Bundling, Bundling.EXTERNAL)) } } ... }... task ktlint(type: JavaExec, group: "verification") { description = "Check Kotlin code style." classpath = configurations.ktlint main = "com.pinterest.ktlint.Main" args "-a", "src/**/*.kt", "--reporter=html,output=${buildDir}/ktlint.html" } check.dependsOn ktlint task ktlintFormat(type: JavaExec, group: "formatting") { description = "Fix Kotlin code style deviations." classpath = configurations.ktlint main = "com.pinterest.ktlint.Main" args "-F", "src/**/*.kt" }Copy the code

Use method to run gradle task execution

  • Statically check code for compliance

    On Mac or Lunix, run:./ gradLew ktlint;

    Windows: gradLew ktlint;

    The code review task is performed and the ktlint.html report is generated in the./app/build/ folder.

  • Automatically modify the code to conform to the specification

    On Mac or Lunix, run:./gradlew ktlintFormat; Windows: gradlew ktlintFormat; The auto-modify code compliance task is performed.

conclusion

We’ve seen why static code scans are used and how to use KtLint to scan project code for Kotlin’s official code style specifications, and how to limit team compliance in practice. You can’t force team members to use Gradle to check code every time. That’s what we’re going to talk about next. If my article is helpful or inspiring to you, please give me a thumbs-up 👍🏻 and support me. If there is a mistake, welcome to the leaders to correct, but also welcome to discuss, thank you.