I thought it was so sweet that someone had thought of this very specific possible mistake and warned me about it to save me a little bit of time and trouble.
(Maybe not this exact one since it was in JS not Java I believe, but the same idea)
> The influx of AI-generated code, an ever-evolving threat landscape, and the push for shorter release cycles can jeopardize code quality. All of these factors dictate the need for continuous and accurate code analysis to help development teams spot and fix code issues early on so they can consistently deliver readable, maintainable and secure code.
You know, I read stuff like this and I wonder if anybody has thought maybe those things jeopardizing code quality should be discouraged as opposed to adding yet-another-tool.
Sadly, it's like outsourcing. People only learn once it comes back to bite them. It'll typically be in the form of a major security breach or the codebase becoming so painful to work in that it affects the business.
I mean, this isn't adding yet-another-tool. These inspections have existed for years inside of JetBrains IDEs. I feel like this is just an "encyclopedia of inspections." I don't see any other uses for it. They are just providing everything they are testing in the various tools they offer.
I think some free-for-open-source-projects licence or so would make sense here. Or maybe make this completely free? It's good advertisement for their IDEs.
This script generates exactly the same warnings as the IDE does.
It downloads some PyCharm Community version and installs it.
It uses the bin/inspect.sh tool which is provided by the IDE.
The IDE bin/inspect.sh needs an existing PyCharm project (all the XML files etc), so this script creates the project files automatically.
This also needs the Python stubs, so this script can create those as well, in the same way the IDE would create them, or alternatively it can download them (I created them in advance for some PyCharm versions).
But then, bin/inspect.sh does not generate all the warnings you see in the IDE. The IDE additionally runs pycodestyle, and so I do the same in the script.
So, as you see, it took a bit of effort to get to all that within the CI, but now it works and I get the same warnings as in the IDE.
PyCharm has saved me from so many stupid mistakes that would easily waste 15 minutes if I hadn't noticed them. I don't know how you could write high level code without an IDE.
I wonder what type of errors that are? My last experience with PyCharm was on an older 2014 ThinkPad on which it lagged too much, so I abandoned it. Could probably run it much better with my current laptop...
I just use VSCode for most things, or nvim if I want to edit something very specific that doesn't require much navigation between files. I'm not a huge fan of my editor annoying me with stuff all the time, but I'm wondering if I'm missing out.
Much easier to interpolate the hardcoded token rather than a string...despite the string being a final string and not some concatenation or dynamic value
Intellij has some nice static analysis for Java.[1] But I want it in my face. Because we had a bug where we used `==` on a boxed primitive. And the inspection didn’t help because it was just sitting there with some faint yellow background or whatever it is if you happened to visit that file. And the light-bulb action thing is effectively active on any line since you get the option of “invert conditional” or “use block in lambda” and useless things like that.
Well I’ll just hedge and say that it wasn’t obvious to the three of us how to get an in-your-face warning.
[1] EDIT: I realize now that my brain for some reason thought that “in your face” would immediately translate to everybody else as “fail the build”. What a drunken (but not drunk though) mistake.
If I remember correctly, there is an extensive „Inspection“ settings page where you can enable / disable / set the levels (hoe much in-your/face) of exactly such checks.
You shouldn't rely on a human reading an in-their-face warning. If you consider a particular static analysis check to be vital, run it in CI and make the PR introducing it red. Everything else is just an upcoming post mortem with "we should have noticed this" waiting to happen to you.
You can change how inspection errors are shown under the Color Scheme settings. You can make it bold, striked out text with a bright red background if you want. I seem to remember at some point you could also make it blink, though I can't find that anymore (probably for the best).
[+] [-] __jonas|2 years ago|reply
https://www.jetbrains.com/help/inspectopedia/SuspiciousNameC...
I thought it was so sweet that someone had thought of this very specific possible mistake and warned me about it to save me a little bit of time and trouble.
(Maybe not this exact one since it was in JS not Java I believe, but the same idea)
[+] [-] joshstrange|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] rglover|2 years ago|reply
You know, I read stuff like this and I wonder if anybody has thought maybe those things jeopardizing code quality should be discouraged as opposed to adding yet-another-tool.
[+] [-] alfalfasprout|2 years ago|reply
[+] [-] manbash|2 years ago|reply
It's not like people are perfect code developers.
[+] [-] jasonlotito|2 years ago|reply
[+] [-] sb8244|2 years ago|reply
It can be discouraged, but people will still use it, so helping is still good.
Plus it helps non AI use cases at same time
[+] [-] albertzeyer|2 years ago|reply
Note, I basically have scripted the same functionality as Qodana for our CI, but using the already existing capabilities of the IDE: https://github.com/rwth-i6/returnn/blob/master/tests/pycharm...
This script generates exactly the same warnings as the IDE does.
It downloads some PyCharm Community version and installs it.
It uses the bin/inspect.sh tool which is provided by the IDE.
The IDE bin/inspect.sh needs an existing PyCharm project (all the XML files etc), so this script creates the project files automatically.
This also needs the Python stubs, so this script can create those as well, in the same way the IDE would create them, or alternatively it can download them (I created them in advance for some PyCharm versions).
But then, bin/inspect.sh does not generate all the warnings you see in the IDE. The IDE additionally runs pycodestyle, and so I do the same in the script.
So, as you see, it took a bit of effort to get to all that within the CI, but now it works and I get the same warnings as in the IDE.
[+] [-] ellisv|2 years ago|reply
https://www.jetbrains.com/help/qodana/pricing.html#license-c...
[+] [-] khaki54|2 years ago|reply
[+] [-] dflock|2 years ago|reply
[+] [-] RockRobotRock|2 years ago|reply
[+] [-] zer00eyz|2 years ago|reply
Neovim will let you configure your env to provide 90 percent of what an ide will do.
The 10 percent isnt "missing" its just going to be very different...
See how the other half lives and you might find some features you like and bring back home. You might find yourself running vim in pycharm ;)
[+] [-] sva_|2 years ago|reply
I just use VSCode for most things, or nvim if I want to edit something very specific that doesn't require much navigation between files. I'm not a huge fan of my editor annoying me with stuff all the time, but I'm wondering if I'm missing out.
[+] [-] galaxyLogic|2 years ago|reply
[+] [-] GenerocUsername|2 years ago|reply
Much easier to interpolate the hardcoded token rather than a string...despite the string being a final string and not some concatenation or dynamic value
[+] [-] bugbuddy|2 years ago|reply
[+] [-] mdaniel|2 years ago|reply
[+] [-] armchairhacker|2 years ago|reply
(EDIT: should have RTFA)
[+] [-] Denvercoder9|2 years ago|reply
I haven't used it, but thIs seems to be what their Qodana product is for: https://www.jetbrains.com/qodana/
[+] [-] lpapez|2 years ago|reply
Which is literally what the post is about...
[+] [-] s900mhz|2 years ago|reply
https://www.jetbrains.com/qodana/
Edited: Oops, should have refreshed. Someone beat me to it
[+] [-] RockRobotRock|2 years ago|reply
[+] [-] MichaelMug|2 years ago|reply
[+] [-] plutokras|2 years ago|reply
[+] [-] wslh|2 years ago|reply
[+] [-] jasonlotito|2 years ago|reply
https://www.jetbrains.com/rust/
[+] [-] keybored|2 years ago|reply
Well I’ll just hedge and say that it wasn’t obvious to the three of us how to get an in-your-face warning.
[1] EDIT: I realize now that my brain for some reason thought that “in your face” would immediately translate to everybody else as “fail the build”. What a drunken (but not drunk though) mistake.
[+] [-] red0point|2 years ago|reply
Maybe this would suit you?
https://www.jetbrains.com/help/idea/code-inspection.html#acc...
[+] [-] jupp0r|2 years ago|reply
[+] [-] Denvercoder9|2 years ago|reply
[+] [-] phyzome|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] wombatrose|2 years ago|reply
[deleted]
[+] [-] KerryBeetge|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]