Skip to content

SONARJAVA-6493 Implement rule S8913: REST Data with Panache resource interfaces should not have implementation classes#5708

Draft
romainbrenguier wants to merge 2 commits into
masterfrom
new-rule/SONARJAVA-6493-S8913
Draft

SONARJAVA-6493 Implement rule S8913: REST Data with Panache resource interfaces should not have implementation classes#5708
romainbrenguier wants to merge 2 commits into
masterfrom
new-rule/SONARJAVA-6493-S8913

Conversation

@romainbrenguier

Copy link
Copy Markdown
Contributor

Implements rule S8913: REST Data with Panache resource interfaces should not have implementation classes.

Summary

  • Adds RestDataPanacheResourceImplementationCheck that detects classes implementing Quarkus REST Data with Panache resource interfaces (PanacheEntityResource, PanacheRepositoryResource, PanacheMongoEntityResource, PanacheMongoRepositoryResource)
  • Reports an issue when such implementation classes are found, since Quarkus silently ignores them and generates the resource implementation automatically
  • Adds rule metadata (S8913.html, S8913.json) and registers the rule in the Sonar Way quality profile
  • Fixes Java release version in test source pom.xml files from 26 to 21

@hashicorp-vault-sonar-prod

hashicorp-vault-sonar-prod Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

SONARJAVA-6493

Comment thread sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S8913.html Outdated
Comment thread java-checks-test-sources/default/pom.xml Outdated
@romainbrenguier romainbrenguier force-pushed the new-rule/SONARJAVA-6493-S8913 branch 2 times, most recently from b3c1892 to 959f77f Compare June 30, 2026 12:51
@sonarqube-next

Copy link
Copy Markdown

Comment thread pr-description.md Outdated

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this file from commits

<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<release>26</release>
<release>21</release>

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<release>21</release>
<release>26</release>

<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<release>26</release>
<release>21</release>

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<release>21</release>
<release>26</release>

@romainbrenguier romainbrenguier force-pushed the new-rule/SONARJAVA-6493-S8913 branch from 93ec116 to 236650b Compare July 1, 2026 05:50
Detect when classes implement interfaces extending Quarkus REST Data with
Panache resource interfaces (PanacheEntityResource, PanacheRepositoryResource,
PanacheMongoEntityResource, PanacheMongoRepositoryResource). These implementations
are silently ignored by Quarkus's code generation mechanism, leading to wasted
development effort and confusion.
@romainbrenguier romainbrenguier force-pushed the new-rule/SONARJAVA-6493-S8913 branch from 236650b to b862a2d Compare July 1, 2026 06:37
@gitar-bot

gitar-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown
CI failed: The build failed due to compilation errors in test code regarding method signatures and test infrastructure failures in the autoscan module following the implementation of rule S8913.

Overview

Two distinct failures were identified in the CI: a compilation error in a Java test source file and a missing artifact failure in the autoscan integration tests. Both appear directly related to the changes introduced in this PR.

Failures

Compilation Failure in PeopleResourceImpl (confidence: high)

  • Type: build
  • Affected jobs: java-checks
  • Related to change: yes
  • Root cause: The test file RestDataPanacheResourceImplementationCheckSample.java contains a method get(java.lang.Long) that fails to override any existing method, leading to a compilation error.
  • Suggested fix: Correct the signature of the get method in PeopleResourceImpl to match the intended interface, or update the test sample to reflect valid Java syntax expected by the new rule.

Autoscan Test Infrastructure Failure (confidence: high)

  • Type: test
  • Affected jobs: autoscan-tests
  • Related to change: yes
  • Root cause: The job failed with exit code 3 because the expected diff directory was missing, likely because the new rule was not fully registered or processed by the autoscan test suite.
  • Suggested fix: Ensure rule S8913 is correctly integrated into the autoscan configuration so that test artifacts are generated correctly during the build process.

Summary

  • Change-related failures: 2 (Compilation error in test source and missing test artifacts in autoscan).
  • Infrastructure/flaky failures: 0
  • Recommended action: Resolve the Java compilation error in the test sample first, as this may be preventing subsequent test generation steps from completing. Verify that the new rule is correctly mapped in the autoscan test configuration.
Code Review ✅ Approved 3 resolved / 3 findings

Implements rule S8913 to flag prohibited implementation classes for REST Data with Panache resources. The PR resolves previous issues regarding malformed AsciiDoc, unused imports, and incorrect Java release versions.

✅ 3 resolved
Quality: Unrelated --enable-preview and excludes added to default pom.xml

📄 java-checks-test-sources/default/pom.xml:1056-1070
Beyond the documented <release>26</release>21 fix, the default test-sources pom.xml also gains <arg>--enable-preview</arg> and a large new <excludes> list. These changes are unrelated to the S8913 Quarkus rule and the new sample (RestDataPanacheResourceImplementationCheckSample.java) uses no preview features. Enabling --enable-preview is risky: javac requires the compiling JDK's major version to exactly match --release (21), so on any other JDK the test-sources build will fail; it also opts all sources in this module into preview semantics. Combined with the PR title noting only a 26→21 fix and the WIP commit message ("incomplete after 5 attempts"), this looks like leftover experimental configuration. Please confirm the --enable-preview flag and the exclude list are intentional, or revert them.

Quality: S8913.html is malformed: AsciiDoc inside a single

tag

📄 sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S8913.html:1-15
The new rule description S8913.html is not valid rule HTML. The entire content is wrapped in one <p> tag and uses AsciiDoc markup (=== Documentation, == Why is this an issue?, * bullets, -- lists) instead of HTML tags. Every other rule file in this directory (e.g. S100.html starts with <h2>Why is this an issue?</h2>) uses real HTML (<h2>, <ul>, <li>, <pre>, <code>). Consequences: the page will render as one unformatted blob in the SonarQube UI, the section order is wrong ("Documentation" and "What is the potential impact?" appear before "Why is this an issue?"), and the rule-description validation/integration tests that enforce the standard section structure will likely fail. Rewrite the file using the standard HTML structure: a leading <h2>Why is this an issue?</h2> section, then <h3>What is the potential impact?</h3>, code samples in <pre>, and a <h3>Resources</h3>/<ul> block for the documentation links.

Quality: Unused import TypeTree in new check

📄 java-checks/src/main/java/org/sonar/java/checks/RestDataPanacheResourceImplementationCheck.java:26
RestDataPanacheResourceImplementationCheck imports org.sonar.plugins.java.api.tree.TypeTree (line 26) but never uses it. This will be flagged by the project's own unused-import rule and may break the build under strict compiler settings. Remove the unused import.

Tip

Comment Gitar fix CI or enable auto-apply: gitar auto-apply:on

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact
gitar auto-apply:on         
gitar display:verbose         

Was this helpful? React with 👍 / 👎 | Gitar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant