Move SpotBugs Analysis to Module References

[alzimmermsft]

Fixes #6660

Moves SpotBugs reporting to use module references instead of package or source code references. Update PR validation to work at the pom.service.xml level instead of pom.client.xml.

[alzimmermsft]

/azp run java - appconfig - ci

[azure-pipelines]

Pull request contains merge conflicts.

[alzimmermsft]

/azp run java - core - ci

[azure-pipelines]

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

[mitchdenny]

/azp run java - core

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[mitchdenny]

This is good stuff, I think the more we can scope what we are running things against the better!

[alzimmermsft]

Verified that running the aggregate commands on pom.client.xml continue to function as they did before these changes.

[alzimmermsft]

@mitchdenny @JimSuplizio @JonathanGiles @srnagar Could I get a review on the direction and changes made in this PR to validate that they are safe and move us in the direction we want to go with regards to our POM structuring and build.

If need be I will spin off a PR which changes what maven logs during build (removes logging of maven downloading files and Javadoc parsing files) so that we can allow more verbose logging during our PR validation.

[mitchdenny]

This looks like it is heading in the right direction. If we can make these processes run off the aggregates then I think we are winning and it should also reduce our build times. What is the purpose of spotbugs-aggregate-report/pom.xml moving forward?

[alzimmermsft]

This looks like it is heading in the right direction. If we can make these processes run off the aggregates then I think we are winning and it should also reduce our build times. What is the purpose of spotbugs-aggregate-report/pom.xml moving forward?

Moving forward spotbugs-aggregate-report would be removed for client SDKs, I'm leaving it around as I am uncertain on how the data SDKs leverage it. All that this POM file did was run install and given that the POM itself didn't have any additional build steps added it just ran all install steps of its parent pom.client.xml.

[alzimmermsft]

Current issue still needing to be addressed is that previously the verification of READMEs using the embedme tool used a regex search which ran from the root sdk directory in search of README.md files. This now fails when a module being built and validated doesn't have a README.md file, this is different than previous behavior. This could either be resolved by failing build due to a missing README or having a guard to prevent the check when the README doesn't exist.

@srnagar @hemanttanwar @JimSuplizio Thoughts on the fix for this issue? I am leaning towards failing the build due to a README being missed.

[srnagar]

I would suggest making README mandatory for every module. It's a good practice to have even if the module is for internal use only - the README can just document that it's internal. So, yes, failing the build when README is missing is my recommendation.

[alzimmermsft]

@srnagar @JonathanGiles @mitchdenny Could I get a review?

[JonathanGiles]

For other's reference, quiet "Shuts off non-error and non-warning messages, leaving only the warnings and errors appear, making them easier to view."

[JonathanGiles]

This looks fine to me, as long as aggregate reports are still able to be generated and the wiki is updated to represent that correct way to do these.