Add SpotBugs static analysis target, workflow, and fix reported issues

.github/workflows/android_gradle.yml

@@ -66,29 +66,29 @@ jobs:
           path: |
             ~/.android/avd/*
             ~/.android/adb*
-          key: avd-30-x86_64-atd-v1
+          key: avd-30-x86_64-google_apis-v1
 
       # Create AVD and generate snapshot for caching
       - name: Create AVD and generate snapshot
         if: steps.avd-cache.outputs.cache-hit != 'true'
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@v2.37.0
         with:
           api-level: 30
           arch: x86_64
-          target: aosp_atd
+          target: google_apis
           force-avd-creation: false
           emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           disable-animations: true
           script: echo "Generated AVD snapshot for caching"
 
       # Run instrumented tests on Android emulator
       - name: Run Android Instrumented Tests
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@v2.37.0
         timeout-minutes: 15
         with:
           api-level: 30
           arch: x86_64
-          target: aosp_atd
+          target: google_apis
           force-avd-creation: false
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           disable-animations: true

.github/workflows/spotbugs.yml

@@ -0,0 +1,105 @@
+name: SpotBugs Static Analysis
+
+on:
+  pull_request:
+    branches: [ '*' ]
+    paths:
+      - '**/*.java'
+      - 'build.xml'
+      - 'spotbugs-exclude.xml'
+
+jobs:
+  spotbugs:
+    runs-on: ubuntu-latest
+    name: Run SpotBugs
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Java 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Set up Ant
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ant
+
+      - name: Download JUnit
+        run: |
+          mkdir -p /tmp/junit
+          wget -q -P /tmp/junit \
+            "https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar"
+          EXPECTED_SHA="8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3"
+          echo "${EXPECTED_SHA}  /tmp/junit/junit-4.13.2.jar" | sha256sum -c -
+          echo "JUNIT_HOME=/tmp/junit" >> $GITHUB_ENV
+
+      - name: Download and set up SpotBugs
+        run: |
+          SPOTBUGS_VERSION="4.9.3"
+          wget -q "https://github.com/spotbugs/spotbugs/releases/download/${SPOTBUGS_VERSION}/spotbugs-${SPOTBUGS_VERSION}.tgz"
+          EXPECTED_SHA="d464d56050cf1dbda032e9482e1188f7cd7b7646eaff79c2e6cbe4d6822f4d9f"
+          echo "${EXPECTED_SHA}  spotbugs-${SPOTBUGS_VERSION}.tgz" | sha256sum -c -
+          tar xzf "spotbugs-${SPOTBUGS_VERSION}.tgz"
+          echo "SPOTBUGS_HOME=${GITHUB_WORKSPACE}/spotbugs-${SPOTBUGS_VERSION}" >> $GITHUB_ENV
+
+      - name: Run SpotBugs
+        run: |
+          ant spotbugs
+
+      - name: Check for SpotBugs warnings
+        if: always()
+        run: |
+          REPORT_XML="build/reports/spotbugs.xml"
+          if [ ! -f "$REPORT_XML" ]; then
+            echo "SpotBugs XML report not found"
+            exit 1
+          fi
+
+          # Extract warning count from XML report
+          COUNT=$(python3 -c "
+          import xml.etree.ElementTree as ET
+          tree = ET.parse('$REPORT_XML')
+          root = tree.getroot()
+          bugs = root.findall('.//BugInstance')
+          print(len(bugs))
+          ")
+
+          if [ "$COUNT" -eq 0 ]; then
+            echo "=================================="
+            echo "SpotBugs: 0 warnings found"
+            echo "=================================="
+            exit 0
+          fi
+
+          echo "=================================="
+          echo "SpotBugs: $COUNT warning(s) found"
+          echo "=================================="
+          echo ""
+
+          # Print each warning from XML
+          python3 -c "
+          import xml.etree.ElementTree as ET
+          tree = ET.parse('$REPORT_XML')
+          root = tree.getroot()
+          for bug in root.findall('.//BugInstance'):
+              bug_type = bug.get('type', 'UNKNOWN')
+              priority = bug.get('priority', 'N/A')
+              long_msg = bug.find('LongMessage')
+              msg = long_msg.text.strip() if long_msg is not None and long_msg.text else ''
+              src = bug.find('.//SourceLine')
+              loc = ''
+              if src is not None:
+                  loc = src.get('sourcefile', '') + ':' + src.get('start', '')
+              print(f'[P{priority}] {bug_type}')
+              if msg:
+                  print(f'  {msg[:200]}')
+              if loc:
+                  print(f'  at {loc}')
+              print()
+          "
+
+          exit 1

build.xml

@@ -70,6 +70,29 @@
         </and>
     </condition>
 
+    <!-- Check if SpotBugs is available -->
+    <condition property="spotbugs.available">
+        <and>
+            <isset property="env.SPOTBUGS_HOME"/>
+            <available
+                file="${env.SPOTBUGS_HOME}/lib/spotbugs-ant.jar"/>
+        </and>
+    </condition>
+
+    <!-- SpotBugs requires Java 11+, check compatibility -->
+    <condition property="spotbugs.java.compatible">
+        <not>
+            <or>
+                <equals arg1="${ant.java.version}" arg2="1.5"/>
+                <equals arg1="${ant.java.version}" arg2="1.6"/>
+                <equals arg1="${ant.java.version}" arg2="1.7"/>
+                <equals arg1="${ant.java.version}" arg2="1.8"/>
+                <equals arg1="${ant.java.version}" arg2="9"/>
+                <equals arg1="${ant.java.version}" arg2="10"/>
+            </or>
+        </not>
+    </condition>
+
     <taskdef uri="antlib:org.jacoco.ant" resource="org/jacoco/ant/antlib.xml">
         <classpath path="${env.JACOCO_HOME}/jacocoant.jar"/>
     </taskdef>
@@ -464,4 +487,65 @@
 
     <target name="coverage" depends="build-jacoco"/>
 
+    <!-- SpotBugs static analysis targets -->
+    <target name="spotbugs-taskdef" if="spotbugs.available">
+        <taskdef
+            resource="edu/umd/cs/findbugs/anttask/tasks.properties">
+            <classpath>
+                <fileset dir="${env.SPOTBUGS_HOME}/lib"
+                         includes="*.jar"/>
+            </classpath>
+        </taskdef>
+    </target>
+
+    <target name="spotbugs-check">
+        <fail unless="spotbugs.java.compatible">
+SpotBugs requires Java 11 or later to run.
+Current Java version: ${ant.java.version}
+To fix this, run ant with Java 11+:
+  export JAVA_HOME=/path/to/jdk11
+  ant spotbugs
+        </fail>
+        <fail unless="spotbugs.available">
+SpotBugs not found. Please set SPOTBUGS_HOME.
+To install SpotBugs:
+  1. Download from https://spotbugs.github.io/
+  2. Extract (e.g., /opt/spotbugs-4.8.6)
+  3. Set SPOTBUGS_HOME=/opt/spotbugs-4.8.6
+  4. Run 'ant spotbugs'
+        </fail>
+    </target>
+
+    <target name="spotbugs"
+            depends="build, spotbugs-check, spotbugs-taskdef"
+            description="Run SpotBugs static analysis
+                         (requires SPOTBUGS_HOME)">
+        <mkdir dir="${reports.dir}"/>
+        <spotbugs home="${env.SPOTBUGS_HOME}"
+                  output="html"
+                  outputFile="${reports.dir}/spotbugs.html"
+                  effort="max"
+                  reportLevel="medium"
+                  excludeFilter="spotbugs-exclude.xml"
+                  failOnError="false">
+            <sourcePath path="${src.dir}"/>
+            <class location="${lib.dir}/wolfssl.jar"/>
+            <class location="${lib.dir}/wolfssl-jsse.jar"/>
+        </spotbugs>
+        <spotbugs home="${env.SPOTBUGS_HOME}"
+                  output="xml"
+                  outputFile="${reports.dir}/spotbugs.xml"
+                  effort="max"
+                  reportLevel="medium"
+                  excludeFilter="spotbugs-exclude.xml"
+                  failOnError="false">
+            <sourcePath path="${src.dir}"/>
+            <class location="${lib.dir}/wolfssl.jar"/>
+            <class location="${lib.dir}/wolfssl-jsse.jar"/>
+        </spotbugs>
+        <echo message="SpotBugs reports generated:
+                       ${reports.dir}/spotbugs.html
+                       ${reports.dir}/spotbugs.xml"/>
+    </target>
+
 </project>