Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle

taher
Hi Jacques,

I don't understand your concern described below? What is the problem of
having jars not related to OFBiz in gradle's cache? What is the problem?

Regards,

Taher Alkhateeb

On Sep 5, 2016 3:24 PM, <[hidden email]> wrote:

> Author: jleroux
> Date: Mon Sep  5 12:24:21 2016
> New Revision: 1759250
>
> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
> Log:
> A slightly modified Taher's patch for "Load the OWASP dependency checker
> Gradle plugin efficiently" I reported at OFBIZ-7930
>
> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/
> About+OWASP+Dependency+Check it's currently difficult to separate the
> OFBiz jars from other jars in the .gradle\caches contains which may contain
> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse
> task and more if you use Gradle for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in
> .gradle\caches and I wonder if it's even possible. What I would like to
> have is the external jars mandatory for OFBiz to work in an isolated place.
> For instance a sub folder of the main Gradle build folder. I picked
> $buildDir/externalJars.
>
> Taher:  I have a clean working solution now that does not affect users who
> do not want the OWASP plugin.
>
>
> jleroux: I have simply formatted the "if(" to "if ("
>
> Modified:
>     ofbiz/trunk/build.gradle
>
> Modified: ofbiz/trunk/build.gradle
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=
> 1759250&r1=1759249&r2=1759250&view=diff
> ============================================================
> ==================
> --- ofbiz/trunk/build.gradle (original)
> +++ ofbiz/trunk/build.gradle Mon Sep  5 12:24:21 2016
> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
>  }
>  tasks.eclipse.dependsOn(cleanEclipse)
>
> +/* OWASP plugin
> + *
> + * If project property "enableOwasp" is flagged then
> + * gradle will download required dependencies and
> + * activate Gradle's OWASP plugin and its related tasks.
> + *
> + * Syntax: gradlew -PenableOwasp dependencyCheck
> + */
> +buildscript {
> +    if (project.hasProperty('enableOwasp')) {
> +        repositories {
> +            mavenCentral()
> +        }
> +        dependencies {
> +            classpath 'org.owasp:dependency-check-gradle:1.4.0'
> +        }
> +    }
> +}
> +if (project.hasProperty('enableOwasp')) {
> +    apply plugin: 'org.owasp.dependencycheck'
> +}
> +
>  /* ========================================================
>   * Tasks
>   * ======================================================== */
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle

Jacques Le Roux
Administrator
Taher,

Actually it was the description of the issue I created back then. I saw it after routinely copying it, but did not change it, because I had to move. I
will edit the commit comment, to have something meaningful there.

Jacques


Le 05/09/2016 à 14:30, Taher Alkhateeb a écrit :

> Hi Jacques,
>
> I don't understand your concern described below? What is the problem of
> having jars not related to OFBiz in gradle's cache? What is the problem?
>
> Regards,
>
> Taher Alkhateeb
>
> On Sep 5, 2016 3:24 PM, <[hidden email]> wrote:
>
>> Author: jleroux
>> Date: Mon Sep  5 12:24:21 2016
>> New Revision: 1759250
>>
>> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
>> Log:
>> A slightly modified Taher's patch for "Load the OWASP dependency checker
>> Gradle plugin efficiently" I reported at OFBIZ-7930
>>
>> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/
>> About+OWASP+Dependency+Check it's currently difficult to separate the
>> OFBiz jars from other jars in the .gradle\caches contains which may contain
>> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse
>> task and more if you use Gradle for other reasons than OFBiz.
>> I did not find yet a way to avoid to have all external jars in
>> .gradle\caches and I wonder if it's even possible. What I would like to
>> have is the external jars mandatory for OFBiz to work in an isolated place.
>> For instance a sub folder of the main Gradle build folder. I picked
>> $buildDir/externalJars.
>>
>> Taher:  I have a clean working solution now that does not affect users who
>> do not want the OWASP plugin.
>>
>>
>> jleroux: I have simply formatted the "if(" to "if ("
>>
>> Modified:
>>      ofbiz/trunk/build.gradle
>>
>> Modified: ofbiz/trunk/build.gradle
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=
>> 1759250&r1=1759249&r2=1759250&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/trunk/build.gradle (original)
>> +++ ofbiz/trunk/build.gradle Mon Sep  5 12:24:21 2016
>> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
>>   }
>>   tasks.eclipse.dependsOn(cleanEclipse)
>>
>> +/* OWASP plugin
>> + *
>> + * If project property "enableOwasp" is flagged then
>> + * gradle will download required dependencies and
>> + * activate Gradle's OWASP plugin and its related tasks.
>> + *
>> + * Syntax: gradlew -PenableOwasp dependencyCheck
>> + */
>> +buildscript {
>> +    if (project.hasProperty('enableOwasp')) {
>> +        repositories {
>> +            mavenCentral()
>> +        }
>> +        dependencies {
>> +            classpath 'org.owasp:dependency-check-gradle:1.4.0'
>> +        }
>> +    }
>> +}
>> +if (project.hasProperty('enableOwasp')) {
>> +    apply plugin: 'org.owasp.dependencycheck'
>> +}
>> +
>>   /* ========================================================
>>    * Tasks
>>    * ======================================================== */
>>
>>
>>