Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle
Locked
 
|
Hi Jacques,
I don't understand your concern described below? What is the problem of having jars not related to OFBiz in gradle's cache? What is the problem? Regards, Taher Alkhateeb On Sep 5, 2016 3:24 PM, <[hidden email]> wrote: > Author: jleroux > Date: Mon Sep 5 12:24:21 2016 > New Revision: 1759250 > > URL: http://svn.apache.org/viewvc?rev=1759250&view=rev > Log: > A slightly modified Taher's patch for "Load the OWASP dependency checker > Gradle plugin efficiently" I reported at OFBIZ-7930 > > As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/ > About+OWASP+Dependency+Check it's currently difficult to separate the > OFBiz jars from other jars in the .gradle\caches contains which may contain > jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse > task and more if you use Gradle for other reasons than OFBiz. > I did not find yet a way to avoid to have all external jars in > .gradle\caches and I wonder if it's even possible. What I would like to > have is the external jars mandatory for OFBiz to work in an isolated place. > For instance a sub folder of the main Gradle build folder. I picked > $buildDir/externalJars. > > Taher: I have a clean working solution now that does not affect users who > do not want the OWASP plugin. > > > jleroux: I have simply formatted the "if(" to "if (" > > Modified: > ofbiz/trunk/build.gradle > > Modified: ofbiz/trunk/build.gradle > URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev= > 1759250&r1=1759249&r2=1759250&view=diff > ============================================================ > ================== > --- ofbiz/trunk/build.gradle (original) > +++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016 > @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas > } > tasks.eclipse.dependsOn(cleanEclipse) > > +/* OWASP plugin > + * > + * If project property "enableOwasp" is flagged then > + * gradle will download required dependencies and > + * activate Gradle's OWASP plugin and its related tasks. > + * > + * Syntax: gradlew -PenableOwasp dependencyCheck > + */ > +buildscript { > + if (project.hasProperty('enableOwasp')) { > + repositories { > + mavenCentral() > + } > + dependencies { > + classpath 'org.owasp:dependency-check-gradle:1.4.0' > + } > + } > +} > +if (project.hasProperty('enableOwasp')) { > + apply plugin: 'org.owasp.dependencycheck' > +} > + > /* ======================================================== > * Tasks > * ======================================================== */ > > > |
Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle
Administrator
|
Taher,
Actually it was the description of the issue I created back then. I saw it after routinely copying it, but did not change it, because I had to move. I will edit the commit comment, to have something meaningful there. Jacques Le 05/09/2016 à 14:30, Taher Alkhateeb a écrit : > Hi Jacques, > > I don't understand your concern described below? What is the problem of > having jars not related to OFBiz in gradle's cache? What is the problem? > > Regards, > > Taher Alkhateeb > > On Sep 5, 2016 3:24 PM, <[hidden email]> wrote: > >> Author: jleroux >> Date: Mon Sep 5 12:24:21 2016 >> New Revision: 1759250 >> >> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev >> Log: >> A slightly modified Taher's patch for "Load the OWASP dependency checker >> Gradle plugin efficiently" I reported at OFBIZ-7930 >> >> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/ >> About+OWASP+Dependency+Check it's currently difficult to separate the >> OFBiz jars from other jars in the .gradle\caches contains which may contain >> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse >> task and more if you use Gradle for other reasons than OFBiz. >> I did not find yet a way to avoid to have all external jars in >> .gradle\caches and I wonder if it's even possible. What I would like to >> have is the external jars mandatory for OFBiz to work in an isolated place. >> For instance a sub folder of the main Gradle build folder. I picked >> $buildDir/externalJars. >> >> Taher: I have a clean working solution now that does not affect users who >> do not want the OWASP plugin. >> >> >> jleroux: I have simply formatted the "if(" to "if (" >> >> Modified: >> ofbiz/trunk/build.gradle >> >> Modified: ofbiz/trunk/build.gradle >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev= >> 1759250&r1=1759249&r2=1759250&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/build.gradle (original) >> +++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016 >> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas >> } >> tasks.eclipse.dependsOn(cleanEclipse) >> >> +/* OWASP plugin >> + * >> + * If project property "enableOwasp" is flagged then >> + * gradle will download required dependencies and >> + * activate Gradle's OWASP plugin and its related tasks. >> + * >> + * Syntax: gradlew -PenableOwasp dependencyCheck >> + */ >> +buildscript { >> + if (project.hasProperty('enableOwasp')) { >> + repositories { >> + mavenCentral() >> + } >> + dependencies { >> + classpath 'org.owasp:dependency-check-gradle:1.4.0' >> + } >> + } >> +} >> +if (project.hasProperty('enableOwasp')) { >> + apply plugin: 'org.owasp.dependencycheck' >> +} >> + >> /* ======================================================== >> * Tasks >> * ======================================================== */ >> >> >> |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |