You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Taher Alkhateeb <sl...@gmail.com> on 2016/09/05 12:30:29 UTC
Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle
Hi Jacques,
I don't understand your concern described below? What is the problem of
having jars not related to OFBiz in gradle's cache? What is the problem?
Regards,
Taher Alkhateeb
On Sep 5, 2016 3:24 PM, <jl...@apache.org> wrote:
> Author: jleroux
> Date: Mon Sep 5 12:24:21 2016
> New Revision: 1759250
>
> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
> Log:
> A slightly modified Taher's patch for "Load the OWASP dependency checker
> Gradle plugin efficiently" I reported at OFBIZ-7930
>
> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/
> About+OWASP+Dependency+Check it's currently difficult to separate the
> OFBiz jars from other jars in the .gradle\caches contains which may contain
> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse
> task and more if you use Gradle for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in
> .gradle\caches and I wonder if it's even possible. What I would like to
> have is the external jars mandatory for OFBiz to work in an isolated place.
> For instance a sub folder of the main Gradle build folder. I picked
> $buildDir/externalJars.
>
> Taher: I have a clean working solution now that does not affect users who
> do not want the OWASP plugin.
>
>
> jleroux: I have simply formatted the "if(" to "if ("
>
> Modified:
> ofbiz/trunk/build.gradle
>
> Modified: ofbiz/trunk/build.gradle
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=
> 1759250&r1=1759249&r2=1759250&view=diff
> ============================================================
> ==================
> --- ofbiz/trunk/build.gradle (original)
> +++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016
> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
> }
> tasks.eclipse.dependsOn(cleanEclipse)
>
> +/* OWASP plugin
> + *
> + * If project property "enableOwasp" is flagged then
> + * gradle will download required dependencies and
> + * activate Gradle's OWASP plugin and its related tasks.
> + *
> + * Syntax: gradlew -PenableOwasp dependencyCheck
> + */
> +buildscript {
> + if (project.hasProperty('enableOwasp')) {
> + repositories {
> + mavenCentral()
> + }
> + dependencies {
> + classpath 'org.owasp:dependency-check-gradle:1.4.0'
> + }
> + }
> +}
> +if (project.hasProperty('enableOwasp')) {
> + apply plugin: 'org.owasp.dependencycheck'
> +}
> +
> /* ========================================================
> * Tasks
> * ======================================================== */
>
>
>
Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle
Posted by Jacques Le Roux <ja...@les7arts.com>.
Taher,
Actually it was the description of the issue I created back then. I saw it after routinely copying it, but did not change it, because I had to move. I
will edit the commit comment, to have something meaningful there.
Jacques
Le 05/09/2016 � 14:30, Taher Alkhateeb a �crit :
> Hi Jacques,
>
> I don't understand your concern described below? What is the problem of
> having jars not related to OFBiz in gradle's cache? What is the problem?
>
> Regards,
>
> Taher Alkhateeb
>
> On Sep 5, 2016 3:24 PM, <jl...@apache.org> wrote:
>
>> Author: jleroux
>> Date: Mon Sep 5 12:24:21 2016
>> New Revision: 1759250
>>
>> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
>> Log:
>> A slightly modified Taher's patch for "Load the OWASP dependency checker
>> Gradle plugin efficiently" I reported at OFBIZ-7930
>>
>> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/
>> About+OWASP+Dependency+Check it's currently difficult to separate the
>> OFBiz jars from other jars in the .gradle\caches contains which may contain
>> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse
>> task and more if you use Gradle for other reasons than OFBiz.
>> I did not find yet a way to avoid to have all external jars in
>> .gradle\caches and I wonder if it's even possible. What I would like to
>> have is the external jars mandatory for OFBiz to work in an isolated place.
>> For instance a sub folder of the main Gradle build folder. I picked
>> $buildDir/externalJars.
>>
>> Taher: I have a clean working solution now that does not affect users who
>> do not want the OWASP plugin.
>>
>>
>> jleroux: I have simply formatted the "if(" to "if ("
>>
>> Modified:
>> ofbiz/trunk/build.gradle
>>
>> Modified: ofbiz/trunk/build.gradle
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=
>> 1759250&r1=1759249&r2=1759250&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/trunk/build.gradle (original)
>> +++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016
>> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
>> }
>> tasks.eclipse.dependsOn(cleanEclipse)
>>
>> +/* OWASP plugin
>> + *
>> + * If project property "enableOwasp" is flagged then
>> + * gradle will download required dependencies and
>> + * activate Gradle's OWASP plugin and its related tasks.
>> + *
>> + * Syntax: gradlew -PenableOwasp dependencyCheck
>> + */
>> +buildscript {
>> + if (project.hasProperty('enableOwasp')) {
>> + repositories {
>> + mavenCentral()
>> + }
>> + dependencies {
>> + classpath 'org.owasp:dependency-check-gradle:1.4.0'
>> + }
>> + }
>> +}
>> +if (project.hasProperty('enableOwasp')) {
>> + apply plugin: 'org.owasp.dependencycheck'
>> +}
>> +
>> /* ========================================================
>> * Tasks
>> * ======================================================== */
>>
>>
>>