You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pr@cassandra.apache.org by "jacek-lewandowski (via GitHub)" <gi...@apache.org> on 2023/06/22 06:34:53 UTC
[GitHub] [cassandra] jacek-lewandowski opened a new pull request, #2434: CASSANDRA-18618: Separate task for running static analysis
jacek-lewandowski opened a new pull request, #2434:
URL: https://github.com/apache/cassandra/pull/2434
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1246536257
##########
.circleci/config.yml:
##########
@@ -4131,7 +4131,7 @@ jobs:
git clean -fd
# Loop to prevent failure due to maven-ant-tasks not downloading a jar..
for x in $(seq 1 3); do
- ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar
+ ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar -Dno-checkstyle=true -Dno-check=true
Review Comment:
it shouldn't be necessary to supply both `-Dno-checkstyle=true -Dno-check=true`
i.e. `-Dno-check=true` should imply `-Dno-checkstyle=true -Drat.skip=true -Declipse-warnings.skip=true -Ddependency-check.skip=true`
here's a patch i was playing with before…
https://github.com/apache/cassandra/compare/trunk...thelastpickle:cassandra:mck/buildfiles-linter-docs/4.1
( that patch also allows you to specify there shorter form of `-Dno-linter=` )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260676634
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-M"/>
+ <arg value=".dependencies[] | .fileName + "=" + .license"/>
+ <arg value="${build.dir}/owasp/dependency-check-report.json"/>
+ <redirector output="${build.dir}/owasp/license-report.txt"/>
+ </exec>
+
+ <loadfile property="wrongly-licensed" srcFile="${build.dir}/owasp/license-report.txt">
+ <filterchain>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(www.apache.org/licenses/LICENSE-2.0|Apache Software License, Version 2.0)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*MIT License"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true" casesensitive="false">
+ <regexp pattern="^.*=.*(BSD.\d.Clause|BSD licen[cs]e)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(Eclipse Public License|www.eclipse.org/legal/epl-v10.html)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(Creative Commons)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(ISC)"/>
+ </linecontainsregexp>
+ <replaceregex pattern=""" replace="" byline="true" flags="g"/>
+ <trim/>
+ <sortfilter/>
+ </filterchain>
+ </loadfile>
+
+ <echo message="${wrongly-licensed}" output="${build.dir}/owasp/license-report.txt"/>
+
+ <loadfile property="wrongly-licensed-comparable" srcFile="${build.dir}/owasp/license-report.txt">
+ <filterchain>
+ <replaceregex pattern="=.*$" replace="" byline="true" flags="g"/>
+ <striplinebreaks/>
+ </filterchain>
+ </loadfile>
+
+ <loadfile property="license-exceptions-comparable" srcfile="${build.helpers.dir}/license-exceptions.txt" failonerror="false">
Review Comment:
In `.build/license-exceptions.txt` there is a list of jars we allow despite their license is unknown or not approved. In the end we compare the list of reported jars (see above) and the list of exceptions defined here. If those lists do not match, we fail the build.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1259580455
##########
build.xml:
##########
@@ -540,6 +539,14 @@
<copy todir="${basedir}/conf" file="${build.classes.main}/META-INF/hotspot_compiler"/>
</target>
+ <target name="check" depends="_main-jar,build-test" description="Verifies the source code and dependencies">
+ <antcall target="rat-check" inheritrefs="true"/>
+ <antcall target="_assert_rat_output" inheritrefs="true"/>
+ <antcall target="checkstyle" inheritrefs="true"/>
+ <antcall target="checkstyle-test" inheritrefs="true"/>
+ <antcall target="eclipse-warnings" inheritrefs="true"/>
Review Comment:
what about dependency-check ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#issuecomment-1632384221
@michaelsembwever @smiklosovic - I've refactored it, I agree `jq` may not be a common thing people have in their systems. I don't think it is a big problem - there are some prerequisites to work with the projects and this is not very problematic or uncommon tool.
However, I found implementing it with JavaScript is better. Now we have:
- `allowed-licenses.txt` which includes patterns to match the licenses we approve, it can contain line comments as well
- `license-overrides.txt` which explicitly sets the licenses for jars for which they couldn't be recognized automatically
`check` runs `dependency-check` only if dependencies were touched
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1263601274
##########
.build/parent-pom-template.xml:
##########
@@ -1049,6 +1049,11 @@
<artifactId>big-math</artifactId>
<version>2.3.0</version>
</dependency>
+ <dependency>
+ <groupId>org.openjdk.nashorn</groupId>
Review Comment:
@jacek-lewandowski can we really just add it like that?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260807160
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@michaelsembwever `~/.cache` seems to be a good dir to put it under. We are really caching it and there are other caches in place already on desktops. Maybe `~/.cache/cassandra-owasp` would be the best to say that such owasp cache is from Cassandra project. Otherwise who would know?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260837920
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
I see there is `failifexecutionfails="false", could you explain the consequences? So we are OK when this fails? So if that command is not present, we will just silently skip it? What are the consequences of that?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1259636540
##########
build.xml:
##########
@@ -540,6 +539,14 @@
<copy todir="${basedir}/conf" file="${build.classes.main}/META-INF/hotspot_compiler"/>
</target>
+ <target name="check" depends="_main-jar,build-test" description="Verifies the source code and dependencies">
+ <antcall target="rat-check" inheritrefs="true"/>
+ <antcall target="_assert_rat_output" inheritrefs="true"/>
+ <antcall target="checkstyle" inheritrefs="true"/>
+ <antcall target="checkstyle-test" inheritrefs="true"/>
+ <antcall target="eclipse-warnings" inheritrefs="true"/>
Review Comment:
We should have a dedicated ticket for that. Unless the project dependencies are changed, the developer cannot be blamed for CVEs.
Also, if the dependency set is not changed, it does not make sense to download and analyze the project against the whole database because we can be affected only by CVEs which are discovered recently.
There are a couple of valuable things we can do about dependency checks, including license analysis, and I'd like to avoid mixing this PR with that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1259579916
##########
.circleci/config.yml:
##########
@@ -4131,7 +4131,7 @@ jobs:
git clean -fd
# Loop to prevent failure due to maven-ant-tasks not downloading a jar..
for x in $(seq 1 3); do
- ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar
+ ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar -Dno-checkstyle=true -Drat.skip=true
Review Comment:
are these still needed if `check` is now its own target …?
##########
.circleci/config.yml:
##########
@@ -4131,7 +4131,7 @@ jobs:
git clean -fd
# Loop to prevent failure due to maven-ant-tasks not downloading a jar..
for x in $(seq 1 3); do
- ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar
+ ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar -Dno-checkstyle=true -Drat.skip=true
Review Comment:
are these still needed if `check` is now its own target …?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260742616
##########
.build/build-git.xml:
##########
@@ -51,7 +51,34 @@
<echo level="warning" if:true="${is-dirty}">Repository state is dirty</echo>
<echo level="warning" if:true="${is-dirty}">${git.diffstat}</echo>
- <property name="get-git-sha.done" value="true"/>
+ <exec if:true="${git.is-available}" executable="sh" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-c"/>
+ <arg value="git remote -v | grep apache/cassandra | cut -f 1 | head -n 1"/>
+ <redirector outputproperty="_resolved_repo_name" description="Tries to find the remote name of apache/cassandra repository"/>
+ </exec>
+ <condition property="_ref_branch" value="${_resolved_repo_name}/trunk" else="trunk" description="This property contains 'apache/cassandra repo name'/trunk or just trunk if the repo name cannot be resolved">
+ <and>
+ <isset property="_resolved_repo_name"/>
+ <not><equals arg1="${_resolved_repo_name}" arg2=""/></not>
+ </and>
+ </condition>
+
+ <exec if:true="${git.is-available}" executable="git" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="diff"/>
+ <arg value="--name-only"/>
+ <arg value="--no-renames"/>
+ <arg value="--ignore-all-space"/>
+ <arg value="--merge-base"/>
+ <arg value="${_ref_branch}"/>
+ <arg value="${build.helpers.dir}/cassandra-build-deps-template.xml"/>
+ <arg value="${build.helpers.dir}/cassandra-deps-template.xml"/>
+ <arg value="${build.helpers.dir}/parent-pom-template.xml"/>
+ <redirector outputproperty="git.diff.deps-xmls"/>
+ </exec>
+ <filelist id="git.diff.deps-xmls.list" files="${git.diff.deps-xmls}" description="List of changed production sources between HEAD and the latest common ancestor of HEAD and trunk"/>
+ <pathconvert property="git.diff.deps-xmls.path" pathsep="," refid="git.diff.deps-xmls.list">
+ </pathconvert>
Review Comment:
why? can this go into a private ant target with a descriptive name pls.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1240795509
##########
.build/build-rat.xml:
##########
@@ -106,7 +106,7 @@
</fail>
</target>
- <target name="_assert_rat_output">
+ <target name="_assert_rat_output" unless="${rat.skip}">
Review Comment:
```suggestion
<target name="_assert_rat_output" unless="rat.skip">
```
?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#issuecomment-1602085590
https://app.circleci.com/pipelines/github/jacek-lewandowski/cassandra/744/workflows/45d20631-96a2-4116-9a92-14fadbaaddb8/jobs/15328 (see the "Run static code analysis step")
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1246652968
##########
.circleci/config.yml:
##########
@@ -4131,7 +4131,7 @@ jobs:
git clean -fd
# Loop to prevent failure due to maven-ant-tasks not downloading a jar..
for x in $(seq 1 3); do
- ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar
+ ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar -Dno-checkstyle=true -Dno-check=true
Review Comment:
erh, no. go nuts then.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260807160
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@michaelsembwever `~/.cache` seems to be good dir to put it under. We are really caching it and there are other caches in place. Maybe `~/.cache/cassandra-owasp` would be best to say that such owasp cache is from cassandra project. Otherwise who would know?
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@michaelsembwever `~/.cache` seems to be a good dir to put it under. We are really caching it and there are other caches in place. Maybe `~/.cache/cassandra-owasp` would be best to say that such owasp cache is from cassandra project. Otherwise who would know?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1263671115
##########
.build/build-resolver.xml:
##########
@@ -134,6 +134,16 @@
</dependencies>
<path refid="checkstyle.classpath" classpath="runtime"/>
</resolve>
+ <resolve>
+<!-- Required for running JavaScript regardless of JDK version, this is only a build dependency, not inlcuded in the distribution -->
Review Comment:
will do
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260766396
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
I'm fine with any location under user home. It takes ~250M currently
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1261051822
##########
.build/build-git.xml:
##########
@@ -51,7 +51,34 @@
<echo level="warning" if:true="${is-dirty}">Repository state is dirty</echo>
<echo level="warning" if:true="${is-dirty}">${git.diffstat}</echo>
- <property name="get-git-sha.done" value="true"/>
+ <exec if:true="${git.is-available}" executable="sh" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-c"/>
+ <arg value="git remote -v | grep apache/cassandra | cut -f 1 | head -n 1"/>
+ <redirector outputproperty="_resolved_repo_name" description="Tries to find the remote name of apache/cassandra repository"/>
+ </exec>
+ <condition property="_ref_branch" value="${_resolved_repo_name}/trunk" else="trunk" description="This property contains 'apache/cassandra repo name'/trunk or just trunk if the repo name cannot be resolved">
+ <and>
+ <isset property="_resolved_repo_name"/>
+ <not><equals arg1="${_resolved_repo_name}" arg2=""/></not>
+ </and>
+ </condition>
+
+ <exec if:true="${git.is-available}" executable="git" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="diff"/>
+ <arg value="--name-only"/>
+ <arg value="--no-renames"/>
+ <arg value="--ignore-all-space"/>
+ <arg value="--merge-base"/>
+ <arg value="${_ref_branch}"/>
+ <arg value="${build.helpers.dir}/cassandra-build-deps-template.xml"/>
+ <arg value="${build.helpers.dir}/cassandra-deps-template.xml"/>
+ <arg value="${build.helpers.dir}/parent-pom-template.xml"/>
+ <redirector outputproperty="git.diff.deps-xmls"/>
+ </exec>
+ <filelist id="git.diff.deps-xmls.list" files="${git.diff.deps-xmls}" description="List of changed production sources between HEAD and the latest common ancestor of HEAD and trunk"/>
+ <pathconvert property="git.diff.deps-xmls.path" pathsep="," refid="git.diff.deps-xmls.list">
+ </pathconvert>
Review Comment:
what exactly are you referring to?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1263654190
##########
.build/build-resolver.xml:
##########
@@ -134,6 +134,16 @@
</dependencies>
<path refid="checkstyle.classpath" classpath="runtime"/>
</resolve>
+ <resolve>
+<!-- Required for running JavaScript regardless of JDK version, this is only a build dependency, not inlcuded in the distribution -->
Review Comment:
@jacek-lewandowski could you aligned this? just above `<dependencies>`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#issuecomment-1602565810
can we please move the different check/list ant targets into a new .build/build-checks.xml files? (or separate .build/build-xxx.xml file)
it really helps readability of build.xml (encapsulating concerns).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260837920
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
I see there is `failifexecutionfails="false", could you explain the consequences? So we are OK when this fails? So if that command is not present, we will just silently skip it?
I think if it just prints some report from owasp, that might be acceptable and we do not need to do anything after all.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260670806
##########
.build/build-git.xml:
##########
@@ -51,7 +51,34 @@
<echo level="warning" if:true="${is-dirty}">Repository state is dirty</echo>
<echo level="warning" if:true="${is-dirty}">${git.diffstat}</echo>
- <property name="get-git-sha.done" value="true"/>
+ <exec if:true="${git.is-available}" executable="sh" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-c"/>
+ <arg value="git remote -v | grep apache/cassandra | cut -f 1 | head -n 1"/>
+ <redirector outputproperty="_resolved_repo_name" description="Tries to find the remote name of apache/cassandra repository"/>
+ </exec>
+ <condition property="_ref_branch" value="${_resolved_repo_name}/trunk" else="trunk" description="This property contains 'apache/cassandra repo name'/trunk or just trunk if the repo name cannot be resolved">
+ <and>
+ <isset property="_resolved_repo_name"/>
+ <not><equals arg1="${_resolved_repo_name}" arg2=""/></not>
+ </and>
+ </condition>
+
+ <exec if:true="${git.is-available}" executable="git" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="diff"/>
+ <arg value="--name-only"/>
+ <arg value="--no-renames"/>
+ <arg value="--ignore-all-space"/>
+ <arg value="--merge-base"/>
+ <arg value="${_ref_branch}"/>
+ <arg value="${build.helpers.dir}/cassandra-build-deps-template.xml"/>
Review Comment:
actually we should not care about cassandra-build-deps
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260816120
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@jacek-lewandowski what happens if `~/.cache` dir does not exist? Highly improbable but still ... does it create parent dirs too?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260674310
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-M"/>
+ <arg value=".dependencies[] | .fileName + "=" + .license"/>
+ <arg value="${build.dir}/owasp/dependency-check-report.json"/>
+ <redirector output="${build.dir}/owasp/license-report.txt"/>
+ </exec>
+
+ <loadfile property="wrongly-licensed" srcFile="${build.dir}/owasp/license-report.txt">
+ <filterchain>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(www.apache.org/licenses/LICENSE-2.0|Apache Software License, Version 2.0)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*MIT License"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true" casesensitive="false">
+ <regexp pattern="^.*=.*(BSD.\d.Clause|BSD licen[cs]e)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(Eclipse Public License|www.eclipse.org/legal/epl-v10.html)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(Creative Commons)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(ISC)"/>
+ </linecontainsregexp>
+ <replaceregex pattern=""" replace="" byline="true" flags="g"/>
+ <trim/>
+ <sortfilter/>
+ </filterchain>
+ </loadfile>
+
+ <echo message="${wrongly-licensed}" output="${build.dir}/owasp/license-report.txt"/>
Review Comment:
`build/owasp/license-report.txt` contains list of those jars whose licenses are unknown or are not approved (there have not been filtered out by the above regex filters). So this is the file the developer should look at when analysis fails.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260672120
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
I set it to user.home because downloading the database is painfully slow and it can be shared between projects / worktrees. Redownloading it after ant realclean was frustrating
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260807160
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@michaelsembwever `~/.cache` seems to be a good dir to put it under. We are really caching it and there are other caches in place already on desktops. Maybe `~/.cache/cassandra-owasp` would be best to say that such owasp cache is from cassandra project. Otherwise who would know?
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@michaelsembwever `~/.cache` seems to be a good dir to put it under. We are really caching it and there are other caches in place already on desktops. Maybe `~/.cache/cassandra-owasp` would be the best to say that such owasp cache is from cassandra project. Otherwise who would know?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260837920
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
I see there is `failifexecutionfails="false", could you explain the consequences? So we are OK when this fails? So if that command is not present, we will just silently skip it? What are the consequences of that?
I think if it just prints some report from owasp that might be acceptable and we do not need to do anything after all.
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
we might have a check for this in `build.xml` as we have for Ant.
<fail message="You need to use Ant of version at least 1.10 to continue.">
<condition>
<not>
<antversion atleast="1.10"/>
</not>
</condition>
</fail>
Even "antversion" is in-built target (I think so), something similar should be done for all other needed tooling and error out as soon as possible if it is not available so it will not fail unnecessarily somewhere down the road.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260835929
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
we might have a check for this in `build.xml` as we have for Ant.
<fail message="You need to use Ant of version at least 1.10 to continue.">
<condition>
<not>
<antversion atleast="1.10"/>
</not>
</condition>
</fail>
Even "antversion" is in-built target (I think so), something similar should be done for all other needed tooling and error out as soon as possible if it is not available so it will not fail unnecessarily somewhere down the road.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1261066839
##########
.build/build-git.xml:
##########
@@ -51,7 +51,34 @@
<echo level="warning" if:true="${is-dirty}">Repository state is dirty</echo>
<echo level="warning" if:true="${is-dirty}">${git.diffstat}</echo>
- <property name="get-git-sha.done" value="true"/>
+ <exec if:true="${git.is-available}" executable="sh" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-c"/>
+ <arg value="git remote -v | grep apache/cassandra | cut -f 1 | head -n 1"/>
+ <redirector outputproperty="_resolved_repo_name" description="Tries to find the remote name of apache/cassandra repository"/>
+ </exec>
+ <condition property="_ref_branch" value="${_resolved_repo_name}/trunk" else="trunk" description="This property contains 'apache/cassandra repo name'/trunk or just trunk if the repo name cannot be resolved">
+ <and>
+ <isset property="_resolved_repo_name"/>
+ <not><equals arg1="${_resolved_repo_name}" arg2=""/></not>
+ </and>
+ </condition>
+
+ <exec if:true="${git.is-available}" executable="git" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="diff"/>
+ <arg value="--name-only"/>
+ <arg value="--no-renames"/>
+ <arg value="--ignore-all-space"/>
+ <arg value="--merge-base"/>
+ <arg value="${_ref_branch}"/>
+ <arg value="${build.helpers.dir}/cassandra-build-deps-template.xml"/>
+ <arg value="${build.helpers.dir}/cassandra-deps-template.xml"/>
+ <arg value="${build.helpers.dir}/parent-pom-template.xml"/>
+ <redirector outputproperty="git.diff.deps-xmls"/>
+ </exec>
+ <filelist id="git.diff.deps-xmls.list" files="${git.diff.deps-xmls}" description="List of changed production sources between HEAD and the latest common ancestor of HEAD and trunk"/>
+ <pathconvert property="git.diff.deps-xmls.path" pathsep="," refid="git.diff.deps-xmls.list">
+ </pathconvert>
Review Comment:
what does this addition of code/xml do?
a private ant target with a descriptive name beats a comment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1246582812
##########
.circleci/config.yml:
##########
@@ -4131,7 +4131,7 @@ jobs:
git clean -fd
# Loop to prevent failure due to maven-ant-tasks not downloading a jar..
for x in $(seq 1 3); do
- ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar
+ ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar -Dno-checkstyle=true -Dno-check=true
Review Comment:
This is for older branches - are we going to apply those changes to those older branches as well?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1241805206
##########
.build/build-rat.xml:
##########
@@ -106,7 +106,7 @@
</fail>
</target>
- <target name="_assert_rat_output">
+ <target name="_assert_rat_output" unless="${rat.skip}">
Review Comment:
that is a mistake. it should just be the string literal.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260745856
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-M"/>
+ <arg value=".dependencies[] | .fileName + "=" + .license"/>
+ <arg value="${build.dir}/owasp/dependency-check-report.json"/>
+ <redirector output="${build.dir}/owasp/license-report.txt"/>
+ </exec>
+
+ <loadfile property="wrongly-licensed" srcFile="${build.dir}/owasp/license-report.txt">
+ <filterchain>
Review Comment:
nice.
we should add a comment pointing to https://apache.org/legal/resolved
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260837920
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
I see there is `failifexecutionfails="false", could you explain the consequences? So we are OK when this fails? So if that command is not present, we will just silently skip it? What are the consequences of that?
I think if it just prints some report from owasp, that might be acceptable and we do not need to do anything after all.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] smiklosovic commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "smiklosovic (via GitHub)" <gi...@apache.org>.
smiklosovic commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260832625
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
@jacek-lewandowski @michaelsembwever This is suspicious. So we need to have `jq` locally, correct? I think we need be very picky and explicit about this. Until now, all you need is git, ant, python and shell.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260672795
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-M"/>
+ <arg value=".dependencies[] | .fileName + "=" + .license"/>
+ <arg value="${build.dir}/owasp/dependency-check-report.json"/>
+ <redirector output="${build.dir}/owasp/license-report.txt"/>
+ </exec>
+
+ <loadfile property="wrongly-licensed" srcFile="${build.dir}/owasp/license-report.txt">
+ <filterchain>
Review Comment:
Here we have defined patterns for allowed licenses
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260739865
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
is it specific to `ant` ?
could it be under `${user.home}/.owasp/dependency-check-ant-${dependency-check.version}` instead?
how big does it get? should it go under `${user.home}/.cache/owasp/…` instead? (mine was ~500M , but it will grow over time…)
@smiklosovic thoughts?
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
is it specific to `ant` ?
could it be under `${user.home}/.owasp/dependency-check-ant-${dependency-check.version}` instead?
how big does it get? should it go under `${user.home}/.cache/owasp/…` instead? (mine was ~500M , but it will grow over time…)
@smiklosovic thoughts?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1261054868
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
Review Comment:
ok, I realized the same and refactored it to run with JavaScript (no worries about j17). Now it seems to be better / cleaner from the user pov.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#issuecomment-1630603541
@michaelsembwever I've rebased and applied the changes according to what was concluded on the ML
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#issuecomment-1602085040
https://ci-cassandra.apache.org/view/patches/job/Cassandra-devbranch/2517/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1241594587
##########
.build/build-rat.xml:
##########
@@ -106,7 +106,7 @@
</fail>
</target>
- <target name="_assert_rat_output">
+ <target name="_assert_rat_output" unless="${rat.skip}">
Review Comment:
what do you mean? it is defined in the same way as in https://github.com/apache/cassandra/pull/2434/files#diff-d274784b2fecdbee879b6175c05a9860374c65c0c0b7e87efe8ec66c0fc3d838R50
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1259612248
##########
.circleci/config.yml:
##########
@@ -4131,7 +4131,7 @@ jobs:
git clean -fd
# Loop to prevent failure due to maven-ant-tasks not downloading a jar..
for x in $(seq 1 3); do
- ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar
+ ${ANT_HOME}/bin/ant realclean; ${ANT_HOME}/bin/ant jar dtest-jar -Dno-checkstyle=true -Drat.skip=true
Review Comment:
yes, because dtest jars are built for older Cassandra versions and we decided to not port this change to older branches
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1263625948
##########
.build/parent-pom-template.xml:
##########
@@ -1049,6 +1049,11 @@
<artifactId>big-math</artifactId>
<version>2.3.0</version>
</dependency>
+ <dependency>
+ <groupId>org.openjdk.nashorn</groupId>
Review Comment:
this is only the dependency management - we declare dependency versions here. The dependency in fact is defined in [build-resolver.xml](https://github.com/apache/cassandra/pull/2434/files#diff-b7d8cc9a23d28a1713d5242f83da30838851d0685528abdb937afe7d9b899de6R137-R146)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260674310
##########
.build/build-owasp.xml:
##########
@@ -83,4 +85,67 @@
</fileset>
</dependency-check>
</target>
+
+ <target depends="init" name="license-report">
+ <exec executable="jq" osfamily="unix" dir="${basedir}" logError="true" failonerror="false" failifexecutionfails="false">
+ <arg value="-M"/>
+ <arg value=".dependencies[] | .fileName + "=" + .license"/>
+ <arg value="${build.dir}/owasp/dependency-check-report.json"/>
+ <redirector output="${build.dir}/owasp/license-report.txt"/>
+ </exec>
+
+ <loadfile property="wrongly-licensed" srcFile="${build.dir}/owasp/license-report.txt">
+ <filterchain>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(www.apache.org/licenses/LICENSE-2.0|Apache Software License, Version 2.0)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*MIT License"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true" casesensitive="false">
+ <regexp pattern="^.*=.*(BSD.\d.Clause|BSD licen[cs]e)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(Eclipse Public License|www.eclipse.org/legal/epl-v10.html)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(Creative Commons)"/>
+ </linecontainsregexp>
+ <linecontainsregexp negate="true">
+ <regexp pattern="^.*=.*(ISC)"/>
+ </linecontainsregexp>
+ <replaceregex pattern=""" replace="" byline="true" flags="g"/>
+ <trim/>
+ <sortfilter/>
+ </filterchain>
+ </loadfile>
+
+ <echo message="${wrongly-licensed}" output="${build.dir}/owasp/license-report.txt"/>
Review Comment:
build/owasp/license-report.txt contains list of those jars whose licenses are unknown or are not approved (there have not been filtered out by the above regexp filters). So this is the file the developer should look at when analysis fails.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1260768306
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
@michaelsembwever maybe there is some public server which hosts such database and we could connect to it instead (or at least as a first choice)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1261053541
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
yes, it creates the parent directories as well, I've set it to `~/.cache/dependency-check-ant/owasp-db`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] michaelsembwever commented on a diff in pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "michaelsembwever (via GitHub)" <gi...@apache.org>.
michaelsembwever commented on code in PR #2434:
URL: https://github.com/apache/cassandra/pull/2434#discussion_r1261065765
##########
.build/build-owasp.xml:
##########
@@ -16,9 +16,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-<project basedir="." name="apache-cassandra-owasp-tasks">
+<project basedir="." name="apache-cassandra-owasp-tasks"
+ xmlns:if="ant:if"
+ xmlns:unless="ant:unless">
<property name="dependency-check.version" value="8.3.1"/>
- <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
+ <property name="dependency-check.home" value="${user.home}/.ant/dependency-check-ant-${dependency-check.version}"/>
Review Comment:
i agree with @smiklosovic , `~/.cache/cassandra-owasp-dependency-check` is a better name.
Users will want to know where a half gigabyte folder came from.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org
[GitHub] [cassandra] jacek-lewandowski closed pull request #2434: CASSANDRA-18618: Separate task for running static analysis
Posted by "jacek-lewandowski (via GitHub)" <gi...@apache.org>.
jacek-lewandowski closed pull request #2434: CASSANDRA-18618: Separate task for running static analysis
URL: https://github.com/apache/cassandra/pull/2434
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@cassandra.apache.org
For additional commands, e-mail: pr-help@cassandra.apache.org