You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/09/05 12:24:21 UTC
svn commit: r1759250 - /ofbiz/trunk/build.gradle
Author: jleroux
Date: Mon Sep 5 12:24:21 2016
New Revision: 1759250
URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
Log:
A slightly modified Taher's patch for "Load the OWASP dependency checker Gradle plugin efficiently" I reported at OFBIZ-7930
As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check it's currently difficult to separate the OFBiz jars from other jars in the .gradle\caches contains which may contain jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse task and more if you use Gradle for other reasons than OFBiz.
I did not find yet a way to avoid to have all external jars in .gradle\caches and I wonder if it's even possible. What I would like to have is the external jars mandatory for OFBiz to work in an isolated place. For instance a sub folder of the main Gradle build folder. I picked $buildDir/externalJars.
Taher: I have a clean working solution now that does not affect users who do not want the OWASP plugin.
jleroux: I have simply formatted the "if(" to "if ("
Modified:
ofbiz/trunk/build.gradle
Modified: ofbiz/trunk/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=1759250&r1=1759249&r2=1759250&view=diff
==============================================================================
--- ofbiz/trunk/build.gradle (original)
+++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016
@@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
}
tasks.eclipse.dependsOn(cleanEclipse)
+/* OWASP plugin
+ *
+ * If project property "enableOwasp" is flagged then
+ * gradle will download required dependencies and
+ * activate Gradle's OWASP plugin and its related tasks.
+ *
+ * Syntax: gradlew -PenableOwasp dependencyCheck
+ */
+buildscript {
+ if (project.hasProperty('enableOwasp')) {
+ repositories {
+ mavenCentral()
+ }
+ dependencies {
+ classpath 'org.owasp:dependency-check-gradle:1.4.0'
+ }
+ }
+}
+if (project.hasProperty('enableOwasp')) {
+ apply plugin: 'org.owasp.dependencycheck'
+}
+
/* ========================================================
* Tasks
* ======================================================== */
Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle
Posted by Jacques Le Roux <ja...@les7arts.com>.
Taher,
Actually it was the description of the issue I created back then. I saw it after routinely copying it, but did not change it, because I had to move. I
will edit the commit comment, to have something meaningful there.
Jacques
Le 05/09/2016 � 14:30, Taher Alkhateeb a �crit :
> Hi Jacques,
>
> I don't understand your concern described below? What is the problem of
> having jars not related to OFBiz in gradle's cache? What is the problem?
>
> Regards,
>
> Taher Alkhateeb
>
> On Sep 5, 2016 3:24 PM, <jl...@apache.org> wrote:
>
>> Author: jleroux
>> Date: Mon Sep 5 12:24:21 2016
>> New Revision: 1759250
>>
>> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
>> Log:
>> A slightly modified Taher's patch for "Load the OWASP dependency checker
>> Gradle plugin efficiently" I reported at OFBIZ-7930
>>
>> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/
>> About+OWASP+Dependency+Check it's currently difficult to separate the
>> OFBiz jars from other jars in the .gradle\caches contains which may contain
>> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse
>> task and more if you use Gradle for other reasons than OFBiz.
>> I did not find yet a way to avoid to have all external jars in
>> .gradle\caches and I wonder if it's even possible. What I would like to
>> have is the external jars mandatory for OFBiz to work in an isolated place.
>> For instance a sub folder of the main Gradle build folder. I picked
>> $buildDir/externalJars.
>>
>> Taher: I have a clean working solution now that does not affect users who
>> do not want the OWASP plugin.
>>
>>
>> jleroux: I have simply formatted the "if(" to "if ("
>>
>> Modified:
>> ofbiz/trunk/build.gradle
>>
>> Modified: ofbiz/trunk/build.gradle
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=
>> 1759250&r1=1759249&r2=1759250&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/trunk/build.gradle (original)
>> +++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016
>> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
>> }
>> tasks.eclipse.dependsOn(cleanEclipse)
>>
>> +/* OWASP plugin
>> + *
>> + * If project property "enableOwasp" is flagged then
>> + * gradle will download required dependencies and
>> + * activate Gradle's OWASP plugin and its related tasks.
>> + *
>> + * Syntax: gradlew -PenableOwasp dependencyCheck
>> + */
>> +buildscript {
>> + if (project.hasProperty('enableOwasp')) {
>> + repositories {
>> + mavenCentral()
>> + }
>> + dependencies {
>> + classpath 'org.owasp:dependency-check-gradle:1.4.0'
>> + }
>> + }
>> +}
>> +if (project.hasProperty('enableOwasp')) {
>> + apply plugin: 'org.owasp.dependencycheck'
>> +}
>> +
>> /* ========================================================
>> * Tasks
>> * ======================================================== */
>>
>>
>>
Re: svn commit: r1759250 - /ofbiz/trunk/build.gradle
Posted by Taher Alkhateeb <sl...@gmail.com>.
Hi Jacques,
I don't understand your concern described below? What is the problem of
having jars not related to OFBiz in gradle's cache? What is the problem?
Regards,
Taher Alkhateeb
On Sep 5, 2016 3:24 PM, <jl...@apache.org> wrote:
> Author: jleroux
> Date: Mon Sep 5 12:24:21 2016
> New Revision: 1759250
>
> URL: http://svn.apache.org/viewvc?rev=1759250&view=rev
> Log:
> A slightly modified Taher's patch for "Load the OWASP dependency checker
> Gradle plugin efficiently" I reported at OFBIZ-7930
>
> As I warned at https://cwiki.apache.org/confluence/display/OFBIZ/
> About+OWASP+Dependency+Check it's currently difficult to separate the
> OFBiz jars from other jars in the .gradle\caches contains which may contain
> jars unrelated to OFBiz. Notably Eclipse jars if you use the Gradle Eclipse
> task and more if you use Gradle for other reasons than OFBiz.
> I did not find yet a way to avoid to have all external jars in
> .gradle\caches and I wonder if it's even possible. What I would like to
> have is the external jars mandatory for OFBiz to work in an isolated place.
> For instance a sub folder of the main Gradle build folder. I picked
> $buildDir/externalJars.
>
> Taher: I have a clean working solution now that does not affect users who
> do not want the OWASP plugin.
>
>
> jleroux: I have simply formatted the "if(" to "if ("
>
> Modified:
> ofbiz/trunk/build.gradle
>
> Modified: ofbiz/trunk/build.gradle
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=
> 1759250&r1=1759249&r2=1759250&view=diff
> ============================================================
> ==================
> --- ofbiz/trunk/build.gradle (original)
> +++ ofbiz/trunk/build.gradle Mon Sep 5 12:24:21 2016
> @@ -269,6 +269,28 @@ eclipse.classpath.file.whenMerged { clas
> }
> tasks.eclipse.dependsOn(cleanEclipse)
>
> +/* OWASP plugin
> + *
> + * If project property "enableOwasp" is flagged then
> + * gradle will download required dependencies and
> + * activate Gradle's OWASP plugin and its related tasks.
> + *
> + * Syntax: gradlew -PenableOwasp dependencyCheck
> + */
> +buildscript {
> + if (project.hasProperty('enableOwasp')) {
> + repositories {
> + mavenCentral()
> + }
> + dependencies {
> + classpath 'org.owasp:dependency-check-gradle:1.4.0'
> + }
> + }
> +}
> +if (project.hasProperty('enableOwasp')) {
> + apply plugin: 'org.owasp.dependencycheck'
> +}
> +
> /* ========================================================
> * Tasks
> * ======================================================== */
>
>
>