-
Notifications
You must be signed in to change notification settings - Fork 514
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvement: Extract datafile component, base/util, base/crypt projects #678
base: trunk
Are you sure you want to change the base?
Conversation
a0f4d10
to
ff304a8
Compare
Also relates to https://issues.apache.org/jira/browse/OFBIZ-12308 |
9e751dc
to
43602c3
Compare
c308eb9
to
1ca2a41
Compare
1ca2a41
to
b5c4c7a
Compare
Quality Gate passedThe SonarCloud Quality Gate passed, but some issues were introduced. 1 New issue |
…BIZ-3500) * There are a LOT of circular dependencies !!! * I had to split some files to be able to shuffle code around: UtilPropertiesRuntime, etc. * A lot of code changes are related to CheckStyle * We should consider spotbugs for code formatting via gradle
b5c4c7a
to
d010816
Compare
Quality Gate passedIssues Measures |
applications/accounting/src/main/java/org/apache/ofbiz/accounting/invoice/InvoiceServices.java
Dismissed
Show dismissed
Hide dismissed
We can neglet the CodeQl analysis. It reports 208 "RandomStringUtils.random(SECURE_RANDOM" and it's safe because of SECURE_RANDOM. Sincerely the tool is clumsy. I have also dismissed a lot (300+ ?) in the OOTB code. |
Other than this, did you manage to take a look at the code? |
Hi Ieugen, Not yet, I'm currently focusing on the new codeQL implementation. I tried it few years ago for Java but it was not able to handle OFBiz, only JavaScript. It now works but still, like for JavaScript in the past, has a number of false alerts, like this one. I remember now, exactly 271 same cases. Fortunately GH is able to ease dismissing them, still 553 remaining, a lot of duplicate. |
BTW, this is about whole OOTB OFBiz code. There is no other than this one in your PR. |
For now I had only a cursory look at your work. But, as I said, I intend to have a deeper look in 2024. |
Thank you @JacquesLeRoux , It would be great. Looking forward to your review and hopefully merge of this PR (in this form or another). |
We can publish datafile component as for example:
org.apache.ofbiz/component-datafile/18.12.10
Appllications can consume this via reuglar maven dependency.
The dependency could be specified as having runtime / provided scope so when it gets pulled in OFBiz it will use the version available there (patch versions).
Also each component jar can be a Java 9 module - to encapsulate it's dependencies and avoid jar hell.
I have added a sample project that uses the crypto code from OFBiz lib to do crypto.
I could do a datafile example tool but that would take more time.
Fill in the blanks: ofbiz functionality in other apps and services.
Ease the integration at java level.
Open the borders of OFBiz to the outside developer world.
https://github.com/ieugen/ofbiz-tooling-demo
Also as exploratory work, making enity engine as a library (on top of this PR) takes ~ 670 additions and ~ 370 deletions. Work is not done yet, but close. See ieugen#3 .