Improvement: Extract datafile component, base/util, base/crypt projects #678
Conversation
ieugen
force-pushed
the
OFBIZ-3500-split-crypt-datafile
branch
from
a0f4d10
to
ff304a8
Compare
|
Also relates to https://issues.apache.org/jira/browse/OFBIZ-12308 |
ieugen
force-pushed
the
OFBIZ-3500-split-crypt-datafile
branch
2 times, most recently
from
9e751dc
to
43602c3
Compare
|
A glimpse of the cyclic dependencies in OFBiz
|
ieugen
force-pushed
the
OFBIZ-3500-split-crypt-datafile
branch
4 times, most recently
from
c308eb9
to
1ca2a41
Compare
ieugen
force-pushed
the
OFBIZ-3500-split-crypt-datafile
branch
from
1ca2a41
to
b5c4c7a
Compare
|
…BIZ-3500) * There are a LOT of circular dependencies !!! * I had to split some files to be able to shuffle code around: UtilPropertiesRuntime, etc. * A lot of code changes are related to CheckStyle * We should consider spotbugs for code formatting via gradle
ieugen
force-pushed
the
OFBIZ-3500-split-crypt-datafile
branch
from
b5c4c7a
to
d010816
Compare
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
applications/accounting/src/main/java/org/apache/ofbiz/accounting/invoice/InvoiceServices.java
Dismissed
Show dismissed
Hide dismissed
|
We can neglet the CodeQl analysis. It reports 208 "RandomStringUtils.random(SECURE_RANDOM" and it's safe because of SECURE_RANDOM. Sincerely the tool is clumsy. I have also dismissed a lot (300+ ?) in the OOTB code. |
Other than this, did you manage to take a look at the code? |
|
Hi Ieugen, Not yet, I'm currently focusing on the new codeQL implementation. I tried it few years ago for Java but it was not able to handle OFBiz, only JavaScript. It now works but still, like for JavaScript in the past, has a number of false alerts, like this one. I remember now, exactly 271 same cases. Fortunately GH is able to ease dismissing them, still 553 remaining, a lot of duplicate. |
|
BTW, this is about whole OOTB OFBiz code. There is no other than this one in your PR. |
|
For now I had only a cursory look at your work. But, as I said, I intend to have a deeper look in 2024. |
|
Thank you @JacquesLeRoux , It would be great. Looking forward to your review and hopefully merge of this PR (in this form or another). |
We can publish datafile component as for example:
org.apache.ofbiz/component-datafile/18.12.10Appllications can consume this via reuglar maven dependency.
The dependency could be specified as having runtime / provided scope so when it gets pulled in OFBiz it will use the version available there (patch versions).
Also each component jar can be a Java 9 module - to encapsulate it's dependencies and avoid jar hell.
I have added a sample project that uses the crypto code from OFBiz lib to do crypto.
I could do a datafile example tool but that would take more time.
Fill in the blanks: ofbiz functionality in other apps and services.
Ease the integration at java level.
Open the borders of OFBiz to the outside developer world.
https://github.com/ieugen/ofbiz-tooling-demo
Also as exploratory work, making enity engine as a library (on top of this PR) takes ~ 670 additions and ~ 370 deletions. Work is not done yet, but close. See ieugen#3 .