ofbiz-framework
ofbiz-framework copied to clipboard
apache
Improvement: Extract datafile component, base/util, base/crypt projects
- There are a LOT of circular dependencies !!!
- ~99% it is code shuffling - no behavior change
- I had to split some files to be able to shuffle code around: UtilValidateEmpty, UtilPropertiesRuntime, etc.
- A lot of code changes are related to CheckStyle
- We should consider spotbugs for code formatting via gradle
We can publish datafile component as for example:
org.apache.ofbiz/component-datafile/18.12.10
Appllications can consume this via reuglar maven dependency. The dependency could be specified as having runtime / provided scope so when it gets pulled in OFBiz it will use the version available there (patch versions).
Also each component jar can be a Java 9 module - to encapsulate it's dependencies and avoid jar hell.
I have added a sample project that uses the crypto code from OFBiz lib to do crypto. I could do a datafile example tool but that would take more time. Fill in the blanks: ofbiz functionality in other apps and services. Ease the integration at java level. Open the borders of OFBiz to the outside developer world. https://github.com/ieugen/ofbiz-tooling-demo
Also as exploratory work, making enity engine as a library (on top of this PR) takes ~ 670 additions and ~ 370 deletions. Work is not done yet, but close. See https://github.com/ieugen/ofbiz-framework/pull/3 .
Quality Gate passed
The SonarCloud Quality Gate passed, but some issues were introduced.
1 New issue
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
1 New issue
Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code
See analysis details on SonarCloud
We can neglet the CodeQl analysis. It reports 208 "RandomStringUtils.random(SECURE_RANDOM" and it's safe because of SECURE_RANDOM. Sincerely the tool is clumsy. I have also dismissed a lot (300+ ?) in the OOTB code.
We can neglet the CodeQl analysis. It reports 208 "RandomStringUtils.random(SECURE_RANDOM" and it's safe because of SECURE_RANDOM. Sincerely the tool is clumsy. I have also dismissed a lot (300+ ?) in the OOTB code.
Other than this, did you manage to take a look at the code?
Hi Ieugen,
Not yet, I'm currently focusing on the new codeQL implementation.
I tried it few years ago for Java but it was not able to handle OFBiz, only JavaScript. It now works but still, like for JavaScript in the past, has a number of false alerts, like this one. I remember now, exactly 271 same cases. Fortunately GH is able to ease dismissing them, still 553 remaining, a lot of duplicate.
BTW, this is about whole OOTB OFBiz code. There is no other than this one in your PR.
For now I had only a cursory look at your work. But, as I said, I intend to have a deeper look in 2024.
Thank you @JacquesLeRoux , It would be great. Right now I paused my work on OFBiz. IMO it does not worth investing more until I have a path forward. I believe this PR opens the door for that path forward: more modular ofbiz, ability to develop tooling outside the codebase that can use parts of OFBiz.
Looking forward to your review and hopefully merge of this PR (in this form or another). After that I will continue working on OFBiz.