dependency-check-gradle icon indicating copy to clipboard operation
dependency-check-gradle copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

Make skipTestGroups resolution logic configurable

Open mcwhitak opened this issue 2 years ago • 1 comments

Currently skipTestGroups operates on the implicit prefixes of test and androidTest (the other explicit matches don't end up mattering since they meet these prefixes).

It would be helpful if these prefixes could be configurable so that new test sourceSets of the form xTest (ex: integrationTest, functionalTest, acceptanceTest) could be excluded easily from scans.

Alternatively having a regex option here would also help (to just be able to exclude anything with .*Test.* or .*test.* ) but I understand if that's too large of a change.

Would be happy to do the work for this, just looking for the direction you would like to go before starting (I'm guessing an additional extension ListProperty<String> that would default to test, androidTest.

mcwhitak avatar Jun 27 '22 15:06 mcwhitak

I imagine you could achieve this already by using something like the below in your configuration rather than relying on the special opinionated skipTestGroups handling? (Or just enumerate them yourself in an array)

dependencyCheck {
  skipConfigurations = configurations.findAll { it.name ==~ /(?i).*test.*/ }.collect { it.name }
}

chadlwilson avatar Aug 22 '22 09:08 chadlwilson

A customizable boolean isTestConfiguration(Configuration configuration) would be really helpful for Kotlin Multiplatform projects, where tests rely on sourceSets like commonTest, iosTest, androidTest, ...

And so all the configurations in hierarchy will not match test*

GALHP avatar Jan 03 '24 11:01 GALHP

I don’t really understand why you can’t do whatever you like using an example like I gave above to dynamically populate skipConfigurations? Essentially that fragment is a customisable isTestConfiguration, no - write the equivalent in Kotlin?

chadlwilson avatar Jan 03 '24 12:01 chadlwilson

Yes, you are totally right. I didn't get this dynamic approach the first time I read it. And due to the fact that the ticket is still open, I did my post.

After reading https://github.com/dependency-check/dependency-check-gradle/issues/22, i understood your nice one liner.

Maybe both of these should not be open anymore?

GALHP avatar Jan 03 '24 13:01 GALHP

resolved with comment https://github.com/dependency-check/dependency-check-gradle/issues/22#issuecomment-575568801. Leaving #22 open for now as documentation - until I get a chance to update the official documentation.

jeremylong avatar Jan 03 '24 13:01 jeremylong