I am planning to build a product which will have some open source components and some commercial components (not open sourced).
The intention is open parts of the products with maximum functionality and get contribution from the community. Where as the commercial features will be available on price.
How should I organise my code and build strategy so that opensource community can build, deploy and run the product on their own whereas the commercial version will use this open source tools as well as the commercial components with it ?
The code I have right now is a Java Spring Boot code base and Node.js code base which has both open and commercial components in them.
I was planning to do the following
1. Seperate out the OpenSource components as libraries.
2. Create a build process which will have some default build steps (building the Spring application or Node.js app) + adding the opensource libraries created in Step 1
3. Create a commercial build process (not open sourced) which will have some default build steps + adding the opensource libraries + adding the commercial libraries.
Any suggestions if my approach will work, or is there any better alternative available with sub-projects will be appreciated.
Related
In Installing SAP Commerce Using Installer Recipes and Installer Recipe Reference, there is a comment that says something like:
The installer is currently only intended to install SAP Commerce in
development environments or for demonstration purposes. Do not use the
installer to install SAP Commerce in a production environment.
However, guides like Customizing the Accelerator with extgen and modulegen usually mention recipes:
On Windows: install.bat -r b2c_acc_plus
So, how do you really set-up a project from scratch? Do you start with recipes, or do you start with ant modulegen?
I don't see clear instructions (or best practice) on how I should build a B2C/B2B application from scratch for development and then preparing it for Production. (Maybe there is a gap in the instructions, or I just don't know where it is)
Even the Installing SAP Commerce Cloud for use with Spartacus guide mentions starting with a B2C recipe. Does this mean that the starting point of building a SAP Commerce project is to use recipes? Are there cases where you would not use a recipe, and build everything from scratch using ant modulegen and ant addoninstall?
It is not recommended to use recipe for direct installation on production. Reason being it installs a preset of hybris extensions which might or might not be needed for your requirements, also it might not be a allowed to use under the license you got.
However, when you start your development, you can use recipe to give your development a quick start. It generates the raw structure for your e-commerce application which you would need to customize and later deploy on your production.
how do you really set-up a project from scratch? Do you start with recipes, or do you start with ant modulegen?
Well, You can use any of those. If you are looking for difference, it has already been answered here
how I should build a B2C/B2B application from scratch and prepare for production?
For production hybris deployment procedure refer this.
NOTE :
a) recipe installation does more than what you can achieve using modulegen like complete installation, configuration and initialization for a running e-commerce example. I think once you go through above links, you will have a much better understanding on this.
b) When you go with recipe, it will install related extensions which you might not want to use or don't have production license for that. Please be considerate to review and disable such extensions,
Thanks
A few more points adding to the answer by www.hybriscx.com
Generally, the integrations in a recipe are mock integration e.g. payment integration as the purpose of a recipe is to provide a ready-to-use demo/reference application (store).
The data (catalog, users & password, usergroups, roles, promotions etc.) in a recipe are sample data. The same goes with the look-n-feel (logos, colour, layout etc.). Every business requires its specific data and look-n-feel.
The system configurations/properties (e.g. memory configuration, logging configuration etc.) may be optimised for the demo purpose but the production setup may require a different configuration. On the same line, configurations like hosts, ports, encryption etc. are general purpose configurations and a production environment may need to change them.
The database set up by a recipe is generally HSQLDB which is only good for development/demo.
How can I share components across multiple react projects without having to publish them on a public package manager like NPM?
Option 1: You can use npm and use private packages so they're not external facing. There are also artifactories and scoped packages that usually represent company-wide projects that can be public or private. See https://docs.npmjs.com/private-modules/intro and https://docs.npmjs.com/misc/scope.
Option 2: Essentially, you can develop projects with a flattened structure. You can then import various projects and/or components into other projects or folders. This is entirely dependent on your codebase and configuration. With this model though, a lot of times publishing to npm comes fairly naturally since each folder may be its own project with its own package.json.
Updated:
Option 3: Bit focuses on the composability of components from everything from the little things like a button to the actual view and app itself—each target is its own package. Overall, it's an opinionated, yet customizable framework that can enable quicker development, managed dependencies, and organized code.
Option 4: RushJS is a monorepo manager built by Microsoft that allows for flexibility of different kinds of apps and services utilizing pnpm underneath (as opposed to yarn and npm), which alleviates problems that stem from dependency issues.
Check out Bit:
Bit is an open-source cli tool for collaborating on isolated components across projects and repositories. Use Bit to distribute discrete components from a design library or a project into a standalone reusable package and utilize it across applications.
You could also upload them to a private git repo such a Github and then pull them in from there.
Ryanve has a nice example over here: https://stackoverflow.com/a/28729646/1592783
You could create a repo of shared components and then have your Node.js start script call a shell script to do a git pull from that repo and the move the shared components from that directory to your project's directory. That way, every time you call run 'npm start' you will have the latest version of the shared components loaded into your project
I am looking for a solution to implement security-scanning of the application code-base at the time of a build. The idea is to capture a list of security vulnerabilities early in the software development life cycle.
I have a simple java project which uses a maven build. The java project specifies a number of .jar dependencies and comes up with a .war file as a build output.
I came across (and was able to configure) the dependency-check maven plugin (http://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html). However, though it scans the dependency jars and comes up with a vulnerability report, it doesn't seem to scan the final artifact - which in my case is the .war file.
How do I ensure that the .war is scanned as well? Is the dependency-check plugin the right tool for this?
dependency-check isn't the right tool for checking your own code. It uses a list of known vulnerability reports to determine if any of your dependancies have known flaws. It does not do an active scan of the code. see Plugin wiki
For checking your own code, HP's Fortify is a decent commercial solution, but if you are working in more of a DIY software setting, I would recommend Sonar. There are certainly many static code analysis tools out there. All have advantages and disadvantages.
What are the correct steps to creating a bindings project for a Framework versus a library? (Yes, they are close to the same thing, but NOT the same, the framework is a directory structure with header files, library and resources). These are what I've come up with, note that none of the Framework specific steps are documented as far as I can tell at the Xamarin web site (please prove me wrong).
Create the bindings project via MonoDevelop wizard.
Generate the ApiDefinition.cs and StructsAndEnums.cs files with btouch or by hand.
Copy the file from the root of the framework directory to lib.a (e.g., ArcGIS to libArcGIS.a) and add it to the project. It is important to note that the file without any file extension in the framework directory is in fact a library file.
?? Include framework resources ??
You'll notice that I get foggy at the third step. How to you add these resources to the bindings project? The large part of the bindings project links and runs fine, but I think it crashes at times because it is missing an expected resource.
You must (a) create a C# contract that describes the Objective-C contracts and how you want your projection into C# to look like, and (b) statically distribute the library with your project.
To kick the automatic population of the linkwith.cs you must rename the framework library (for example MyFramework) to use the library pattern (in this case, "libMyFramework.a")
Resources you have to select and flag as resources, they will be bundled directly into your app, and extracted when the library is consumed.
I was going to try Subsonic, you can generate DAL with buildProvider element in an ASP.NET website project. But I get curious why Web applications or windows applications do not support BuildProvider.
PS: I know for Subsonic there is one other option to use it with other than BuildProvider, but I just get curious.
It doesn't work because of the different way things are compiled in web application projects vs. website projects. From what I read on MSDN, it has to do with the fact that in web app projects, all your code files are compiled into a single assembly using MSBuild before deployment, but Build Providers are used to generate code that is compiled at runtime (from your App_Code folder).
In website projects, all of your code is compiled at runtime so it all plays nicely together.
You could possibly hook it into your pre-build event, and call the sonic.exe with the proper command line.