CodeNarc Maven Plugin - groovy

We have a project that uses Groovy extensively and we use Maven to build our artifacts. (IntelliJ as our IDE)
We wanted to incorporate some automated code-style checking, and thought we might use codecarc-maven-plugin. However, since that was from Codehaus, which gone now, is the plugin actively supported somewhere else?
Any other good options to run a Groovy style checker automatically during a Maven build?

That's a good catch. I'll add a pull request to update the website link. You can find the new plugin information on GitHub: https://github.com/gleclaire/codenarc-maven-plugin

Related

Errbot: How can I import one plugin from another

In this case I have a simple JIRA plugin, I'd like to create another plugin that also interacts with JIRA via the first plugin. I have been trying variations of errbot.plugin_manager.get_plugin_obj_by_name('jira') but I haven't found the right way to do this.
You are in luck, it just got implemented in the 4.3.0 version released yesterday:
Basically you need to declare the dependency in the .plug with DependsOn in the [Core] section then you can get the plugin object you depend on with self.get_plugin('pluginName').
https://github.com/errbotio/errbot/blob/master/docs/user_guide/plugin_development/dependencies.rst

dependency-check for application code

I am looking for a solution to implement security-scanning of the application code-base at the time of a build. The idea is to capture a list of security vulnerabilities early in the software development life cycle.
I have a simple java project which uses a maven build. The java project specifies a number of .jar dependencies and comes up with a .war file as a build output.
I came across (and was able to configure) the dependency-check maven plugin (http://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html). However, though it scans the dependency jars and comes up with a vulnerability report, it doesn't seem to scan the final artifact - which in my case is the .war file.
How do I ensure that the .war is scanned as well? Is the dependency-check plugin the right tool for this?
dependency-check isn't the right tool for checking your own code. It uses a list of known vulnerability reports to determine if any of your dependancies have known flaws. It does not do an active scan of the code. see Plugin wiki
For checking your own code, HP's Fortify is a decent commercial solution, but if you are working in more of a DIY software setting, I would recommend Sonar. There are certainly many static code analysis tools out there. All have advantages and disadvantages.

Downloading Dependences From Private Amazon S3 Repository with Gradle

I am looking to add Groovy support to an existing java project so that I can seemlessly compile mixed Java and Groovy code using invokedynamic so that I can get Java-like execution speed without needing to waste excessive amounts of time with verbose Java syntax
After reading that the gmaven plugin no longer supports compilation -and that the groovy eclipse compiler plugin doesn't yet support invokedynamic, I asked myself, why would I want to continue using Maven if it compiles Groovy code that is needlessly slow?
Consequently, I decided I would try scrapping maven for Gradle so that I could obtain faster code while also porting some python deployment scripts to Gradle tasks so as to only need one codebase.
I have some libraries stored on a simple password protected s3 maven repository (in order to avoid needing enterprise overkill like artifactory). After doing some basic research, I have found that Gradle has no built in support for adding in custom dependency management as determined by this stack overlow question and this support forums post.
I did manage to find a s3 plugin for gradle -but it doesn't deal with management of dependencies.
If the whole point of Gradle is to be more flexible than Maven and if the core purpose of a dependency management/ build system is to effectively manage dependencies from a variety of sources-then lack of support for custom repositories appears to be a fairly significant significant design flaw which makes any issues I have encounted with Maven thus far pale in comparison.
However, it is quite possible that I am missing something, and I have already invested several hours learning Gradle -so I figured I would see if there is some reasonable way to emulate dependency management for these s3 dependencies until Gradle developers fix this critical issue. Otherwise I will have to conclude that I am better off just using Maven and tolerating slower Groovy code until the compiler plugin supports invokedynamic.
Basically I need a solution that does the following:
Downloads dependencies and transitive dependencies to the gradle cache
Doesn't require me to hardcode the path to the gradle cache -so that my build script is platform independent.
Doesn't download the dependencies again if they are already in the cache.
Works with a multi-module project.
However, I cannot find anything in the documentation that would even give me a clue as to where to begin:
Gradle 2.4 has native support for S3 repositories. Both downloading dependencies and publishing artifacts.
To download with IAM credentials (paraphrased from the link above):
repositories {
maven {
url "s3://someS3Bucket/path/to/repo/root"
credentials(AwsCredentials) {
accessKey 'access key'
secretKey 'secret key'
}
}
}
Then specify your dependencies as usual.
You don't need any custom repository support to make this work. Just declare a maven repository with the correct URL. If the repository works when used from Maven, it will also work with Gradle. (Uploading may be a different matter.)
You can use S3 and http
repositories {
mavenCentral()
ivy {
url "https://s3-eu-west-1.amazonaws.com/my-bucket"
layout "pattern", {
artifact "[artifact]-[revision].[ext]"
m2compatible = true
}
}
}
Name the jar in S3 to name-rev.jar (joda-time-3.2.jar) in my-bucket.
Also upload a pom file.
And in S3 give all permission to Download the jar and pom.

How can I enable Groovy plugin features in my eclipse plugin?

I am writing an eclipse plugin which needs to support features from the Groovy eclipse plugin.
The Groovy website talks about Groovy eclipse plugins, and Groovy compiler support within eclipse and maven, but I did not find anything similar to what I need to do here.
If I look at the list of available plugin dependencies, I see a number of them:
How can I enable some discovery mechanism or otherwise, in order to install the Groovy plugin after the installation of my plugin completes?
Which plugin can I add as dependency to achieve this? Or should I have to individually add all of them?
If you want to add single plug-ins you can easily do that in the Manifest-Editor of your plug-in. If you need to add a dependency to a feature, you need to create a feature for your own plug-in and add the additional feature dependency in the feature-Editor.
To find out which groovy plug-ins are required to add the "groovy compiler support", I suppose you must rather look at the groovy features in your installation. Usually complex features like a compiler or the like are grouped within a feature.
Add on:
I think the discovery mechanism is already integrated in p2.
I suppose these plug-ins are part of a feature. Find this feature and add that to your product.
For stability I would recommend to add the specific plug-ins to your product/feature. That way you can be sure, people are using the exact version you proposed in your implmentation.

Primefaces Fileupload Patch

I have the same problem as the guy in this post.
Can you help me apply the patch from here
I have no idea if that solves it, but I will try if you can tell me how to apply a patch :-)
PrimeFaces uses Apache Subversion (SVN) as code repository. It's available here. If you configure your development tool to connect to this code repository (e.g. Eclipse has a Subclipse plugin for this), then you can hook on it, download the entire project, apply the patch yourself and then rebuild the project into a JAR file yourself.
This should be pretty straightforward if you're already familiar with code repositories like CVS, Git, Mercurial, etc. An alternative is to wait for them to release a new version so that you can just download the ready-to-use JAR from their side.

Resources