Hello,
I am trying to modify the Gradle ODC plugin in order to meet our needs. These modifications are very general and it seems to be a good idea to create a pull request for them. I just want to add some configuration options. (Those options are available for Maven, but not for Gradle.)
In order to create a good pull request, I'd like to ask some questions.
1. Some default values are duplicated in src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy. This is suboptimal unless you are overriding something (e.g. outputDirectory). When I started writing the modifications, I used a null-based approach: When there is a null value, I suppose that the user wants the default one. This eliminates duplicated default values, but it introduces some edge cases (e.g. user can't read the default value in the config file). Another approach would be reading the default values through Settings (from dependencycheck.properties file), but this is not so easy, as Settings is thread-local.
a. Duplicated default values are OK.
b. Null approach is OK.
c. We should read the default values from Settings. (I think that this approach is the most clear one.)
2. Copying from DependencyCheckConfigurationExtension to Settings is rather complex and would be even more complex if we add either null handling or default values fetch. This would be OK for few properties, but for more properties, it might be better to do it declaratively, e.g. def settingsKeyMapping = [[Settings.KEYS.PROXY_SERVER, "proxyServer"], [Settings.KEYS.PROXY_PORT, "proxyPort"], …]. Maybe we would need to write some manual code for few of them.
3. Depth of configuration. Not sure how to describe it, but following example will probably clarify what I mean:
current state:
dependencyCheck{
proxyServer = "127.0.0.1"
proxyPort = 1234
}
suggested state:
dependencyCheck{
proxy{
server = "127.0.0.1"
port = 1234
}
}
Which one looks better for you?
We can preserve backward compatibility by writing some legacy getters/setters.
Regards,
Vít Šesták 'v6ak'