search

Fraunhofer-AISEC / cpg

A library to extract Code Property Graphs from C/C++, Java, Go, Python, Ruby and every other language through LLVM-IR.
https://fraunhofer-aisec.github.io/cpg/
Apache License 2.0
246 stars 59 forks source link

Trying to use a release-independent repository for CDT #1522

Open oxisto opened 1 month ago

oxisto commented 1 month ago

This is some rather ugly workaround in our ivy repository layout, but it should work for all future releases.

sonarcloud[bot] commented 1 month ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

oxisto commented 1 month ago

Could you provide a description where the benefits (or drawbacks) are compared to the previous way we included the CDT? I only have a slight idea that we will have to update version in the new repo but users are now always getting the one we specify there.

Previously, users needed to adjust their "repository" in their gradle configuration if we updated CDT because the repository URL contained the CDT version (see https://github.com/Fraunhofer-AISEC/codyze/pull/791/files). We only reserved this for major versions of the CPG for now

With this new approach the repository URL stays the same and we can update the CDT version also in a minor version.

The drawback is, that is a little bit hacky because we have now a URL path in the name of the dependency, but gradle doesn't seem to mind 🤷 I don't know if maven central could potentially have a problem with it.

oxisto commented 3 weeks ago

We should probably reserve this for release v9