Open oxisto opened 1 month ago
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
Could you provide a description where the benefits (or drawbacks) are compared to the previous way we included the CDT? I only have a slight idea that we will have to update version in the new repo but users are now always getting the one we specify there.
Previously, users needed to adjust their "repository" in their gradle configuration if we updated CDT because the repository URL contained the CDT version (see https://github.com/Fraunhofer-AISEC/codyze/pull/791/files). We only reserved this for major versions of the CPG for now
With this new approach the repository URL stays the same and we can update the CDT version also in a minor version.
The drawback is, that is a little bit hacky because we have now a URL path in the name of the dependency, but gradle doesn't seem to mind 🤷 I don't know if maven central could potentially have a problem with it.
We should probably reserve this for release v9
This is some rather ugly workaround in our ivy repository layout, but it should work for all future releases.