adds an (experimental hence the x- prefix: x-dot-webpage) reporter that takes the output from the dot reporter, pulls it through the graphviz dot command installed on your system and wraps its output in the same html depcruise-wrap-stream-in-html would.
small refactoring so code depcruise-wrap-stream-in-html and this reporter share is indeed shared and not duplicated.
Motivation and Context
A reporter like this is more convenient than having to pipe dependency-cruiser's dot output through graphviz and through the html wrapper.
It also has drawbacks, which up till now held us back from implementing such a reporter:
running dot means spawning a child process, which has security implications. This PR addresses some of these, but cannot address all of them (i.e. what if there's a malicious version of the dot on the system this is run on? Not something that can be practically addressed, and maybe not something to worry about from our point as when a system is compromised like that there's other things wrong anyway). However, dependency-cruiser already spawns child processes anyway (to get the git diff it bases its cache-dirty algorithm on) in the same safe way.
the dot command might not be available or be available but do something else altogether. Both situations have been handled in this PR, but it will still be a likely cause for support requests.
if dot takes a long time to finish or crashes (which it sometimes does) this might get reported as dependency-cruiser issue more likely then when it is clearly run as an external program.
This is why we'll keep it as an experimental and only sparsely documented feature until we've solved the above issues or we're convinced their impact is more limited than we believed.
How Has This Been Tested?
[x] green ci
[x] additional automated non-regression tests
Types of changes
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] Documentation only change
[x] Refactor (non-breaking change which fixes an issue without changing functionality)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
Checklist
[x] :book:
My change doesn't require a documentation update, or ...
it does and I have updated it
[x] :balance_scale:
The contribution will be subject to The MIT license, and I'm OK with that.
Description
graphviz dot
command installed on your system and wraps its output in the same html depcruise-wrap-stream-in-html would.Motivation and Context
A reporter like this is more convenient than having to pipe dependency-cruiser's dot output through graphviz and through the html wrapper.
It also has drawbacks, which up till now held us back from implementing such a reporter:
dot
means spawning a child process, which has security implications. This PR addresses some of these, but cannot address all of them (i.e. what if there's a malicious version of the dot on the system this is run on? Not something that can be practically addressed, and maybe not something to worry about from our point as when a system is compromised like that there's other things wrong anyway). However, dependency-cruiser already spawns child processes anyway (to get the git diff it bases its cache-dirty algorithm on) in the same safe way.dot
command might not be available or be available but do something else altogether. Both situations have been handled in this PR, but it will still be a likely cause for support requests.dot
takes a long time to finish or crashes (which it sometimes does) this might get reported as dependency-cruiser issue more likely then when it is clearly run as an external program.This is why we'll keep it as an experimental and only sparsely documented feature until we've solved the above issues or we're convinced their impact is more limited than we believed.
How Has This Been Tested?
Types of changes
Checklist
[x] :book:
[x] :balance_scale: