New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrite javascript #221
Rewrite javascript #221
Conversation
@Vampire |
Only partly. And imho it is not an acceptable regression. And besides that it looks ugly and does not work properly, it will also cause false-positives reported about dependency check itself, as people will report that the report looks ugly or something does not work, because they only look at it from SQ. |
Hi @Vampire, |
Now working it's working with iframe. CSS and JavaScript works without problems in an iframe. |
03d48a0
to
f7f9497
Compare
Hello, Another things, doing a request in a componentDidMount is not a good idea ... except if you have a component that never dismount (seems to be you'r case) . And because I see it in an exception, instead of Else, if you need help with js, I can help . (just I'm not an expert to build / install java projects) |
Hi @thib3113,
I have no idea what you mean?
That logic is based on VersionsMeasuresHistoryApp.js line 33 and api.js line 47.
I'll check this.
I need help with JavaScript. Take a additional look into #217. In general I liked the development with the npm proxy server. Take a look into sonar-custom-plugin-example how to use it. The build of the final JavaScript file with yarn in maven is a good and optimized. |
f7f9497
to
375bfaa
Compare
In fact, react-scripts, is a dependency, that come with all dependencies to build a react project ( so babel version X.X.X, with plugins version X.X.X ), ejecting react-scripts, allow you to customize the build process, but you need to update all the version manually (and some time, last version of babel, doesn't work with last version of plugins ... and you need to try lot of times to find the good versions ... react-scripts solve that) (on a projet, I eject react-scripts to use less instead of sass ... Finally, converting all the project to sass is really better than managing dependencies manually) About this, you can install some bots on the github repo (like greenkeeper, or dependabot something like that), that will run a CI to update npm dependencies (and adding a CI test, that just try to build the project to start)
Ok ... So, if you are loading data, and the component is dismount before the end of the loading, you will call So, it's a bad pratice, but it is really important for this little part ?
Yes, I saw it, and that's because I've add a comment here . What did you need to do ? In my opinion, doing a custom page, generated from data coming from dependency check (so reading the dependency-check.json), is better than showing an iframe (but more work) . First, in general, iframe is not a good option (security, headers, proxy ... ), |
So I've done some search :
|
Thanks for doing some search.
I doesn't like iframes either. This plugin uploads a complete HTML-Page via a very hacky way with all compnents (pictures, css and javascript) to Sonarqube. This HTML-Page isn't generated by this plugin, nor I can't exclude that another processes manipulate the HTML page after dependency-check and this SonarQube plugin. An iframe is a very secure way to separate the HTML page and sonarqube. At the moment iframes are not blocked by SonarQube. because of that, I'll follow the way to serve the HTML within an iframe.
I know of no way to store a file on SonarQubes filesystem. I think a filesystem is much more complicated than a database in a cluster setup for sharing information exchange.
We can build a second custom page, generated from data coming from dependency check. At the moment you have the generated issues and some metrics.
At the moment. I have one big issue. The iframe has a static size 720px. Maybe you know a way, to make the size dynamic. |
hum, you need to "dismount" the component before the end of the
Yes, I understand ... A way to do this can be to use object storage or something like that, but huge modifs, and sonarqube maybe doesn't integrate it, if they doesn't need it . Else, if I remember, you use SQL to store this, can you create a custom table, with html stored as blob ? And delete the old html ? (can we access previous html report ?) (but this pull request is maybe not the place to discuss about it) .
I doesn't really know the widgets for sonarqube (I'm not using sonarqube for a long time). My idea, is just to do something more "simple" than the dependency check html page, for node.js for example, I'm not sure showing the list of files is really helpful (instead of showing the dependencies) (I think java show only .jar files, so with java, it's not really a problem to show each files) .
I never use the flex ... So maybe with css, but doesn't know .
Yes, But I know some vulnerabilities are present with iframe, or proxy can't block some iframe, or things like that ... ( and on a story, firefox block the iframe too, and you need to use the same scheme to call the iframe, else mixed content can produce error too .. ) . ( but it's an hacky way, so need to do the best ) |
f1f54ae
to
5f457c5
Compare
Kudos, SonarCloud Quality Gate passed! 0 Bugs |
Hi @thib3113, Even with a slow connection (2G) I was not able to see the warning. As long as the data isn't loaded, the spinner is displayed.
Plugins doesn't have direct access to SonarQube-DB. It's only possible to add content via API calls. Also thanks to @Vampire for your input. |
Just tried the latest |
This rewrite should fix several issues.