Re: Welcome Wiebke Pätzold as new committer!

2021-10-29 Thread Sharan F 
Congratulations and welcome Wiebke!

Thanks
Sharan

On Wed, 27 Oct 2021, 12:58 Aditya Sharma,  wrote:

> The OFBiz PMC has invited Wiebke to become a new committer and we are
> pleased to announce that she has accepted the nomination.
>
> Wiebke has been an active contributor to Apache OFBiz since February 2020,
> and has made some significant contributions on minilang migration. She has
> also been helping out Michael with Apache OFBiz blogs.
>
> Thank you Wiebke for your valuable contributions so far and congratulations
> for your new role!
>
> Welcome aboard!
>
> Thanks and Regards,
> Aditya Sharma
>

Re: Welcome Wiebke Pätzold as new committer!

2021-10-29 Thread Taher Alkhateeb 
Congratulations!

Re: Welcome Wiebke Pätzold as new committer!

2021-10-29 Thread Jacopo Cappellato 
Welcome Wiebke, congratulations and thank you!

Jacopo

On Wed, Oct 27, 2021 at 12:58 PM Aditya Sharma  wrote:
>
> The OFBiz PMC has invited Wiebke to become a new committer and we are
> pleased to announce that she has accepted the nomination.
>
> Wiebke has been an active contributor to Apache OFBiz since February 2020,
> and has made some significant contributions on minilang migration. She has
> also been helping out Michael with Apache OFBiz blogs.
>
> Thank you Wiebke for your valuable contributions so far and congratulations
> for your new role!
>
> Welcome aboard!
>
> Thanks and Regards,
> Aditya Sharma

[ANNOUNCE] Apache OFBiz 18.12.01 released

2021-10-29 Thread Jacopo Cappellato 
The Apache OFBiz community is pleased to announce the new release "Apache
OFBiz 18.12.01".

Apache OFBiz® is an open source product for the automation of enterprise
processes that includes framework components and business applications.

http://ofbiz.apache.org/

"Apache OFBiz 18.12.01" is the first release of the 18.12 series.

For more details of the changes introduced with this new version
please refer to http://ofbiz.apache.org/release-notes-18.12.01.html

The release file can be downloaded following the instructions in the OFBiz
download page:

http://ofbiz.apache.org/download.html

The OFBiz community.

Re: buildbot exception in on ofbizTrunkFramework

2021-10-29 Thread Jacques Le Roux 

Fixed with OFBIZ-12339, I'll now backport for security reason

Le 18/10/2021 à 09:37, Jacques Le Roux a écrit :

Hi,

This is related:
https://stackoverflow.com/questions/48524417/should-the-package-lock-json-file-be-added-to-gitignore#answer-48524475
https://github.com/srs/gradle-node-plugin/issues/307

I'll certainly create a Jira for that

Jacques

Le 17/10/2021 à 17:50, Jacques Le Roux a écrit :
Like for plugins, this is not an error of us. It works perfectly locally. But this error seems to re-appear too much on Buildbot. I'll create an 
INFRA ticket is necessary...


Task :npmInstall  npm WARN tarball tarball data for jquery-validation@1.19.3 
(sha512-yHaAqOGaAB7+p2u5lpzhhQVt3CBMUw3fHcuCJ7nXmXz0LWLHPN7yOhwnocp5nrn2SmnXR1jpV+whx2j1kLz1tQ==) seems to be corrupted. Trying one more time. npm 
WARN tarball tarball data for jquery-validation@1.19.3 
(sha512-yHaAqOGaAB7+p2u5lpzhhQVt3CBMUw3fHcuCJ7nXmXz0LWLHPN7yOhwnocp5nrn2SmnXR1jpV+whx2j1kLz1tQ==) seems to be corrupted. Trying one more time. npm 
ERR! code EINTEGRITY npm ERR! Verification failed while extracting jquery-validation@1.19.3: npm ERR! Verification failed while extracting 
jquery-validation@1.19.3: npm ERR! sha512-yHaAqOGaAB7+p2u5lpzhhQVt3CBMUw3fHcuCJ7nXmXz0LWLHPN7yOhwnocp5nrn2SmnXR1jpV+whx2j1kLz1tQ== integrity 
checksum failed when using sha512: wanted sha512-yHaAqOGaAB7+p2u5lpzhhQVt3CBMUw3fHcuCJ7nXmXz0LWLHPN7yOhwnocp5nrn2SmnXR1jpV+whx2j1kLz1tQ== but got 
sha512-iXxCS5W7STthSTMFX/NDZfWHBLbJ1behVK3eAgHXAV8/0vRa9M4tiqHvJMr39VGWHMGdlkhrtrkBuaL2UlE8yw==. (91416 bytes) npm ERR! A complete log of this run 
can be found in: npm ERR! /home/buildslave/.npm/_logs/2021-10-17T14_19_06_896Z-debug.log > Task :npmInstall FAILED


Le 17/10/2021 à 16:06, build...@apache.org a écrit :

The Buildbot has detected a build exception on builder ofbizTrunkFramework 
while building ofbiz-framework. Full details are available at:
https://ci.apache.org/builders/ofbizTrunkFramework/builds/2362

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'onTrunkFrameworkCommit' 
triggered this build
Build Source Stamp: [branch trunk] 2489381f7fc5b79bf3419a046e1316492b484a7f
Blamelist: Jacques Le Roux 

BUILD FAILED: exception build upload test-results part 1

Sincerely,
  -The Buildbot

Re: Welcome Wiebke Pätzold as new committer!

2021-10-29 Thread Jacques Le Roux 

Welcome aboard Wiebke,

Your work is much appreciated!

Jacques

Le 27/10/2021 à 12:57, Aditya Sharma a écrit :

The OFBiz PMC has invited Wiebke to become a new committer and we are
pleased to announce that she has accepted the nomination.

Wiebke has been an active contributor to Apache OFBiz since February 2020,
and has made some significant contributions on minilang migration. She has
also been helping out Michael with Apache OFBiz blogs.

Thank you Wiebke for your valuable contributions so far and congratulations
for your new role!

Welcome aboard!

Thanks and Regards,
Aditya Sharma

Re: Github PR actions'/events

2021-10-29 Thread Jacques Le Roux 

As I want to fix it, I need it active, sorry for that

Le 29/10/2021 à 14:09, Pierre Smits a écrit :

Jacques,

Though not an issue/concern for you personally, can we have this feature
disabled?

These failures may give a false impression to contributors submitting PRs.
Which can potentially lead to them wasting time chasing a non-issue, or
worse: get annoyed and leave the project.

Best regards,

Pierre

Op vr 29 okt. 2021 11:24 schreef Jacques Le Roux <
jacques.le.r...@les7arts.com>:


Please see the request change, I can't edit the file

Le 29/10/2021 à 11:15, Jacques Le Roux a écrit :

Hi Pierre,

Ah indeed:

https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true

That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds

fail due to unauthorized access to repo.spring.io/plugins-release"

It appears only when you clean the Gradle cache (can't reproduce locally

with a build after a clean). That's obviously a situation we get with GH

actions where all is new. I'm not sure yet it's the same situation with

Buildbot. I'll check that pushing your PR.

I'm not sure if this relates:

https://markmail.org/message/skxini7ytetn23ub or if it's a completely new
situation.

HTH

Jacques

Le 28/10/2021 à 19:24, Pierre Smits a écrit :


Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz 

since

2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

  1. CodeCL / Analyze (java) (pull_request)
  2. Java CI with Gradle / build (pull_request
  3. CodeCL / Analyse (javascript) (pull_request)
  4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?

Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it

does

not
prevent anything but itself):



https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true



https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning



https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan


AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the

base

branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer

Re: Github PR actions'/events

2021-10-29 Thread Pierre Smits 
Jacques,

Though not an issue/concern for you personally, can we have this feature
disabled?

These failures may give a false impression to contributors submitting PRs.
Which can potentially lead to them wasting time chasing a non-issue, or
worse: get annoyed and leave the project.

Best regards,

Pierre

Op vr 29 okt. 2021 11:24 schreef Jacques Le Roux <
jacques.le.r...@les7arts.com>:

> Please see the request change, I can't edit the file
>
> Le 29/10/2021 à 11:15, Jacques Le Roux a écrit :
> > Hi Pierre,
> >
> > Ah indeed:
> https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true
> >
> > That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds
> fail due to unauthorized access to repo.spring.io/plugins-release"
> >
> > It appears only when you clean the Gradle cache (can't reproduce locally
> with a build after a clean). That's obviously a situation we get with GH
> > actions where all is new. I'm not sure yet it's the same situation with
> Buildbot. I'll check that pushing your PR.
> >
> > I'm not sure if this relates:
> https://markmail.org/message/skxini7ytetn23ub or if it's a completely new
> situation.
> >
> > HTH
> >
> > Jacques
> >
> > Le 28/10/2021 à 19:24, Pierre Smits a écrit :
> >
> >> Hi Jacques,
> >>
> >> Everything is going well?
> >>
> >> As an example: https://github.com/apache/ofbiz-framework/pull/323
> >>
> >> Met vriendelijke groet,
> >>
> >> Pierre Smits
> >> *Proud* *contributor** of* Apache OFBiz 
> since
> >> 2008 (without privileges)
> >>
> >> *Apache Directory , PMC Member*
> >> Apache Incubator , committer
> >> Apache Steve , committer
> >>
> >>
> >> On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
> >> jacques.le.r...@les7arts.com> wrote:
> >>
> >>> Pierre,
> >>>
> >>> Inline...
> >>>
> >>> Le 28/10/2021 à 13:41, Pierre Smits a écrit :
>  When posting a PR to the GitHub repo, following events are triggered:
> 
>   1. CodeCL / Analyze (java) (pull_request)
>   2. Java CI with Gradle / build (pull_request
>   3. CodeCL / Analyse (javascript) (pull_request)
>   4. etc.
> 
>  Of the actions/events listed, #1 and #2 fail.
> 
>  Is this something that is configurable?
> >>> Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
> >>> data. I'm not yet sure how to handle that (not a priority to me, it
> does
> >>> not
> >>> prevent anything but itself):
> >>>
> >>>
> https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true
> >>>
> >>>
> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
> >>>
> >>>
> https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan
> >>>
> >>>
> >>> AFAIK we have no issue with your option 2. Have you an example?
> >>>
> >>> Jacques
> >>>
>  It seems to me that this should not happen when:
>  a. the change is only in an xml file
>  b. the pull request has no conflicts with the base branche (and the
> base
>  branch should always build, right?)
> 
>  Can this be looked into?
> 
> 
> 
>  Met vriendelijke groet,
> 
>  Pierre Smits
>  *Proud* *contributor** of* Apache OFBiz
> >>> since
>  2008 (without privileges)
> 
>  *Apache Directory, PMC Member*
>  Apache Incubator, committer
>  Apache Steve, committer
> >
>

Re: Github PR actions'/events

2021-10-29 Thread Jacques Le Roux 

Please see the request change, I can't edit the file

Le 29/10/2021 à 11:15, Jacques Le Roux a écrit :

Hi Pierre,

Ah indeed: 
https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true

That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds fail due to 
unauthorized access to repo.spring.io/plugins-release"

It appears only when you clean the Gradle cache (can't reproduce locally with a build after a clean). That's obviously a situation we get with GH 
actions where all is new. I'm not sure yet it's the same situation with Buildbot. I'll check that pushing your PR.


I'm not sure if this relates: https://markmail.org/message/skxini7ytetn23ub or 
if it's a completely new situation.

HTH

Jacques

Le 28/10/2021 à 19:24, Pierre Smits a écrit :


Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

 1. CodeCL / Analyze (java) (pull_request)
 2. Java CI with Gradle / build (pull_request
 3. CodeCL / Analyse (javascript) (pull_request)
 4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?

Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it does
not
prevent anything but itself):

https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning

https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan 



AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the base
branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer

Re: Github PR actions'/events

2021-10-29 Thread Jacques Le Roux 

Hi Pierre,

Ah indeed: 
https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true

That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds fail due to 
unauthorized access to repo.spring.io/plugins-release"

It appears only when you clean the Gradle cache (can't reproduce locally with a build after a clean). That's obviously a situation we get with GH 
actions where all is new. I'm not sure yet it's the same situation with Buildbot. I'll check that pushing your PR.


I'm not sure if this relates: https://markmail.org/message/skxini7ytetn23ub or 
if it's a completely new situation.

HTH

Jacques

Le 28/10/2021 à 19:24, Pierre Smits a écrit :


Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

 1. CodeCL / Analyze (java) (pull_request)
 2. Java CI with Gradle / build (pull_request
 3. CodeCL / Analyse (javascript) (pull_request)
 4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?

Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it does
not
prevent anything but itself):

https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning

https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan

AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the base
branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer