Tasks that use jdeps analyzer #983
Conversation
Generate changelog in
|
|
I have not moved over the existing tasks to use the new analysis file yet. The file is useful on it's own if we want to make that a separate PR, or can do as part of this one. |
unfortunately, it doesn't list full path to dependency files, so is useless for determining other projects that deps came from. Committing purely so have record of how to do this should I come back to it.
also do some cleanup for task generation
The gradle APIs that use resolved items will be deprecated eventually. so best not to use them. This also reduces memory overhead.
Gradle task validation would fail if the directory already existed with the other annotation.
the classpath configuration has "runtime" varients for artifacts that allow it to look at classes directories rather than jars. This avoids errors because project-dependencies may not always have jars generated.
Now generates a stub output file so that downstream tasks don't bomb.
Looks like ABSOLUTE is relative to the root project
will merge in Analyzer to the task to avoid duplication
| @@ -58,6 +61,10 @@ gradlePlugin { | |||
| id = 'com.palantir.baseline-exact-dependencies' | |||
| implementationClass = 'com.palantir.baseline.plugins.BaselineExactDependencies' | |||
| } | |||
| baselineDependencyPluginv2 { | |||
| id = 'com.palantir.baseline-dependencies-v2' | |||
| implementationClass = 'com.palantir.baseline.plugins.BaselineDependencyPluginv2' | |||
There was a problem hiding this comment.
We should just replace it entirely if we have confidence it's good. If we have lower confidence we should take a gradle property to excavate it out rather than an entirely new task (this allows us to track adoption and easily excavate the changes).
| return report; | ||
| } | ||
|
|
||
| public static final class ReportContent { |
There was a problem hiding this comment.
I would use immutables here as it will build this class for you and handle the yaml dumping by generating the correct jackson classes as well, meaning we don't need snakeyaml.
| } | ||
|
|
||
| /** | ||
| * Dependencies that are declared in one of the given configurations but not used in byte code. This will only |
There was a problem hiding this comment.
Does it detect things like Class.forName(...) or other dynamic class loading?
| import org.slf4j.LoggerFactory; | ||
| import org.yaml.snakeyaml.Yaml; | ||
|
|
||
| public final class DependencyUtils { |
There was a problem hiding this comment.
I think most of these public classes should be package-private.
| } | ||
|
|
||
| static void writeDepReport(File file, DependencyAnalysisTask.ReportContent content) { | ||
| Yaml yaml = new Yaml(); |
There was a problem hiding this comment.
We should try to use jackson rather than snakeyaml here to be consistent with everything else that uses jackson.
| @@ -17,6 +17,9 @@ dependencies { | |||
| compile 'org.github.ngbinh.scalastyle:gradle-scalastyle-plugin_2.11' | |||
| implementation 'com.palantir.javaformat:palantir-java-format-spi' | |||
| implementation 'com.palantir.javaformat:gradle-palantir-java-format' | |||
| implementation 'com.paypal.digraph:digraph-parser' | |||
| implementation 'org.zeroturnaround:zt-exec' | |||
There was a problem hiding this comment.
We should avoid taking dependencies on extra stuff if it's not necessary. The java process API may be nasty but it's workable. Since we put everything into gradle buildscript internally there's great capacity to have breaking changes between gradle plugins wreak, especially from something as widely used as baseline.
| @@ -17,6 +17,9 @@ dependencies { | |||
| compile 'org.github.ngbinh.scalastyle:gradle-scalastyle-plugin_2.11' | |||
| implementation 'com.palantir.javaformat:palantir-java-format-spi' | |||
| implementation 'com.palantir.javaformat:gradle-palantir-java-format' | |||
| implementation 'com.paypal.digraph:digraph-parser' | |||
| implementation 'org.zeroturnaround:zt-exec' | |||
| implementation 'org.yaml:snakeyaml' | |||
There was a problem hiding this comment.
Can we avoid snakeyaml and use jackson everywhere?
| .getSourceSets(); | ||
|
|
||
| createTasksForSourceSet(project, sourceSets.getByName(SourceSet.MAIN_SOURCE_SET_NAME)); | ||
| createTasksForSourceSet(project, sourceSets.getByName(SourceSet.TEST_SOURCE_SET_NAME)); |
There was a problem hiding this comment.
What about people using custom integrationTest or integTest source sets?
There was a problem hiding this comment.
I guess we can perhaps just ignore them.
| t.getIgnored().add("javax.annotation:javax.annotation-api"); | ||
| //Projects may apply this in compileOnly to work around | ||
| //https://github.com/immutables/immutables/issues/291 | ||
| t.getIgnored().add("org.immutables:value::annotations"); |
There was a problem hiding this comment.
It might make sense to ignore all dependencies which are in compileOnly and also annotationProcessor as this happens to more libraries than just immutables, iirc.
correct for bug where jdeps doesn't report dependency if referenced class in same package as current class, even if it's in a different module.
|
This PR has been automatically marked as stale because it has not been touched in the last 14 days. If you'd like to keep it open, please leave a comment or add the 'long-lived' label, otherwise it'll be closed in 7 days. |
|
I think we may want to resuscitate this because the maven-dependency-analyzer can't parse bytecode produced by java13. |
|
This PR has been automatically marked as stale because it has not been touched in the last 14 days. If you'd like to keep it open, please leave a comment or add the 'long-lived' label, otherwise it'll be closed in 7 days. |
Before this PR
Maven dependency analyzer has several shortcomings, including those that lead to:
#847
#614
Plus, the current analyzer tasks cache everything which can lead to OoMs with large projects.
After this PR
==COMMIT_MSG==
New dependency analyzer yields cleaner results and tasks store output in files so better
caching and analysis can be reused for other purposes
==COMMIT_MSG==
Possible downsides?
Possibly slightly slower since don't cache contents of all jars across projects.