-
Notifications
You must be signed in to change notification settings - Fork 843
SOLR-18302: dependency-analysis (DAGP) — reporting + build hygiene #4612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
b141b26
20067c9
36c511e
2f4d945
887024a
58daa19
4ec95d8
5fad282
20b18dc
ec59def
4b36ac9
734bd88
4429175
43aced0
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc | ||
|
|
||
| title: > | ||
| Add dependency-analysis (build-health) reporting to the Gradle build in report-not-fail mode, | ||
| and apply its safe advice (unused-dependency removals and test-scope corrections) | ||
| type: other | ||
| authors: | ||
| - name: Serhiy Bzhezytskyy | ||
| links: | ||
| - name: SOLR-18302 | ||
| url: https://issues.apache.org/jira/browse/SOLR-18302 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -112,8 +112,14 @@ allprojects { | |
| // Resolve and update locks only if --write-locks explicitly included | ||
| // This may not be the case where this task is added as a dependency, like for "dependencies" task | ||
| project.configurations.findAll { | ||
| // Add any custom filtering on the configurations to be resolved | ||
| it.canBeResolved | ||
| // Add any custom filtering on the configurations to be resolved. | ||
| // Skip the dependency-analysis plugin's synthetic configurations (marked with "dagp.*" | ||
| // attributes); they are not meant to be resolved and would fail lock-file generation. | ||
| // Skip spotless's own tool-resolution configurations; their formatter dependencies | ||
| // don't belong in the project's dependency lock files. | ||
| it.canBeResolved && | ||
| !it.attributes.keySet().any {attr -> attr.name.startsWith("dagp.")} && | ||
| !it.name.startsWith("spotless") | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. CC @malliaridis you might want to know about this line I added to get unstable spotless configuration noise out of the lockfile |
||
| }.each {it.resolve()} | ||
| } | ||
| } | ||
|
|
||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @malliaridis this PR and another I have will add more Kotlin formatted build files. Our |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| /* | ||
| * Licensed to the Apache Software Foundation (ASF) under one or more | ||
| * contributor license agreements. See the NOTICE file distributed with | ||
| * this work for additional information regarding copyright ownership. | ||
| * The ASF licenses this file to You under the Apache License, Version 2.0 | ||
| * (the "License"); you may not use this file except in compliance with | ||
| * the License. You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| import com.autonomousapps.DependencyAnalysisExtension | ||
|
|
||
| // See dev-docs/gradle-help/dependencies.txt | ||
|
|
||
| // Opt-in only: not wired into "check", since the advice needs human judgment | ||
| tasks.register("analyzeDependencies") { | ||
| group = "verification" | ||
| description = | ||
| "Reports dependency-analysis (DAGP) advice: unused/undeclared/misconfigured dependencies." | ||
| dependsOn(tasks.named("buildHealth")) // non-obvious name | ||
| } | ||
|
|
||
| configure<DependencyAnalysisExtension> { | ||
| issues { | ||
| project(":solr:ui") { | ||
| onUnusedDependencies { | ||
| severity("ignore") | ||
| } | ||
| onUsedTransitiveDependencies { | ||
| severity("ignore") | ||
| } | ||
| onIncorrectConfiguration { | ||
| severity("ignore") | ||
| } | ||
| } | ||
|
|
||
| project(":solr:solrj-jetty") { | ||
| onUnusedDependencies { | ||
| exclude(":solr:solrj") | ||
| } | ||
| } | ||
|
|
||
| project(":solr:modules:jwt-auth") { | ||
| onDuplicateClassWarnings { | ||
| severity("ignore") | ||
| } | ||
| } | ||
|
|
||
| all { | ||
| // Report advice as warnings rather than failing the build: several categories | ||
| // (api-vs-implementation promotions, some test-scope changes) need case-by-case | ||
| // human judgment. | ||
| onAny { | ||
| severity("warn") | ||
| } | ||
| onUnusedDependencies { | ||
| exclude( | ||
| "org.jspecify:jspecify", | ||
| "com.google.code.findbugs:jsr305", | ||
| "com.google.errorprone:error_prone_annotations", | ||
| ) | ||
| } | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect you are using AI to create these files, and that AI is not using the Gradle tasks we've built & documented (including AGENTS.md) to create them. I can tell because the file doesn't match the pattern that tool creates. Same with your GJF upgrade. Not a problem but...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, checking...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, fair — I did hand-create these rather than run writeChangelog. I'll regenerate them with the task so they match.