Introduce a Gradle inspector #6782
Conversation
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
from
56e44b5
to
43fc935
Compare
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## main #6782 +/- ##
=========================================
Coverage 64.62% 64.62%
Complexity 1955 1955
=========================================
Files 322 322
Lines 16166 16166
Branches 2296 2296
=========================================
Hits 10448 10448
Misses 4726 4726
Partials 992 992
Flags with carried forward coverage won't be shown. Click here to find out more. Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
6 times, most recently
from
bb11b17
to
3b2c3ae
Compare
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
from
3b2c3ae
to
b550764
Compare
This is a fixup for 38db2a5. Signed-off-by: Sebastian Schuberth <[email protected]>
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
from
b550764
to
909400a
Compare
|
PS: There are no tests in here, as my original goal was to reuse the existing Gradle tests, but that turned out to be more complicated than I thought. Partly, because the GradleInspector yields more complete results. |
plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
Show resolved
Hide resolved
plugins/package-managers/gradle-plugin/src/main/kotlin/MavenModelExtensions.kt
Outdated
Show resolved
Hide resolved
plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
Show resolved
Hide resolved
plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
Show resolved
Hide resolved
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
from
909400a
to
a75e54c
Compare
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
from
a75e54c
to
c96d8b4
Compare
Start a novel approach based on a stand-alone Gradle plugin (written in Kotlin) to analyze Gradle projects. The goal is to address shortcomings of the current implementation: - The `init.gradle` script cannot be debugged (only `buildSrc` and stand-alone plugins can [1]). - The dynamically typed Groovy code is hard to maintain. - Analysis of modern Android apps throws exceptions due to ambiguous configuration / variant selection. - Binary artifacts are unnecessarily resolved. - Maven is used to resolve metadata about artifacts, imitating Gradle's resolution logic / repositories to query. At this stage the analysis only builds up the dependency tree to limit the complexity of this initial implementation. Parsing of package metadata will be added in follow-up changes. Also, the new `GradleInspector` plugin is disabled by default for now to not interfere with the existing `Gradle` plugin. Resolves #6158. [1]: https://docs.gradle.org/current/userguide/troubleshooting.html#sec:troubleshooting_build_logic Signed-off-by: Sebastian Schuberth <[email protected]>
Explicitly resolve parent POMs to ensure they are available as XML files in the Gradle cache. Based on that, build the effective POMs for all dependencies in order to parse package metadata from them. As the POMs are retrieved from the Gradle cache, no download via Maven is involved. Note that the Maven-model-specific code is mostly based on code from `MavenSupport`, adjusted to work with slightly different classes. Signed-off-by: Sebastian Schuberth <[email protected]>
Create remote artifacts based on the POM URLs. The hashes for the artifacts are retrieved from the respective accompanying text files, without downloading the artifact itself. Note that this approach will fail for private Maven repository even if Gradle is configured with the credentials, as this download happens directly via OkHttp. Signed-off-by: Sebastian Schuberth <[email protected]>
…tions For these configurations often Gradle itself has resolution failures. As their sole purpose is to describe the dependencies that are compiled into an Android app, just ignore them as that is what ORT itself analyzes. Signed-off-by: Sebastian Schuberth <[email protected]>
sschuberth
force-pushed
the
gradle-inspector-model-builder
branch
from
c96d8b4
to
3448b81
Compare
plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
Show resolved
Hide resolved
plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
Show resolved
Hide resolved
plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt
Show resolved
Hide resolved
plugins/package-managers/gradle-plugin/src/main/kotlin/OrtModelBuilder.kt
Show resolved
Hide resolved
| val isDeprecatedConfiguration = GradleVersion.current() >= GradleVersion.version("6.0") | ||
| && this is DeprecatableConfiguration && resolutionAlternatives != null | ||
|
|
||
| return canBeResolved && !isDeprecatedConfiguration |
There was a problem hiding this comment.
Am I right with assuming that a deprecated configuration is not resolvable?
There was a problem hiding this comment.
No, deprecated configurations are resolvable. That's why they need to be filtered out explicitly.
There was a problem hiding this comment.
I got this hint from the function name, do you agree function name is mis-leading?
There was a problem hiding this comment.
Yes, I can see how to miss the notion between "canBeResolved" and "isResolvable". I'm open for proposals for better names for the extension function. Maybe "shouldResolve", "isAccepted" or "isEligible"?
There was a problem hiding this comment.
I think I'll go for "isRelevent" for now, also in context of a minor refactoring.
There was a problem hiding this comment.
Hm, my only idea is shouldBeIgnored() which I'm not sure if I like.
Maybe separate functions could do. project.configurations.filter { it.isResolvable() && !it.isDeprecated() }
I believe shouldResolve() would make it clearer to me compared to the current code.
There was a problem hiding this comment.
Maybe while at it, a comment could be added explaining why deprecated configurations are ignored.
There was a problem hiding this comment.
why deprecated configurations are ignored.
Isn't that obvious? Because the are deprecated (in favor of another configuration).
There was a problem hiding this comment.
Isn't that obvious? Because the are deprecated (in favor of another configuration).
Does the deprecation imply that the build script is not using that configuration to define it's dependencies?
Or could the build script still use deprecated configs?
There was a problem hiding this comment.
I cannot answer these questions fully. In any case, please note that ignoring deprecated configurations with alternatives is already done in the "legacy" Gradle analyzer (and was not introduced by myself), so it's not a new thing.
To my understanding deprecated configurations are a thing Gradle introduced mainly for itself (i.e. not for authors of build files) to deprecated its own "compile" and "runtime" configurations, see gradle/gradle#8585. Deprecated configurations without alternatives would still get resolved, but deprecated configurations with alternatives would not get resolved.
Please have a look at the individual commit messages for the details.