Feat/support gradle root deps #116
Conversation
…ssas/fossa-cli into feat/support-gradle-root-deps * 'feat/support-gradle-root-deps' of https://github.com/fossas/fossa-cli: chore: Add TODOs, ignore third_party in autoconfig Various improvements to install.sh (#109)
docs/integrations/gradle.md
Outdated
|
|
||
| ### Analysis | ||
| If you'd like to help us improve our Gradle integration, we have |
docs/integrations/gradle.md
Outdated
|
|
||
| Analysis will support any tasks you can run `:dependendencies` on with the "compile" configuration. This is equivalent to `gradle app:dependencies --configuration=compile`. | ||
| 1. Support multiple independent "root" Gradle builds that may be segregated in a codebase |
There was a problem hiding this comment.
These should probably also be tracked as issues, tagged with help wanted.
docs/integrations/gradle.md
Outdated
| @@ -11,24 +11,103 @@ Gradle support in FOSSA CLI depends on the following tools existing in your envi | |||
|
|
|||
| ### Automatic Configuration | |||
|
|
|||
| When running `fossa init`, FOSSA will look for a root Gradle build (`build.gradle`) and interrogate it for build-able tasks. From there, it will write module configurations into your `.fossa.yml` for every task that supports a `:dependency` sub-task. | |||
| An average Gradle build, there are often hundreds of configuration paths that can influence what dependencies are included. In order to determine what tasks and configurations you care about, `fossa` will attempt a "best-effort" strategy during `fossa init` to discover the most likely configuration for a production-build scenario. | |||
docs/integrations/gradle.md
Outdated
| When running `fossa init`, FOSSA executes the following steps: | ||
|
|
||
| 1. Look for a root Gradle build (`build.gradle`) | ||
| 2. Run and parse the output of `gradle tasks --all -q -a --offline` to seek all available sub-tasks that support a `:dependencies` command |
docs/integrations/gradle.md
Outdated
| @@ -11,24 +11,103 @@ Gradle support in FOSSA CLI depends on the following tools existing in your envi | |||
|
|
|||
| ### Automatic Configuration | |||
|
|
|||
| When running `fossa init`, FOSSA will look for a root Gradle build (`build.gradle`) and interrogate it for build-able tasks. From there, it will write module configurations into your `.fossa.yml` for every task that supports a `:dependency` sub-task. | |||
| An average Gradle build, there are often hundreds of configuration paths that can influence what dependencies are included. In order to determine what tasks and configurations you care about, `fossa` will attempt a "best-effort" strategy during `fossa init` to discover the most likely configuration for a production-build scenario. | |||
There was a problem hiding this comment.
This is all kind of just marketing noise. I'd remove it.
docs/integrations/gradle.md
Outdated
|
|
||
| - `task` - the name of the task/subtask used to generate your build (most often this is `app` or empty `` for root) | ||
| - `configuration` - the configuration your task runs during a production build (if undefined, defaults to `compile`) | ||
| - `path` - path to your `*.gradle` build file (usually this is just `build.gradle`) |
There was a problem hiding this comment.
Relative or absolute? Either? If relative, relative to what?
| taskConfiguration = moduleConfigurationKey[1] | ||
| } | ||
|
|
||
| // TODO: We need to let the user configure the right configurations | ||
| // NOTE: we are intentionally using exec.Command over runLogged here, due to path issues with defining cmd.Dir |
There was a problem hiding this comment.
What is the issue described in this comment?
builders/gradle.go
Outdated
| if len(moduleConfigurationKey) == 2 { | ||
| if taskName != "" { | ||
| // this is not the root gradle project | ||
| taskName = taskName + ":" |
There was a problem hiding this comment.
- Avoid mutation, it makes your intent much less clear.
- I'd locate this closer to where the variable is used, so it's clear that this is formatting for usage as an argument to
gradle.
builders/gradle.go
Outdated
| // this is not the root gradle project | ||
| taskName = taskName + ":" | ||
| } | ||
| if len(moduleConfigurationKey) == 2 && moduleConfigurationKey[1] != "" { |
There was a problem hiding this comment.
Move this up to be next to the definition of taskConfiguration, so it's clear that your intent is to use a default value.
| } | ||
|
|
||
| // Fall back to "app" as default task, even though technically it would be "" (root) | ||
| // If task list fails, fall back to "app" as default task, even though technically it would be "" (root) |
There was a problem hiding this comment.
Is this behaviour correct? Should we expect app:compile to work even when gradle tasks fails, or should this be a fatal error?
There was a problem hiding this comment.
I'm 50/50 on having this fallback vs erroring if gradle tasks fails, but:
- I believe
app:compileis a sane default if abuild.gradleis found - Checking for a
build.gradleis a valid way of identifying a module, and much simpler/more reliable then parsing output ofgradle tasks
There was a problem hiding this comment.
I think the question is whether app:compile is likely to work. If it works, then this is great. If it doesn't work, then we've kicked a configuration error down the line into a much more obscure runtime error.
I don't have much experience with the Gradle ecosystem, so I trust your intention on this.
builders/gradle.go
Outdated
| taskName = taskName + ":" | ||
|
|
||
| taskName := "dependencies" // defaults to root gradle dependencies task | ||
|
|
There was a problem hiding this comment.
Remove newline (makes default-value intention clearer).
| } | ||
|
|
||
| // Fall back to "app" as default task, even though technically it would be "" (root) | ||
| // If task list fails, fall back to "app" as default task, even though technically it would be "" (root) |
There was a problem hiding this comment.
I think the question is whether app:compile is likely to work. If it works, then this is great. If it doesn't work, then we've kicked a configuration error down the line into a much more obscure runtime error.
I don't have much experience with the Gradle ecosystem, so I trust your intention on this.
| 1. Look for a root Gradle build (`build.gradle`) | ||
| 2. Run and parse the output of `gradle tasks --all -q -a --offline` to find all available sub-tasks that support a `:dependencies` command | ||
| 3. If task list succeeds but no sub-tasks are available, fallback to the root `dependencies` task in `build.gradle` | ||
| 4. Filter out any suspicious-looking tasks (i.e. labeled `test` or `testCompile`) |
There was a problem hiding this comment.
You should really mention that there's a flag to disable this.
This PR adds support for Gradle projects that manage their dependencies via a root
dependenciestask rather than within a subtask.Refs: #74 #114 #10
Changes
fossa initdoes not find dependency subtasks, have it elect the root dependencies task for thenamefield infossa.ymlconfiguration (represented as an empty taskname + config:compile)How to configure
For users that want to support root dep tasks, this should be a non-breaking change to existing config as well as provide OOTB support for new
fossa init.Options:
fossa init -Oand confirm the right task/configuration infossa.ymlOR
.fossa.ymlfile to have an empty task name; optionally specify your taskConfiguration: