Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#3370 add dependency checking to gradle build #6555

Merged
merged 5 commits into from
Jun 1, 2022
Merged

#3370 add dependency checking to gradle build #6555

merged 5 commits into from
Jun 1, 2022

Conversation

planetf1
Copy link
Member

@planetf1 planetf1 commented May 31, 2022
edited
Loading

Signed-off-by: Nigel Jones nigel.l.jones+git@gmail.com

Description

Adds some additional checks based on https://newsletter.gradle.com/2022/05

  • Adds dependency checking to the gradle build, similar to the function in the maven build. This checks for unused Dependencies. Exceptions are added in the top level build.gradle. The build will fail if any unnecessary dependencies are added
  • Adds capability checking for log implementations - detects, reports, and aids in resolving log class implementation problems (ie slf/commons logging/logback etc)
  • Adds capability checking for common clashes - ie javax/jakarta - prevents duplicate classes with different implementations on the classpath (unpredictable behaviour)
  • Adds validation of gradle wrapper checksum to ci/cd to prevent malicious injection attack

Related Issue(s)

Issue #3370 aims to bring the gradle build to parity with the maven build

Testing

Fixed up bad dependencies. Checked for clean reports. Ensured build fails with invalid dependency. Run FVT

Release Notes & Documentation

Additional notes

Still to do:

  • Add apache RAT license checker
  • this will be added in a later PR

planetf1 added 3 commits May 31, 2022 19:44
@planetf1
odpi#3370 add dependency checking to gradle build
3513723 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
@planetf1
odpi#3370 add capability checks (jakarta/javax, log class clashes etc…
551123f 
…) on dependencies

Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
@planetf1
odpi#3370 add gradle wrapper validation to prevent malicious injection
0f6a44b 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
@planetf1 planetf1 marked this pull request as ready for review May 31, 2022 19:34
@planetf1 planetf1 enabled auto-merge May 31, 2022 19:35
@planetf1 planetf1 disabled auto-merge May 31, 2022 19:36
@planetf1
odpi#3370 Upload logs from failed dependency analysis
af0a78b 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
@planetf1 planetf1 marked this pull request as draft May 31, 2022 20:00
@planetf1
odpi#3370 resolve more logging conflicts - FVTs
9c69d86 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
@planetf1 planetf1 marked this pull request as ready for review June 1, 2022 09:05
@planetf1 planetf1 merged commit e97d03f into odpi:master Jun 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@planetf1