Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create sub directories for ThirdPartyAudit dependency metadata #16844

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

finnegancarroll
Copy link
Contributor

@finnegancarroll finnegancarroll commented Dec 13, 2024

Description

The thirdPartyAudit task writes all dependency metadata to the same base directory of build/precommit/thirdPartyAudit/thirdPartyAudit/META-INF. When two separate dependencies attempt to write a file and directory at the same location the task fails with an error.

See #16840.

This PR handles collisions by appending a counter to duplicates.
i.e. dup-1.txt, dup-2.txt, ...

Related Issues

Resolves #16840

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions github-actions bot added bug Something isn't working Build Build Tasks/Gradle Plugin, groovy scripts, build tools, Javadoc enforcement. labels Dec 13, 2024
Copy link
Contributor

❌ Gradle check result for 6f4639f: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Copy link
Contributor

❌ Gradle check result for 4e866be: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Signed-off-by: Finn Carroll <carrofin@amazon.com>
Copy link
Contributor

✅ Gradle check result for 4b1b382: SUCCESS

Copy link

codecov bot commented Dec 20, 2024

Codecov Report

Attention: Patch coverage is 0% with 11 lines in your changes missing coverage. Please review.

Project coverage is 72.12%. Comparing base (7050ecf) to head (4b1b382).

Files with missing lines Patch % Lines
...ensearch/gradle/precommit/ThirdPartyAuditTask.java 0.00% 11 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main   #16844      +/-   ##
============================================
- Coverage     72.19%   72.12%   -0.08%     
+ Complexity    65208    65205       -3     
============================================
  Files          5297     5297              
  Lines        303324   303335      +11     
  Branches      43913    43916       +3     
============================================
- Hits         218999   218791     -208     
- Misses        66367    66638     +271     
+ Partials      17958    17906      -52     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@reta
Copy link
Collaborator

reta commented Dec 21, 2024

When two separate dependencies attempt to write a file and directory at the same location the task fails with an error.

The task should be run per module, each having own build directory, with no overlaps (I think). Do some modules share the build folder?

@finnegancarroll
Copy link
Contributor Author

The task should be run per module, each having own build directory, with no overlaps (I think). Do some modules share the build folder?

It's not that plugins/modules are sharing build folders, but that the third party dependencies of an individual plugin/module are unzipped into a shared base folder during the third party audit task. Specifically plugins/<myplugin>/build/precommit/thirdPartyAudit/thirdPartyAudit.

In the minimal example linked in the issue these two randomly chosen dependencies happen to have jars which unzip a META-INF/LICENSE directory and META-INF/LICENSE file respectively.

dependencies {
  implementation "io.grpc:grpc-netty-shaded:${versions.grpc}"
  implementation "com.google.guava:guava:${versions.guava}"
}

@reta
Copy link
Collaborator

reta commented Dec 23, 2024

In the minimal example linked in the issue these two randomly chosen dependencies happen to have jars which unzip a META-INF/LICENSE directory and META-INF/LICENSE file respectively.

Oh I see, thank you, guava as a dependency is causing troubles everywhere

@@ -309,6 +309,25 @@ private void extractJars(Set<File> jars) {
jars.forEach(jar -> {
FileTree jarFiles = getProject().zipTree(jar);
getProject().copy(spec -> {
spec.eachFile(details -> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think the cleanest approach would be to extract each dependency into own sub-folder all the time so we won't be having the names clash in the first place?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working Build Build Tasks/Gradle Plugin, groovy scripts, build tools, Javadoc enforcement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] thirdPartyAudit task fails when copying duplicate files
2 participants