Run forbidden api checks with runtimeJavaVersion #32947
Conversation
alpar-t
added
>non-issue
:Delivery/Build
|
Pinging @elastic/es-core-infra |
| spec.classpath(sourceSet.runtimeClasspath) | ||
| spec.executable = "${project.runtimeJavaHome}/bin/java" | ||
| } | ||
| targetCompatibility = JavaVersion.VERSION_1_8 // FIXME: change to min(compilerVersion, 10) |
There was a problem hiding this comment.
Will wait for the PR fixing the violations to be merged before changing this and merging this PR.
There was a problem hiding this comment.
I think this should always be compiler version? That way if eg we use java 11, we will detect problems ahead of time, before we switch to using java 11 all the time?
| private Set<String> suppressAnnotations = new LinkedHashSet<>(); | ||
| private JavaVersion targetCompatibility; | ||
| private FileCollection classesDirs; | ||
| private Action<JavaExecSpec> execAction; |
There was a problem hiding this comment.
This avoids inheriting from JavaExec. I prefer that because this way the task can control when to do the exec and we can do the required setup in the task action.
Gradle runs the task action of the inherited task first ( I couldn't find a documented order ).
| spec.classpath(sourceSet.runtimeClasspath) | ||
| spec.executable = "${project.runtimeJavaHome}/bin/java" | ||
| } | ||
| targetCompatibility = JavaVersion.VERSION_1_8 // FIXME: change to min(compilerVersion, 10) |
There was a problem hiding this comment.
I think this should always be compiler version? That way if eg we use java 11, we will detect problems ahead of time, before we switch to using java 11 all the time?
| getProject().javaexec((JavaExecSpec spec) -> { | ||
| execAction.execute(spec); | ||
| // This works because forbidden apis has no transitive dependencies. | ||
| spec.classpath(ClassPathUtils.getJar(CliMain.class)); |
There was a problem hiding this comment.
While I know we still need forbidden on the gradle classpath because we invoke it through ant for third-party-audit, I think once we move that to use cli, we should change this to have forbidden api in a separate configuration and pull it there, instead of this hack on finding where a class we have already loaded is located.
|
|
||
| public class ClassPathUtils { | ||
|
|
||
| public static Path getJar(Class<?> theClass) { |
There was a problem hiding this comment.
I don't like this hack, and especially not making it easier to use. Can it be isolated, or at least given large warning comments to not use this?
| throw new AssertionError(e); | ||
| } | ||
| if (Files.exists(path) == false) { | ||
| throw new AssertionError("Bath to class source does not exist: " + path); |
| } | ||
| existingOutputs.forEach { args "-d", it } | ||
| classesDirs = sourceSet.output.classesDirs | ||
| ext.replaceSignatureFiles = { String... names -> |
There was a problem hiding this comment.
Can we stick with the dsl of forbidden apis, instead of adding these helpers? I would like us to be able to switch back if/when it supports forking.
There was a problem hiding this comment.
It this is the only concern, we can add these helpers with any implementation of the task.
I don't have a strong preference, but do like how these make the build scripts shorter, without involving build resources.
There was a problem hiding this comment.
Alright, that is fine. Can we please name it set instead of replace then, to match common naming with other gradle dsl elements?
There was a problem hiding this comment.
@rjernst set will not work, as the task already has that method, so the extension will never be fetched and called, but even with something like setSignatures it would be confusing as I don't think signatures = ... would work, as it won't call the closure on task extensions but look for a set method on the task instance.
There was a problem hiding this comment.
I'm going to merge and submit a PR for the third party audit as well.
Let me know and I'll make changes to the name if needed,
| // This works because the class only depends on one class from junit that will be available from the | ||
| // tests compile classpath. It's the most straight forward way of telling Java where to find the main | ||
| // class. | ||
| ClassPathUtils.getJar(NamingConventionsCheck.class).toFile(), |
There was a problem hiding this comment.
I would prefer if we kept this url hack as it was and didn't make it easier to use
This reverts commit 668e8b1.
…ks-jvm-31715-part2
|
@rjernst I reverted the hack, and wired it to compiler version. |
| ) | ||
| spec.executable = "${project.runtimeJavaHome}/bin/java" | ||
| } | ||
| inputs.files( | ||
| sourceSet.compileClasspath, |
There was a problem hiding this comment.
Should the forbidden apis configuration also be an input?
| } | ||
|
|
||
| @TaskAction | ||
| public void writeMarker() throws IOException { |
There was a problem hiding this comment.
nit: this method name does not seem accurate, since it does the actual execution, not just writing the marker file
| } | ||
| existingOutputs.forEach { args "-d", it } | ||
| classesDirs = sourceSet.output.classesDirs | ||
| ext.replaceSignatureFiles = { String... names -> |
There was a problem hiding this comment.
Alright, that is fine. Can we please name it set instead of replace then, to match common naming with other gradle dsl elements?
Run forbidden APIs checks with runtime hava version
* 6.x: Introduce mapping version to index metadata (#33147) Move non duplicated actions back into xpack core (#32952) HLRC: Create server agnostic request and response (#32912) Build: forked compiler max memory matches jvmArgs (#33138) * Added breaking change section for GROUP BY behavior: now it considers null or empty values as a separate group/bucket. Previously, they were ignored. * This is part of backporting of #32832 SQL: Enable aggregations to create a separate bucket for missing values (#32832) [TEST] version guard for reload rest-api-spec Fix grammar in contributing docs APM server monitoring (#32515) Support only string `format` in date, root object & date range (#28117) [Rollup] Move toBuilders() methods out of rollup config objects (#32585) Accept Gradle build scan agreement (#30645) Fix forbiddenapis on java 11 (#33116) Run forbidden api checks with runtimeJavaVersion (#32947) Apply publishing to genreate pom (#33094) Fix a mappings update test (#33146) Reload Secure Settings REST specs & docs (#32990) Refactor CachingUsernamePassword realm (#32646)
Switching to the CLI version of the tool allows us to run it with the runtime java version.
The newly introduced task just a thin wrapper over the cli args and we configure it as before from precommit. Since we only used it in one place, the extensions is no longer used as
tasks.withTypeachieves the same goal.