Skip to content

Improve thirdPartyAudit check, round 3 #15688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 29, 2015
Merged

Improve thirdPartyAudit check, round 3 #15688

merged 1 commit into from
Dec 29, 2015

Conversation

rmuir
Copy link
Contributor

@rmuir rmuir commented Dec 29, 2015

  • Fix "internal runtime" check to no longer have false positives (e.g. com.sun jersey, ldap, etc)
  • remove missingClasses boolean. Each missing class is a problem just like any other problem and must be added to thirdPartyAudit.excludes.
  • scan the runtime configuration when possible instead of test: this is more valuable because test dependencies can pollute the classpath and hide the fact that e.g. classes are missing at runtime.
  • Fail if an exclusion is defined, but "nothing is wrong" with it. This ensures there is no extra bogus excludes, e.g. that build.gradle-s accurately document each module's current state of (in)sanity.
  • Do some basic documentation of issues, cleanup some low hanging fruit (e.g. remove unsafe-using stuff completely from lang-groovy, add missing (tiny) asm-tree to complete classpath for lang-expressions and lang-plan-a). This reduces the size of the ES distribution by 2MB as well.
  • Add basic docs
# Checks that we run against bytecode of third-party dependencies
#
# Be judicious about what is denied here: MANY classes will be subject
# to these rules, so please try to keep the false positive rate low!
#
# Each third party .class failing checks will need to be explicitly
# listed in the module's build.gradle file:
#
#   thirdPartyAudit.excludes = [
#    // uses internal java api: sun.misc.Unsafe
#    'org.foo.Bar',
#    // missing class!
#    'com.missing.dependency.WTF',
#    // ...
#   ]
#
# Wildcards are not allowed, excludes must be exact. The build also fails with
# the message "Invalid exclusions, nothing is wrong with these classes" if
# extraneous classes are in the excludes list, this ensures the list is
# up-to-date, and that each module accurately documents the evil things
# that its dependencies do.
#
# For more information, look at ThirdPartyAuditTask.groovy in buildSrc/

s1monw
s1monw reviewed Dec 29, 2015
View reviewed changes
core/build.gradle
'org.jboss.marshalling.Unmarshaller',

// from com.spatial4j.core.io.GeoJSONReader (spatial4j)
'org.noggit.JSONParser',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh boy :)

@s1monw
Copy link
Contributor

s1monw commented Dec 29, 2015

man lots of manual work you did there! LGTM

rmuir added a commit that referenced this pull request Dec 29, 2015
@rmuir
Merge pull request #15688 from rmuir/thirdPartyAudit3
25914ae 
Improve thirdPartyAudit check, round 3
@rmuir rmuir merged commit 25914ae into elastic:master Dec 29, 2015
@clintongormley clintongormley added the :Delivery/Build Build or test infrastructure label Jan 10, 2016
@mark-vieira mark-vieira added the Team:Delivery Meta label for Delivery team label Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
:Delivery/Build Build or test infrastructure Team:Delivery Meta label for Delivery team v5.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rmuir @s1monw @clintongormley @mark-vieira