Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make GradleInspector the new default analyzer for Gradle projects #9070

Merged
merged 5 commits into from
Sep 11, 2024
Merged

Make GradleInspector the new default analyzer for Gradle projects #9070

merged 5 commits into from
Sep 11, 2024

Conversation

sschuberth
Copy link
Member

Please have a look at the individual commit messages for the details.

@sschuberth sschuberth requested review from a team as code owners September 3, 2024 10:20
@codecov Codecov
Copy link

codecov bot commented Sep 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.21%. Comparing base (77590e3) to head (c9db5a7).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #9070   +/-   ##
=========================================
  Coverage     67.21%   67.21%           
  Complexity     1188     1188           
=========================================
  Files           239      239           
  Lines          7916     7916           
  Branches        910      910           
=========================================
  Hits           5321     5321           
  Misses         2226     2226           
  Partials        369      369
Flag Coverage Δ
funTest-docker 60.36% <ø> (ø)
funTest-non-docker 34.59% <ø> (ø)
test 36.53% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

fviernau
fviernau requested changes Sep 3, 2024
View reviewed changes
plugins/package-managers/gradle-inspector/README.md Outdated

Also, the `isModified` check which compares with artifacts of the same name in Maven Central is not implemented yet.
* The retrieval of the checksum values for remote artifacts is currently done via plain OkHttp calls, which means it will not work out of the box for private repositories.
To work around this, credentials need to be configured in `.netrc` additionally to in Gradle.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this say "in addition to"?

Furthermore, I'm not sure but it felt to me within "to in" there is something missing.

Maybe: The credentials which are configured in Gradle need to be redundantly configured in '.netrc'.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to keep changes compared to the existing text to a minimum, but I guess I could do some rewordings along the way...

plugins/package-managers/gradle-inspector/README.md Outdated
Also, the `isModified` check which compares with artifacts of the same name in Maven Central is not implemented yet.
* The retrieval of the checksum values for remote artifacts is currently done via plain OkHttp calls, which means it will not work out of the box for private repositories.
To work around this, credentials need to be configured in `.netrc` additionally to in Gradle.
This is similar to how the "legacy" [Gradle] analyzer required to additionally configure credentials in Maven.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to drop line 38 as irrelevant in this context?

plugins/package-managers/gradle-inspector/README.md Outdated
* The retrieval of the checksum values for remote artifacts is currently done via plain OkHttp calls, which means it will not work out of the box for private repositories.
To work around this, credentials need to be configured in `.netrc` additionally to in Gradle.
This is similar to how the "legacy" [Gradle] analyzer required to additionally configure credentials in Maven.
* The `isModified` check which compares with artifacts of the same name in Maven Central is not implemented yet.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there something missing in "which compares with artifacts" ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've clarified it.

plugins/package-managers/gradle-inspector/README.md Outdated
The [GradleInspector] is an alternative analyzer for projects that use the Gradle package manager.
It is supposed to address [several] [shortcomings] of the "legacy" [Gradle] analyzer, but to not interfere with it, the [GradleInspector] is disabled by default.
The [GradleInspector] is the new analyzer for projects that use the Gradle package manager.
It is supposed to address [several] [shortcomings] of the "legacy" [Gradle] analyzer, which is disabled by default now.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to avoid "the new" and "now" as these terms become outdated?
Maybe instead "the default" and "which is disabled by default"?

fviernau
fviernau previously approved these changes Sep 3, 2024
View reviewed changes
@sschuberth sschuberth marked this pull request as draft September 4, 2024 15:11
@sschuberth sschuberth force-pushed the default-gi branch 3 times, most recently from c4f6ca5 to 0a49445 Compare September 10, 2024 12:20
@sschuberth
Copy link
Member Author

@oss-review-toolkit/kotlin-devs what's currently blocking the merge of this is some unexpected diff in the dependency graph that I see when running PubFunTest. It seems that some de-duplication is happening for Android / Gradle dependencies. Back here I assumed this was due to the GradleInspector not using the dependency graph yet, but that's not true anymore, so I'm stumped.

@sschuberth
Copy link
Member Author

I'm stumped.

I've found the cause and am preparing a fix.

@sschuberth sschuberth marked this pull request as ready for review September 11, 2024 11:37
@sschuberth sschuberth requested review from fviernau and a team September 11, 2024 11:37
fviernau
fviernau previously approved these changes Sep 11, 2024
View reviewed changes
Copy link
Member

@fviernau fviernau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@sschuberth
docs(gradle-inspector): Fix the link to the init script resource
cd22c9e 
This is a fixup for 7373195.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth
fix(pub): Use the correct key name when replacing options
f84a030 
In ff0ca15, `OPTION_GRADLE_VERSION` (which equals "gradleVersion") was
errorneously replaced with `gradleFactory.type` (which equals "Gradle")
in two places. One of these was fixed in 1ba253a. Fix the other one
here.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth
feat(pub): Always use the (one) enabled Gradle package manager
5ecb0d4 
As of 04b0356, the analyzer refuses to have multiple package managers for
the same project type enabled. So make Pub always use that one, if any,
Gradle package manager to avoid problems if a user enables
`GradleInspector` but Pub tries to use legacy `Gradle`.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth
docs(gradle-inspector): Update the list of known limitations
500e680 
Format limitations as a list, add [1], and improve wording along the way.

[1]: #7995

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth
feat(gradle)!: Make GradleInspector the new default
c9db5a7 
Despite its documented limitations, the benefits outweight the drawbacks
of making this the default analyzer for Gradle projects.

Adjust the Pub package manager as well to use `GradleInspector` for its
tests, which highlights the additional metadata collected.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth
Copy link
Member Author

Sorry @fviernau, I had do adjust a few commit messages, but I'm done now!

@sschuberth sschuberth enabled auto-merge (rebase) September 11, 2024 11:57
@sschuberth sschuberth requested a review from a team September 11, 2024 11:57
@sschuberth sschuberth merged commit 1621941 into main Sep 11, 2024
21 of 22 checks passed
@sschuberth sschuberth deleted the default-gi branch September 11, 2024 14:38
@sschuberth sschuberth mentioned this pull request Oct 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fviernau fviernau fviernau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sschuberth @fviernau