Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: unmanaged dependency check #2223

Merged
merged 68 commits into from Jan 3, 2024
Merged

feat: unmanaged dependency check #2223

merged 68 commits into from Jan 3, 2024

Conversation

JoeWang1127
Copy link
Collaborator

@JoeWang1127 JoeWang1127 commented Nov 3, 2023
edited

Implement an unmanaged dependency check, part of dependency governance project.

@product-auto-label product-auto-label bot added the size: m Pull request size is medium. label Nov 3, 2023
@suztomo
Copy link
Member

suztomo commented Nov 28, 2023
edited

Todo:

Until the design doc is approved, leave this pull request as failed state in draft.

To recover from the failure: Assuming the (unmanaged) dependency went through the governance process,

  • Add the unmanaged dependency to the shared dependencies BOM in the same pull request 2223. The check now should become green.

(Before merging this 2223, we'll revert the edits in the shared dependencies BOM and gax-java/gax-grpc/pom.xml.)

@product-auto-label product-auto-label bot added size: l Pull request size is large. and removed size: m Pull request size is medium. labels Nov 29, 2023
@JoeWang1127
Copy link
Collaborator Author

JoeWang1127 commented Nov 30, 2023
edited

In order to fail the check, an unmanaged dependency has to be added in the target bom, not the dependency of this bom.
In this case, an unmananged dependency has to be added in gapic-generator-java-bom/pom.xml, but not in gax-java/gax-grpc/pom.xml, which is a transitive dependency of gapic-generator-java-bom/pom.xml.

The check needs to update.

I added a dependency in gapic-generator-java-bom/pom.xml but the check is successful (it shouldn't)

Run unmanaged_dependencies=$(mvn exec:java -Dexec.args="3.20.0 ../../gapic-generator-java-bom/pom.xml" -q)
  unmanaged_dependencies=$(mvn exec:java -Dexec.args="3.20.0 ../../gapic-generator-java-bom/pom.xml" -q)
  echo "${unmanaged_dependencies}"
  if [[ "${unmanaged_dependencies}" != "[]" ]]; then
    echo "${unmanaged_dependencies}"
    exit 1
  fi
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/11.0.21-9/x64
    JAVA_HOME_11_X64: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/11.0.21-9/x64
    shared_dependencies_version: 3.20.0
[]

When tested locally:

joewa-macbookpro:unmanaged-dependency-check joewa$ echo "${unmanaged_dependencies}"
[com.h2database:h2]

@JoeWang1127 JoeWang1127 marked this pull request as ready for review January 3, 2024 18:08
@JoeWang1127 JoeWang1127 requested a review from a team as a code owner January 3, 2024 18:08
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jan 3, 2024

Quality Gate Passed Quality Gate passed for 'gapic-generator-java-root'

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jan 3, 2024

Quality Gate Passed Quality Gate passed for 'java_showcase_integration_tests'

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@JoeWang1127 JoeWang1127 merged commit 3439691 into main Jan 3, 2024
40 checks passed
@JoeWang1127 JoeWang1127 deleted the feat/unmanaged-dependency-check branch January 3, 2024 19:08
@release-please release-please bot mentioned this pull request Jan 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@suztomo suztomo suztomo approved these changes

Assignees
No one assigned
Labels
size: l Pull request size is large.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@JoeWang1127 @suztomo