-
Notifications
You must be signed in to change notification settings - Fork 499
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix part of #59: Migrate to rules_jvm_external 5.1 #4925
Conversation
The check & related scripts required fairly involved reworking since the Maven install file (from which it sources Maven URL context) changed in format as part of the upgrade for rules_jvm_external. This has actually led to what seems to be more correct analysis of libraries that the build depends on, so more licenses have been added to the maven_dependencies.textproto tracking file. One unused Crashlytics dependency was removed since it was referencing an old license that doesn't exist anymore (and the artifact should be replaced in full by more recent Firebase Crashlytics dependencies that we are already using).
This addresses an underlying bug with the command executor that can, in some cases, break compute_affected_tests. It also refines some of its internal mechanisms for much better performance on expensive PRs. It also prepares the base support needed for merge queues, but the CI workflows aren't being updated in this change.
This prepares for merge queues (but doesn't quite configure the workflow for them--that will happen in a different PR), and improves how tests are computed for stacked PRs.
…xternal Conflicts: scripts/src/java/org/oppia/android/scripts/common/BUILD.bazel scripts/src/java/org/oppia/android/scripts/license/MavenDependenciesListCheck.kt scripts/src/java/org/oppia/android/scripts/license/MavenDependenciesRetriever.kt scripts/src/java/org/oppia/android/scripts/maven/GenerateMavenDependenciesList.kt scripts/src/javatests/org/oppia/android/scripts/license/MavenDependenciesListCheckTest.kt scripts/src/javatests/org/oppia/android/scripts/license/MavenDependenciesRetrieverTest.kt scripts/src/javatests/org/oppia/android/scripts/maven/GenerateMavenDependenciesListTest.kt
Also, update TODO check script to have nicer output, and support generating the exemption textproto file for easier updates in the future.
Hi @BenHenning, I'm going to mark this PR as stale because it hasn't had any updates for 7 days. If no further activity occurs within 7 days, it will be automatically closed so that others can take up the issue. |
The new proto target isn't used anywhere so this was missed.
Hi @BenHenning, I'm going to mark this PR as stale because it hasn't had any updates for 7 days. If no further activity occurs within 7 days, it will be automatically closed so that others can take up the issue. |
Still active. |
Hi @BenHenning, I'm going to mark this PR as stale because it hasn't had any updates for 7 days. If no further activity occurs within 7 days, it will be automatically closed so that others can take up the issue. |
Conflicts: scripts/assets/todo_open_exemptions.textproto
@seanlip PTAL for owners group codeowners changes (I think this is mainly needed for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for one codeowner file: scripts/assets/maven_dependencies.textproto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @BenHenning. I have two questions, PTAL.
scripts/src/java/org/oppia/android/scripts/license/MavenDependenciesRetriever.kt
Show resolved
Hide resolved
scripts/src/java/org/oppia/android/scripts/license/MavenDependenciesRetriever.kt
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @adhiamboperes!
Self-reviewed latest changes & followed-up to review comments. PTAL @adhiamboperes.
scripts/src/java/org/oppia/android/scripts/license/MavenDependenciesRetriever.kt
Show resolved
Hide resolved
scripts/src/java/org/oppia/android/scripts/license/MavenDependenciesRetriever.kt
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @BenHenning! This LGTM.
Hi @BenHenning, this PR is ready to be merged. Please address any remaining comments prior to merging, and feel free to merge this PR once the CI checks pass and you're happy with it. Thanks! |
Thanks @adhiamboperes! Looks like this is ready to be merged, so syncing with the latest develop and enabling auto-merge. |
Explanation
Fix part of #59
At a high-level, this PR migrates the project to using rules_jvm_external 5.1 (from the current version 4.1). The main benefit of this is a much simpler
maven_install.json
file (>50% reduction in file size). This is especially appealing as downstream PRs for #59 make a lot of changes to third-party dependencies, causingmaven_install.json
to be regenerated each time. A smaller and more compact format results in fewer actual deltas needing to be checked in between changes.Introducing support for the new format has required a lot of changes elsewhere in the project, however, including:
LicenseFetcher
was extended to include support for verifying a URL's artifact validity (i.e. by using an HTTP HEAD request) for better robustness and performance when compiling licenses. This is because of a significant difference in the newmaven_install.json
format: we no longer know which Maven repositories correspond to which artifacts, so we need to test each artifact against all repositories when checking for licenses. This also has some repercussions on warnings from Bazel's own file downloader (see ability to silence warnings when using multiple repositories bazelbuild/rules_jvm_external#349).MavenDependenciesRetriever
required substantial reworking to properly fetch pom information from dependencies. For robustness, it was also updated to useScriptBackgroundCoroutineDispatcher
to parallelize the fetching with some basic retry built into it (since I noticed on one of my workstations much more flakiness in the HEAD requests and license fetches).LicenseFetcher
was also renamed toMavenArtifactPropertyFetcher
since it's actually used for more than just license fetching (besides the newHEAD
check, it's also used for fetching an artifact's POM file when processing the list of licenses for the artifact).Separate details worthy of noting:
MavenArtifactPropertyFetcherImpl
& model changes don't have test files for the same reasons the oldLicenseFetcherImpl
and models didn't.maven_install.json
format. The new retry functionality mentioned above also has resulted in a bit more output for these scripts (which results in changes to their tests).MavenCoordinate
class added as part ofMavenDependenciesRetriever
also had a bunch of tests added since this is now a public class of the retriever (and was added to simplify a lot of the coord manipulation work).Important:
maven_dependencies.textproto
was significantly changed due to two reasons:GenerateMavenDependenciesList
is different due to a combination of the reworking ofMavenDependenciesRetriever
and the newmaven_install.json
format.maven_install.json
format makes it much easier to track these dependencies, and so we'll now be including many more third party license information in released versions of the app.It is not expected that there are any actual version differences in this PR (intentionally since it would be very hard to verify that, and this allows
maven_install.json
to be easier to review since it's generated file). This was verified by looking at the conflicts section of both the old and newmaven_install.json
files, and the Maven dependencies CI check.Essential Checklist
For UI-specific PRs only
N/A -- This is a build system & script infrastructure change. It's expected to have no user-facing functional side effects.