Add validation of the third-party jars that are included to the release

The validation skips JMeter jars, and it helps to spot accidental third-party dependency addition or removal
apache · Sep 15, 2020 · f548de9 · f548de9
1 parent 6bc4f09
commit f548de9
Show file tree

Hide file tree

Showing 2 changed files with 185 additions and 0 deletions.
diff --git a/src/dist/build.gradle.kts b/src/dist/build.gradle.kts
@@ -19,7 +19,9 @@ import com.github.vlsi.gradle.crlf.CrLfSpec
 import com.github.vlsi.gradle.crlf.LineEndings
 import com.github.vlsi.gradle.git.FindGitAttributes
 import com.github.vlsi.gradle.git.dsl.gitignore
+import com.github.vlsi.gradle.properties.dsl.props
 import org.gradle.api.internal.TaskOutputsInternal
+import kotlin.math.absoluteValue
 
 plugins {
     id("com.github.vlsi.crlf")
@@ -147,6 +149,91 @@ val populateLibs by tasks.registering {
     }
 }
 
+val updateExpectedJars by props()
+
+val verifyReleaseDependencies by tasks.registering {
+    description = "Verifies if binary release archive contains the expected set of external jars"
+    group = LifecycleBasePlugin.VERIFICATION_GROUP
+
+    dependsOn(configurations.runtimeClasspath)
+    val expectedLibs = file("src/dist/expected_release_jars.csv")
+    inputs.file(expectedLibs)
+    val actualLibs = File(buildDir, "dist/expected_release_jars.csv")
+    outputs.file(actualLibs)
+    doLast {
+        val caseInsensitive: Comparator<String> = compareBy(String.CASE_INSENSITIVE_ORDER, { it })
+
+        val deps = configurations.runtimeClasspath.get().resolvedConfiguration.resolvedArtifacts
+        val libs = deps.asSequence()
+            .filter {
+                val compId = it.id.componentIdentifier
+                compId !is ProjectComponentIdentifier || !compId.build.isCurrentBuild
+            }
+            .map { it.file.name to it.file.length() }
+            .sortedWith(compareBy(caseInsensitive) { it.first })
+            .associate { it }
+
+        val expected = expectedLibs.readLines().asSequence()
+            .filter { "," in it }
+            .map {
+                val (length, name) = it.split(",", limit = 2)
+                name to length.toLong()
+            }
+            .associate { it }
+
+        if (libs == expected) {
+            return@doLast
+        }
+
+        val sb = StringBuilder()
+        sb.append("External dependencies differ (you could update ${expectedLibs.relativeTo(rootDir)} if you add -PupdateExpectedJars):")
+
+        val sizeBefore = expected.values.sum()
+        val sizeAfter = libs.values.sum()
+        if (sizeBefore != sizeAfter) {
+            sb.append("\n  $sizeBefore => $sizeAfter bytes")
+            sb.append(" (${if (sizeAfter > sizeBefore) "+" else "-"}${(sizeAfter - sizeBefore).absoluteValue} byte")
+            if ((sizeAfter - sizeBefore).absoluteValue > 1) {
+                sb.append("s")
+            }
+            sb.append(")")
+        }
+        if (libs.size != expected.size) {
+            sb.append("\n  ${expected.size} => ${libs.size} files")
+            sb.append(" (${if (libs.size > expected.size) "+" else "-"}${(libs.size - expected.size).absoluteValue})")
+        }
+        sb.appendln()
+        for (dep in (libs.keys + expected.keys).sortedWith(caseInsensitive)) {
+            val old = expected[dep]
+            val new = libs[dep]
+            if (old == new) {
+                continue
+            }
+            sb.append("\n")
+            if (old != null) {
+                sb.append("-").append(old.toString().padStart(8))
+            } else {
+                sb.append("+").append(new.toString().padStart(8))
+            }
+            sb.append(" ").append(dep)
+        }
+        val newline = System.getProperty("line.separator")
+        actualLibs.writeText(
+            libs.map { "${it.value},${it.key}" }.joinToString(newline, postfix = newline)
+        )
+        if (updateExpectedJars) {
+            println("Updating ${expectedLibs.relativeTo(rootDir)}")
+            actualLibs.copyTo(expectedLibs, overwrite = true)
+        } else {
+            throw GradleException(sb.toString())
+        }
+    }
+}
+
+tasks.check {
+    dependsOn(verifyReleaseDependencies)
+}
+
 // This adds dependency on "populateLibs" task
 // This makes uses of these copySpecs transparently depend on the builder task
 libs.from(populateLibs)

diff --git a/src/dist/src/dist/expected_release_jars.csv b/src/dist/src/dist/expected_release_jars.csv
@@ -0,0 +1,98 @@
+30035,accessors-smart-1.2.jar
+2387,apiguardian-api-1.1.0.jar
+121836,asm-7.3.1.jar
+113369,bsf-2.4.0.jar
+389033,bsh-2.0b6.jar
+879660,caffeine-2.8.0.jar
+201216,checker-qual-2.10.0.jar
+347669,commons-codec-1.14.jar
+588337,commons-collections-3.2.2.jar
+751914,commons-collections4-4.4.jar
+208475,commons-dbcp2-2.7.0.jar
+276413,commons-io-2.7.jar
+267634,commons-jexl-2.1.1.jar
+397422,commons-jexl3-3.1.jar
+577742,commons-lang3-3.11.jar
+61829,commons-logging-1.2.jar
+2213560,commons-math3-3.6.1.jar
+305844,commons-net-3.7.jar
+133109,commons-pool2-2.8.1.jar
+216211,commons-text-1.9.jar
+1387394,darklaf-core-2.4.7.jar
+20650,darklaf-extensions-rsyntaxarea-0.3.4.jar
+31982,darklaf-macos-2.4.7.jar
+6209,darklaf-native-utils-2.4.7.jar
+3244,darklaf-platform-base-2.4.7.jar
+59949,darklaf-property-loader-2.4.7.jar
+81834,darklaf-theme-2.4.7.jar
+33836,darklaf-utils-2.4.7.jar
+335440,darklaf-windows-2.4.7.jar
+98115,dec-0.1.2.jar
+320748,dnsjava-2.1.9.jar
+13161,error_prone_annotations-2.3.3.jar
+1702975,freemarker-2.3.30.jar
+32359,geronimo-jms_1.1_spec-1.1.1.jar
+7946113,groovy-3.0.5.jar
+19458,groovy-datetime-3.0.5.jar
+11685,groovy-dateutil-3.0.5.jar
+137455,groovy-jmx-3.0.5.jar
+133034,groovy-json-3.0.5.jar
+21294,groovy-jsr223-3.0.5.jar
+82930,groovy-sql-3.0.5.jar
+97234,groovy-templates-3.0.5.jar
+284611,groovy-xml-3.0.5.jar
+123360,hamcrest-2.2.jar
+1499,hamcrest-core-2.2.jar
+104518,hamcrest-date-2.0.7.jar
+179964,httpasyncclient-4.1.4.jar
+778156,httpclient-4.5.12.jar
+328593,httpcore-4.4.13.jar
+369320,httpcore-nio-4.4.13.jar
+41792,httpmime-4.5.12.jar
+68079,jackson-annotations-2.10.3.jar
+349108,jackson-core-2.10.3.jar
+1404171,jackson-databind-2.10.3.jar
+78030,javax.activation-1.2.0.jar
+142391,jcharts-0.7.5.jar
+16537,jcl-over-slf4j-1.7.30.jar
+490565,jmespath-core-0.5.0.jar
+7041,jmespath-jackson-0.5.0.jar
+1506993,jna-5.5.0.jar
+403497,jodd-core-5.0.13.jar
+220475,jodd-lagarto-5.0.13.jar
+19858,jodd-log-5.0.13.jar
+26047,jodd-props-5.0.13.jar
+223186,json-path-2.4.0.jar
+120316,json-smart-2.3.jar
+393851,jsoup-1.13.1.jar
+249924,jtidy-r938.jar
+381765,junit-4.13.jar
+48483,jxlayer-3.0.4.jar
+201685,log4j-1.2-api-2.13.3.jar
+292301,log4j-api-2.13.3.jar
+1714164,log4j-core-2.13.3.jar
+23590,log4j-slf4j-impl-2.13.3.jar
+519087,mail-1.5.0-b01.jar
+106939,miglayout-core-5.2.jar
+22390,miglayout-swing-5.2.jar
+419054,mongo-java-driver-2.11.3.jar
+4474164,neo4j-java-driver-4.0.1.jar
+65261,oro-2.0.8.jar
+1299088,ph-commons-9.4.1.jar
+505816,ph-css-6.2.2.jar
+11369,reactive-streams-1.0.3.jar
+1298390,rhino-1.7.12.jar
+1196575,rsyntaxtextarea-3.1.1.jar
+5498326,Saxon-HE-9.9.1-7.jar
+276420,serializer-2.7.2.jar
+41472,slf4j-api-1.7.30.jar
+301119,svgSalamander-1.1.2.1.jar
+708157,tika-core-1.24.1.jar
+1336431,tika-parsers-1.24.1.jar
+3154938,xalan-2.7.2.jar
+1386397,xercesImpl-2.12.0.jar
+220536,xml-apis-1.4.01.jar
+671727,xmlgraphics-commons-2.3.jar
+7188,xmlpull-1.1.3.1.jar
+24956,xpp3_min-1.1.4c.jar
+621071,xstream-1.4.11.1.jar