From 167012a7ef2a87aabe2f2ce3ca73d7f154b92850 Mon Sep 17 00:00:00 2001
From: Idel Pivnitskiy <idel.pivnitskiy@apple.com>
Date: Fri, 3 Jan 2025 14:07:11 -0800
Subject: [PATCH] Add dependency-analysis-gradle-plugin (#3158)

Motivation:

The Dependency Analysis Gradle Plugin (DAGP) detects the following
problems with dependencies: unused dependencies, used transitive
dependencies that should be declared directly, dependencies declared on
the wrong configuration.

Modifications:

- Add new plugin as part of our main `build.gradle` file;
- Make `buildHealth` task part of the `quality` task;
- When run PRQ action on CI, print report to console;
- Make sure `copySourcesForJersey3` task always executes before
dependency-analysis as it depends on copied source code;

Result:

We can automatically detect issues with dependencies.
---
 .github/workflows/ci-prq.yml                  |  2 +-
 build.gradle                                  | 34 +++++++++++++++++++
 gradle.properties                             |  1 +
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 .../build.gradle                              |  7 ++++
 13 files changed, 106 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-prq.yml b/.github/workflows/ci-prq.yml
index f5ca234a4e..093ea71236 100644
--- a/.github/workflows/ci-prq.yml
+++ b/.github/workflows/ci-prq.yml
@@ -37,7 +37,7 @@ jobs:
       - name: Clean Gradle project
         run: ./gradlew --parallel clean
       - name: Build with Gradle
-        run: ./gradlew --parallel quality
+        run: ./gradlew --parallel -Pdependency.analysis.print.build.health=true quality
       - name: Upload CheckStyle Results
         if: always()
         uses: actions/upload-artifact@v4
diff --git a/build.gradle b/build.gradle
index 1d3d84dc54..cdb80c9a4d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -42,8 +42,40 @@ if (!repositories) {
   print("This machine already has some pre-configured repositories, will use: ${repositories*.name.join(", ")}")
 }
 
+buildscript {
+  if (!repositories) {
+    repositories {
+      gradlePluginPortal()
+    }
+  }
+  dependencies {
+    if (JavaVersion.current().isJava11Compatible()) {
+      classpath("com.autonomousapps:dependency-analysis-gradle-plugin:$dependencyAnalysisPluginVersion")
+    }
+  }
+}
+
 apply plugin: "io.servicetalk.servicetalk-gradle-plugin-internal-root"
 
+// Unfortunately, we can not make this validation part of our servicetalk-gradle-plugin-internal because it requires
+// JDK11 while we build and package out plugin with JDK8.
+if (JavaVersion.current().isJava11Compatible()) {
+  apply plugin: "com.autonomousapps.dependency-analysis"
+
+  dependencyAnalysis {
+    issues {
+      all {
+        onAny {
+          severity("warn")  // FIXME: switch to "fail" when all issues are addressed
+          exclude("com.google.code.findbugs:jsr305")
+        }
+      }
+    }
+  }
+
+  quality.dependsOn buildHealth
+}
+
 task validateLocalDocSite(type: Exec) {
   group 'Documentation'
   description 'Generate and validate servicetalk.io site documentation'
@@ -56,6 +88,8 @@ subprojects {
   // mockito 5 only supports jdk11+
   if (JavaVersion.current() < JavaVersion.VERSION_11) {
     project.setProperty("mockitoCoreVersion", mockitoCorePreJdk11Version)
+  } else {
+    apply plugin: "com.autonomousapps.dependency-analysis"
   }
   // Used by ci-release.yaml to determine which modules need to be built/released with JDK11.
   task printJavaTargetCompatibility {
diff --git a/gradle.properties b/gradle.properties
index 66831d41e4..b23ba51e61 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -95,6 +95,7 @@ mockitoCoreVersion=5.14.2
 # mockito version is overridden for <jdk11 due to incompatibilities with newer bytebuddy and class format
 mockitoCorePreJdk11Version=4.11.0
 spotbugsPluginVersion=5.0.13
+dependencyAnalysisPluginVersion=2.6.1
 
 apacheDirectoryServerVersion=1.5.7
 commonsLangVersion=2.6
diff --git a/servicetalk-data-jackson-jersey3-jakarta10/build.gradle b/servicetalk-data-jackson-jersey3-jakarta10/build.gradle
index 41edec383f..85d43ba019 100644
--- a/servicetalk-data-jackson-jersey3-jakarta10/build.gradle
+++ b/servicetalk-data-jackson-jersey3-jakarta10/build.gradle
@@ -68,6 +68,13 @@ tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE10}"
 def actualJaxRsVersion = "${jaxRsVersionEE10}"
diff --git a/servicetalk-data-jackson-jersey3-jakarta9/build.gradle b/servicetalk-data-jackson-jersey3-jakarta9/build.gradle
index 9b3c60c420..529cacb77a 100644
--- a/servicetalk-data-jackson-jersey3-jakarta9/build.gradle
+++ b/servicetalk-data-jackson-jersey3-jakarta9/build.gradle
@@ -68,6 +68,13 @@ tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE9}"
 def actualJaxRsVersion = "${jaxRsVersionEE9}"
diff --git a/servicetalk-data-protobuf-jersey3-jakarta10/build.gradle b/servicetalk-data-protobuf-jersey3-jakarta10/build.gradle
index b3e0bb8918..f6da8e7353 100644
--- a/servicetalk-data-protobuf-jersey3-jakarta10/build.gradle
+++ b/servicetalk-data-protobuf-jersey3-jakarta10/build.gradle
@@ -76,6 +76,13 @@ tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.generateTestProto.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE10}"
 def actualJaxRsVersion = "${jaxRsVersionEE10}"
diff --git a/servicetalk-data-protobuf-jersey3-jakarta9/build.gradle b/servicetalk-data-protobuf-jersey3-jakarta9/build.gradle
index 6e37b0e05a..457f713d4c 100644
--- a/servicetalk-data-protobuf-jersey3-jakarta9/build.gradle
+++ b/servicetalk-data-protobuf-jersey3-jakarta9/build.gradle
@@ -76,6 +76,13 @@ tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.generateTestProto.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE9}"
 def actualJavaxActivationVersion = "${javaxActivationVersionEE9}"
diff --git a/servicetalk-http-router-jersey3-jakarta10-internal/build.gradle b/servicetalk-http-router-jersey3-jakarta10-internal/build.gradle
index 140a449edb..c42ff65f93 100644
--- a/servicetalk-http-router-jersey3-jakarta10-internal/build.gradle
+++ b/servicetalk-http-router-jersey3-jakarta10-internal/build.gradle
@@ -63,6 +63,13 @@ task copySourcesForJersey3(type: Copy) {
 tasks.processResources.dependsOn(copySourcesForJersey3)
 tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE10}"
 def actualJaxRsVersion = "${jaxRsVersionEE10}"
diff --git a/servicetalk-http-router-jersey3-jakarta10/build.gradle b/servicetalk-http-router-jersey3-jakarta10/build.gradle
index 7fe50df5f5..193d8d55a0 100644
--- a/servicetalk-http-router-jersey3-jakarta10/build.gradle
+++ b/servicetalk-http-router-jersey3-jakarta10/build.gradle
@@ -70,6 +70,13 @@ tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE10}"
 def actualJavaxActivationVersion = "${javaxActivationVersionEE10}"
diff --git a/servicetalk-http-router-jersey3-jakarta9-internal/build.gradle b/servicetalk-http-router-jersey3-jakarta9-internal/build.gradle
index e0c921bb9a..1f08222ace 100644
--- a/servicetalk-http-router-jersey3-jakarta9-internal/build.gradle
+++ b/servicetalk-http-router-jersey3-jakarta9-internal/build.gradle
@@ -63,6 +63,13 @@ task copySourcesForJersey3(type: Copy) {
 tasks.processResources.dependsOn(copySourcesForJersey3)
 tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE9}"
 def actualJaxRsVersion = "${jaxRsVersionEE9}"
diff --git a/servicetalk-http-router-jersey3-jakarta9/build.gradle b/servicetalk-http-router-jersey3-jakarta9/build.gradle
index e5b430d06e..30c1ff3b00 100644
--- a/servicetalk-http-router-jersey3-jakarta9/build.gradle
+++ b/servicetalk-http-router-jersey3-jakarta9/build.gradle
@@ -70,6 +70,13 @@ tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE9}"
 def actualJavaxActivationVersion = "${javaxActivationVersionEE9}"
diff --git a/servicetalk-http-security-jersey3-jakarta10/build.gradle b/servicetalk-http-security-jersey3-jakarta10/build.gradle
index 0bf37ab096..c2f05a029f 100644
--- a/servicetalk-http-security-jersey3-jakarta10/build.gradle
+++ b/servicetalk-http-security-jersey3-jakarta10/build.gradle
@@ -69,6 +69,13 @@ tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE10}"
 def actualJaxRsVersion = "${jaxRsVersionEE10}"
diff --git a/servicetalk-http-security-jersey3-jakarta9/build.gradle b/servicetalk-http-security-jersey3-jakarta9/build.gradle
index 5b01acc8ee..ed37ca2ba0 100644
--- a/servicetalk-http-security-jersey3-jakarta9/build.gradle
+++ b/servicetalk-http-security-jersey3-jakarta9/build.gradle
@@ -69,6 +69,13 @@ tasks.sourcesJar.dependsOn(copySourcesForJersey3)
 tasks.compileJava.dependsOn(copySourcesForJersey3)
 tasks.processTestResources.dependsOn(copySourcesForJersey3)
 tasks.compileTestJava.dependsOn(copySourcesForJersey3)
+afterEvaluate {
+  if (tasks.findByName("projectHealth")) {
+    tasks.withType(com.autonomousapps.tasks.CodeSourceExploderTask) {
+      dependsOn(copySourcesForJersey3)
+    }
+  }
+}
 
 def actualJerseyVersion = "${jersey3VersionEE9}"
 def actualJaxRsVersion = "${jaxRsVersionEE9}"