Skip to content

Commit

Permalink
Don't get transitive dependencies of checkstyle. We don't need them t…
Browse files Browse the repository at this point in the history
…o load checkstyle config and occasionally security scanners get mad about these unused transitive dependencies.
  • Loading branch information
sambsnyd committed Sep 12, 2024
1 parent a0b9abe commit 9fca527
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
2 changes: 2 additions & 0 deletions plugin/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ dependencies {
@Suppress("VulnerableLibrariesLocal", "RedundantSuppression")
"rewriteDependencies"("com.puppycrawl.tools:checkstyle:9.3") {
because("Latest version supporting gradle 4.x")
// We only use checkstyle to load its configuration files, and it turns out this alone is sufficient
isTransitive = false
}
"rewriteDependencies"("com.fasterxml.jackson.module:jackson-module-kotlin:2.17.2")
"rewriteDependencies"("com.google.guava:guava:latest.release")
Expand Down
21 changes: 20 additions & 1 deletion plugin/src/main/java/org/openrewrite/gradle/RewritePlugin.java
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,13 @@
*/
package org.openrewrite.gradle;

import groovy.lang.Closure;
import org.gradle.api.Plugin;
import org.gradle.api.Project;
import org.gradle.api.Task;
import org.gradle.api.artifacts.Configuration;
import org.gradle.api.artifacts.Dependency;
import org.gradle.api.artifacts.ExternalModuleDependency;
import org.gradle.api.artifacts.dsl.DependencyHandler;
import org.gradle.api.attributes.*;
import org.gradle.api.attributes.java.TargetJvmEnvironment;
Expand All @@ -32,6 +34,7 @@
import org.gradle.api.provider.Provider;
import org.gradle.api.tasks.SourceSetContainer;
import org.gradle.api.tasks.TaskProvider;
import org.jspecify.annotations.Nullable;

import java.io.File;
import java.util.Comparator;
Expand All @@ -52,6 +55,7 @@
@SuppressWarnings("unused")
public class RewritePlugin implements Plugin<Project> {

@Nullable
private Set<File> resolvedDependencies;

@Override
Expand Down Expand Up @@ -210,7 +214,22 @@ private static Stream<Dependency> knownRewriteDependencies(RewriteExtension exte
deps.create("org.openrewrite.gradle.tooling:model:" + extension.getRewriteGradleModelVersion()),

// This is an optional dependency of rewrite-java needed when projects also apply the checkstyle plugin
deps.create("com.puppycrawl.tools:checkstyle:" + extension.getCheckstyleToolsVersion()),
deps.create("com.puppycrawl.tools:checkstyle:" + extension.getCheckstyleToolsVersion(), new Closure<Dependency>(deps) {
@Override
public Dependency call(Object arguments) {
if (arguments instanceof ExternalModuleDependency) {
ExternalModuleDependency dep = (ExternalModuleDependency) arguments;
dep.setTransitive(false);
return dep;
}
return super.call(arguments);
}

@Override
public int getMaximumNumberOfParameters() {
return 1;
}
}),
deps.create("com.fasterxml.jackson.module:jackson-module-kotlin:" + extension.getJacksonModuleKotlinVersion()),
deps.create("com.fasterxml.jackson.datatype:jackson-datatype-jsr310:" + extension.getJacksonModuleKotlinVersion())
);
Expand Down

0 comments on commit 9fca527

Please sign in to comment.