Report third party plugin configurations not being lazy

[JavierSegoviaCordoba]

If a third-party plugin is not using a Provider based API for a configuration should be great to report it.

[autonomousapps]

Thanks for the issue. The focus of this plugin is on analyzing plugin code that the user themself owns, not third-party plugins (see also https://github.com/autonomousapps/gradle-best-practices-plugin/issues/12). Furthermore, this suggestion raises a lot of questions about how to know which classes of a plugin to analyze. Looking at all tasks would be somewhat straightforward, but not necessarily custom DSL extensions. While they would probably appear in the plugin jar with the suffix _Decorated, it's not very clear which properties should fall under analysis and which shouldn't. I think this plugin's goal should be to catch the most egregious issues. Looking for all possible issues is kind of impossible, unless work on this somehow generates income for me, or there is an active contributor community.

[TWiStErRob]

Note: _Decorated suffix is generated at runtime: org.gradle.internal.instantiation.generator.AsmBackedClassGenerator#decorateAndInject when we use Instantiator (i.e. ObjectFactory.newInstance or indirectly TaskContainer.register/ExtensionContainer.add/etc.).

[TWiStErRob]

For discovery of extensions a two-pass analysis could probably work: find all ExtensionContainer.add/create calls, and analyze class hierarchies of the passed-in classes. Noting it here in case someone picks this up to contribute.

[autonomousapps]

Thanks @TWiStErRob. Maybe one approach would be to look for all public properties on classes discovered via your suggested algorithm, and then warn for those that are raw types (not Propertys). I could be willing to provide some implementation guidance on the class analysis if anyone found this to be an interesting project.