Closed JavierSegoviaCordoba closed 1 year ago
Thanks for the issue. The focus of this plugin is on analyzing plugin code that the user themself owns, not third-party plugins (see also https://github.com/autonomousapps/gradle-best-practices-plugin/issues/12). Furthermore, this suggestion raises a lot of questions about how to know which classes of a plugin to analyze. Looking at all tasks would be somewhat straightforward, but not necessarily custom DSL extensions. While they would probably appear in the plugin jar with the suffix _Decorated
, it's not very clear which properties should fall under analysis and which shouldn't. I think this plugin's goal should be to catch the most egregious issues. Looking for all possible issues is kind of impossible, unless work on this somehow generates income for me, or there is an active contributor community.
Note: _Decorated
suffix is generated at runtime: org.gradle.internal.instantiation.generator.AsmBackedClassGenerator#decorateAndInject
when we use Instantiator
(i.e. ObjectFactory.newInstance
or indirectly TaskContainer.register
/ExtensionContainer.add
/etc.).
For discovery of extensions a two-pass analysis could probably work: find all ExtensionContainer.add/create
calls, and analyze class hierarchies of the passed-in classes. Noting it here in case someone picks this up to contribute.
Thanks @TWiStErRob. Maybe one approach would be to look for all public
properties on classes discovered via your suggested algorithm, and then warn for those that are raw types (not Property
s). I could be willing to provide some implementation guidance on the class analysis if anyone found this to be an interesting project.
If a third-party plugin is not using a
Provider
based API for a configuration should be great to report it.