autonomousapps / gradle-best-practices-plugin

Gradle Plugin that detects violations of Gradle best practices in Gradle Plugins
Apache License 2.0
181 stars 3 forks source link

False positive reports for safe Project properties #13

Open TWiStErRob opened 1 year ago

TWiStErRob commented 1 year ago

Not all allprojects accesses are evil. If you look at how CrossProjectModelAccess creates ProblemReportingProject instances, they actually list all the properties that are unsafe. These can be indentified by looking at the onAccess() calls.

Here are a few examples which are safe:

So essentially it's safe to navigate the hierarchy of projects, as long as we don't access anything that requires potential evaluation of the project.

I know this might be a bit of a feature, but even a best-effort trivial implementation of some kind of data flow analysis would be nice.

Example safe use case (based on the above restrictions):

project.tasks.register<Task>("allDependencies") {
    val projects = project.rootProject.allprojects.sortedBy { it.path }
    doFirst {
        println(projects.joinToString(prefix = "Printing dependencies for modules:\n", separator = "\n") { " * ${it}" })
    }
    dependsOn(projects.map { "${it.path}:dependencies" })
}

Current report (above code resides in gradle/plugins/src/main/kotlin/root.gradle.kts:

root_gradle$2#invoke(Ljava.lang.Object;)Ljava.lang.Object; ->
  root_gradle$2#invoke(Lorg.gradle.api.Task;)V ->
  org.gradle.api.Project#getAllprojects()Ljava.util.Set;
autonomousapps commented 1 year ago

Thanks for the issue. This isn't something I'd be willing to spend time working on. I personally feel that it is too subtle to have high value for the vast majority of projects. However, PRs would be welcome.