Open sfc-gh-sgiesecke opened 1 year ago
@Pavank1992 I don't think this relates to external dependencies.
I understand the need, but don't think a simple flag (similar to --notool_deps) is sufficient.
I'm coming at this from the question of producing viable SBOMs for built artifacts. Towards that end, we'll need to be able to ask about different types of artifacts. It is not just "data", but there are many kinds of data. For example
In the future, we're going to be asked to be able to make those distinctions clear. My thinking of late has been that
While we are discussing this, let's open up the conversation. Is it really about data, or are you looking to filter query results based on what is linked into a binary vs. what is a runtime dep in general? #15017 talked about "data", but I think the real need was build time vs. execution time.
are you looking to filter query results based on what is linked into a binary vs. what is a runtime dep
Yes, I think that's the distinction we need. Data dependencies were just the most problematic ones, because they are also built from code from our own codebase, and once they get merged in the query result we can't tell that apart from code that is linked into the binary at hand.
Is it really the data deps you want to prune or would pruning the tools that build the data work?
You could use Bazel cquery --notool_deps --noplicit_deps ...
On Thu, Oct 26, 2023, 3:12 PM Simon Giesecke @.***> wrote:
are you looking to filter query results based on what is linked into a binary vs. what is a runtime dep
Yes, I think that's the distinction we need. Data dependencies were just the most problematic ones, because they are also built from code from our own codebase, and once they get merged in the query result we can't tell that apart from code that is linked into the binary at hand.
— Reply to this email directly, view it on GitHub https://github.com/bazelbuild/bazel/issues/18655#issuecomment-1781097608, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXHHHDKSLRROQNIREKLCG3YBJOUDAVCNFSM6AAAAAAZE2TMQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBRGA4TONRQHA . You are receiving this because you commented.Message ID: @.***>
Is it really the data deps you want to prune
Yes. Another binary is a data dependency. The tools that built it don't matter much, they could easily be filtered out.
LOL... I did not see that I already answered this in August. It's still the same. You can probably write an aspect that will do what you want.
@aiuto I have a requirement to filter runtime dependencies from the result. I am analyzing Java dependency use and I don't care about runtime_deps
but deps
.
Interestingly but not related to this issue (but similar problem), there are uses where I want to disallow compile time use but not runtime use, i.e. don't allow visibility for deps
but allow visibility for runtime_deps
.
Description of the feature request:
When running
bazel query deps(some-target)
, the result includes data dependencies and their transitive dependencies. I would like to ignore/exclude data dependencies.What underlying problem are you trying to solve with this feature?
I am only interested in the libraries that are linked into some-target. Ultimately I want to assert that the set of of libraries linked into some-target does not include certain libraries.
Which operating system are you running Bazel on?
Linux
What is the output of
bazel info release
?6.2.0
If
bazel info release
returnsdevelopment version
or(@non-git)
, tell us how you built Bazel.No response
What's the output of
git remote get-url origin; git rev-parse master; git rev-parse HEAD
?No response
Have you found anything relevant by searching the web?
15017 is loosely related, but it's not about querying, but about whether data dependencies are built when building the target that specifies them.
Any other information, logs, or outputs that you want to share?
No response