search

cashapp / licensee

Gradle plugin which validates the licenses of your dependency graph match what you expect
https://cashapp.github.io/licensee/docs/1.x/
Apache License 2.0
626 stars 28 forks source link

Run before maven publish by default #260

Closed vdshb closed 11 months ago

vdshb commented 11 months ago

I started using licensee on KMP-libraries development. In this scenario build task is not in the picture. Final step is publishing, not building. Publish tasks (maven-publish plugin) are not depend on build task by default.

List of tasks for example:

> Task :compileKotlinWasm
> Task :wasmProcessResources
> Task :wasmMainClasses
> Task :kotlinNpmCachesSetup
> Task :wasmPackageJson
> Task :wasmPublicPackageJson
> Task :wasmJar
> Task :wasmSourcesJar
> Task :generateMetadataFileForWasmPublication
> Task :generatePomFileForWasmPublication
> Task :publishWasmPublicationToMavenLocal

What helped me to use licensee comfortably is adding:

// fail-fast on compile
tasks.withType<AbstractCompile> { // JVM-languages (Java, Kotlin, Scala, etc.)
    dependsOn("licensee")
}
tasks.withType<AbstractKotlinCompile<*>> { // Kotlin JVM/JS/WASM
    dependsOn("licensee")
}
tasks.withType<KotlinNativeCompile> { // Kotlin Native
    dependsOn("licensee")
}
//fail on publication
tasks.withType<AbstractPublishToMaven> {
    dependsOn("licensee")
}

It might be reasonable to add licensee before AbstractPublishToMaven in tasks-chain by default.

JakeWharton commented 11 months ago

Publishing relies on the assemble task because it only requires the built binaries to work. Other examples of tasks that don't run when you only run publish tasks are the test tasks, code style tasks, etc. because those, like licensee, are added to the check task.

Gradle will honor the order when multiple tasks are specified on the command line. So if you want all validation tasks to pass before publishing, I would consider running check publish or build publish. Since licensee does not produce any artifacts that are included in publishing this is the only way to guarantee it runs first (aside from manually adding a task dependency like you did).

Because publishing doesn't strictly rely on licensee I don't think it makes sense to explicitly add this dependency generally.

vdshb commented 11 months ago

Publishing relies on the assemble task

As I can see publishing is not connected to assemble task (directly) either. But the check task is exactly what I need. Thanks for mentioning it and reasoning behind it! I've never used it, but it makes total sense. Now I wonder how I lived without it.