Missing check for buildability in pana scoring report

[derdilla]

I just stumbled over a plugin pub.dev claims has full support for up-to-date dependencies, but fails android builds.

• consider https://pub.dev/packages/jsaver/score

• Support up-to-date dependencies 40 / 40

• flutter create bug && cd bug && flutter pub add jsaver
  • warn messages related to jsaver show up on flutter beta channel
• flutter build apk
  • Fails across different Flutter channels

  • FAILURE: Build failed with an exception.

  • This is because the plugin doesn't support the latest agp version
  • pub.dev (and maybe pana) fail to realize that

[sigurdm]

I think agp is the android gradle plugin.

Mostly pana cares about the dart side of thing.

How can we check the agp version required? Do we need to run the gradle build? (I don't think we're going to do that...)

@christopherfujino do you know anything about agp - or who we could ask?

[christopherfujino]

I think agp is the android gradle plugin.

Mostly pana cares about the dart side of thing.

How can we check the agp version required? Do we need to run the gradle build? (I don't think we're going to do that...)

@christopherfujino do you know anything about agp - or who we could ask?

I'm not sure how feasible it is to check this, but I would ask @gmackall. Maybe this is as easy as grep-ing on a specific config file? Would we have to keep this check up to date with Flutter?

[gmackall]

Getting the AGP version without running a Gradle build isn't going to be reliable unfortunately. Gradle files are in essence just user owned code.

The flutter app template defines the AGP version in a plugins block:

plugins {
    id "dev.flutter.flutter-plugin-loader" version "1.0.0"
    id "com.android.application" version "8.1.0" apply false
    id "org.jetbrains.kotlin.android" version "1.8.22" apply false
}

but a user would be free to, for example, instead add a line to their gradle.properties defining agp_version=8.1.0, and then referencing it

plugins {
    id "dev.flutter.flutter-plugin-loader" version "1.0.0"
    id "com.android.application" version "$agp_version" apply false
    id "org.jetbrains.kotlin.android" version "1.8.22" apply false
}

There are also a number of other syntaxes for applying plugins, so they could have changed it even further https://docs.gradle.org/current/userguide/plugins.html#sec:binary_plugin_locations (and in fact we used to use a different syntax).

[gmackall]

Ah but I see the question isn't exactly how to get the AGP version in use by an app, but rather the one required by the plugin. I'd expect that the plugin isn't explicitly doing a check and expressing a requirement concretely, but rather is just implicitly being broken by recent behavior changes in AGP, which again makes this hard to parse.

[sigurdm]

I guess the only thing we could do would be to attempt adding the plugin to a dummy project and attempt building it.

It would require our workers to set up a full android build environment.

Currently I think this is out of scope of our package analysis.

[sigurdm]

Updated the title. I don't think this would be as part of the dependencis section (which covers pub dependencies), but rather some new section in case we ever make it happen (we probably would just be able to say "doesn't build, here are the logs:")