add a check for dependencies provided via api plugins

Request to change dependencies that are available via api plugins Uses a simple text file for defining which dependencies should be checked and what shold be used instead. Additional comments can be added. fixes jenkins-infra#4047
mawinter69 · Aug 25, 2024 · ad6ab25 · ad6ab25
1 parent 4a6a532
commit ad6ab25
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 1 deletion.
diff --git a/banned-dependencies.lst b/banned-dependencies.lst
@@ -0,0 +1,32 @@
+# Define each banned dependency as "<groupid>:<artifactid>;<alternative-groupid>:<alternative-artifacid>[;<comment>]"
+org.apache.commons:commons-lang3;io.jenkins.plugins:commons-lang3-api
+org.apache.commons:commons-lang;io.jenkins.plugins:commons-lang3-api
+org.apache.commons:commons-text;io.jenkins.plugins:commons-text-api
+org.apache.commons:commons-compress;io.jenkins.plugins:commons-compress-api
+org.apache.commons:commons-math3;io.jenkins.plugins:commons-math3-api
+
+org.json:json;io.jenkins.plugins:json-api
+com.jayway.jsonpath:json-path;io.jenkins.plugins:json-path-api
+com.google.code.gson:gson;io.jenkins.plugins:gson-api
+com.fasterxml.jackson.core:jackson-core;org.jenkins-ci.plugins:jackson2-api
+org.yaml:snakeyaml;io.jenkins.plugins:snakeyaml-api
+
+joda-time:joda-time;io.jenkins.plugins:joda-time-api
+org.ow2.asm:asm;io.jenkins.plugins:asm-api
+
+net.bytebuddy:byte-buddy;io.jenkins.plugins:byte-buddy-api
+
+com.github.ben-manes.caffeine:caffeine;io.jenkins.plugins:caffeine-api
+
+org.apache.httpcomponents:httpclient;org.jenkins-ci.plugins:apache-httpcomponents-client-4-api
+org.apache.httpcomponents.client5:httpclient5;io.jenkins.plugins:apache-httpcomponents-client-5-api
+com.squareup.okhttp3:okhttp;io.jenkins.plugins:okhttp-api
+
+jakarta.activation:jakarta.activation-api;io.jenkins.plugins:jakarta-activation-api
+jakarta.mail:jakarta.mail-api;io.jenkins.plugins:jakarta-mail-api
+com.sun.activation:javax.activation;io.jenkins.plugins:javax-activation-api;Consider switching from javax.activation to jakarta.activation and using io.jenkins.plugins:jakarta-activation-api
+com.sun.mail:javax.mail;io.jenkins.plugins:javax-mail-api;Consider switching from javax.mail to jakarta.mail and using io.jenkins.plugins:jakarta-activation-api
+
+com.github.mwiede:jsch;org.jenkins-ci.plugins:jsch
+
+com.sun.xml.bind:jaxb-impl;io.jenkins.plugins:jaxb
diff --git a/src/main/java/io/jenkins/infra/repository_permissions_updater/hosting/MavenVerifier.java b/src/main/java/io/jenkins/infra/repository_permissions_updater/hosting/MavenVerifier.java
@@ -1,20 +1,26 @@
 package io.jenkins.infra.repository_permissions_updater.hosting;
 
+import java.io.BufferedReader;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.StringReader;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.maven.model.License;
 import org.apache.maven.model.Model;
 import org.apache.maven.model.Parent;
 import org.apache.maven.model.Repository;
-import org.apache.maven.model.Scm;
 import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
 import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
 import org.kohsuke.github.GHContent;
@@ -41,6 +47,8 @@ public class MavenVerifier implements BuildSystemVerifier {
 
     public static final String SHOULD_BE_IO_JENKINS_PLUGINS = "The &lt;groupId&gt; from the pom.xml should be `io.jenkins.plugins` instead of `%s`";
 
+    public static final String DEPENDENCY_SHOULD_USE_API_PLUGIN = "The dependency `%s` should be replaced with a dependency to the api plugin `%s` %s";
+
     @Override
     public void verify(HostingRequest issue, HashSet<VerificationMessage> hostingIssues) throws IOException {
         GitHub github = GitHub.connect();
@@ -70,6 +78,7 @@ public void verify(HostingRequest issue, HashSet<VerificationMessage> hostingIss
                             checkRepositories(model, hostingIssues);
                             checkPluginRepositories(model, hostingIssues);
                             checkSoftwareConfigurationManagementField(model, hostingIssues);
+                            checkDependencies(model, hostingIssues);
                         } catch(Exception e) {
                             LOGGER.error("Failed looking at pom.xml", e);
                             hostingIssues.add(new VerificationMessage(VerificationMessage.Severity.REQUIRED, INVALID_POM));
@@ -99,6 +108,7 @@ private void checkArtifactId(Model model, String forkTo, HashSet<VerificationMes
 
             String groupId = model.getGroupId();
             String artifactId = model.getArtifactId();
+
             if(StringUtils.isNotBlank(artifactId)) {
                 if(StringUtils.isNotBlank(forkTo) && !artifactId.equals(forkTo.replace("-plugin", ""))) {
                     hostingIssues.add(new VerificationMessage(VerificationMessage.Severity.REQUIRED, "The 'artifactId' from the pom.xml (`%s`) is incorrect, it should be `%s` ('New Repository Name' field with \"-plugin\" removed)", artifactId, (forkTo.replace("-plugin", "")).toLowerCase()));
@@ -285,4 +295,44 @@ private void checkSoftwareConfigurationManagementField(Model model, HashSet<Veri
             }
         }
     }
+    private void checkDependencies(Model model, HashSet<VerificationMessage> hostingIssues) {
+        Map<String, String> bd = getBannedDependencies();
+        model.getDependencies().forEach(d -> {
+            String dep = d.getGroupId() + ":" + d.getArtifactId();
+            String scope = d.getScope();
+            if (scope == null) {
+                scope = "compile";
+            }
+            if (scope.equals("compile") && bd.containsKey(dep)) {
+                String[] alt = bd.get(dep).split(";", 2);
+                String comment = "";
+                if (alt.length > 1) {
+                    comment = ". " + alt[1];
+                }
+                hostingIssues.add(new VerificationMessage(VerificationMessage.Severity.REQUIRED, DEPENDENCY_SHOULD_USE_API_PLUGIN, dep, alt[0], comment));
+            }
+        });
+    }
+
+    private Map<String, String> getBannedDependencies() {
+        Map<String, String> bannedDependencies = new HashMap<>();
+        try (InputStream is = new FileInputStream("banned-dependencies.lst"); BufferedReader reader = new BufferedReader(new InputStreamReader(Objects.requireNonNull(is), StandardCharsets.UTF_8))) {
+
+            String line = reader.readLine();
+            while (line != null) {
+                line = line.trim();
+                if (!line.startsWith("#") && line.length() > 0) {
+                    String[] parts = line.split(";", 2);
+                    if (parts.length < 2) {
+                        continue;
+                    }
+                    bannedDependencies.put(parts[0], parts[1]);
+                }
+                line = reader.readLine();
+            }
+            return bannedDependencies;
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
 }