You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "David Smiley (Jira)" <ji...@apache.org> on 2022/02/07 22:27:00 UTC

[jira] [Commented] (SOLR-15984) Ensure all used dependencies are declared

    [ https://issues.apache.org/jira/browse/SOLR-15984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488453#comment-17488453 ] 

David Smiley commented on SOLR-15984:
-------------------------------------

I suppose this will help but only for direct dependencies.  For transitive, they can sneak-in still.  Our global versions.lock file is helpful but doesn't differentiate between a test transitive and a shipping/distribution transitive.  A down-side to the check you propose to add is that it will force us to explicitly declare dependencies in our build – extra busy-work.  Not a big deal.

My wish for dependency management checks:  for each module, have the dependency tree generated to a file that is checked-in to source control.  During precommit, ensure this matches the tree or fail.  Easy; ehh?  Henceforth, changes will be seen in PRs (and Git history) with plenty of context on the dependency change.  WDYT [~dweiss] ?

> Ensure all used dependencies are declared
> -----------------------------------------
>
>                 Key: SOLR-15984
>                 URL: https://issues.apache.org/jira/browse/SOLR-15984
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Build
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> Solr uses a bunch of dependencies that are not declared inside build.gradle files. These dependencies are pull in transitively instead of declared explicitly. This makes it easy for new dependencies to be added without seeing the impact.
> https://github.com/gradle-dependency-analyze/gradle-dependency-analyze can be used to find used but undeclared dependencies during the build process. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org