Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-evaluate scopes for third party dependencies #2180

Open
jjohannes opened this issue Jan 16, 2025 · 0 comments
Open

Re-evaluate scopes for third party dependencies #2180

jjohannes opened this issue Jan 16, 2025 · 0 comments

Comments

@jjohannes
Copy link
Collaborator

Background

This is about whether some third party dependencies that are currently defined in scope requires (not re-exported at compile time) should be moved to scope requires transitive (re-exported at compile time).

Status

Concretely, it is about the following dependencies defined in module-info.java.

    requires com.esaulpaugh.headlong;
    requires com.google.common;
    requires io.grpc.stub;
    requires io.grpc;
    requires org.bouncycastle.provider;
    requires org.slf4j;

All of these libraries contain Types – public Interfaces or Classes – that are exposed in a public method of our code. Hence, users of the SDK potentially need them (at compile time) to call a certain part of our code.

This situation was discovered when we started using the dependency scope check in the new Gradle setup. The check failed, telling the scope should be changes to requires transitive for the libraries listed above.

In order to make the check pass, we added the following exclusions:

dependencyAnalysis.abi {
    exclusions {
        // Exposes: org.slf4j.Logger
        excludeClasses("logger")
        // Exposes: com.google.common.base.MoreObjects.ToStringHelper
        excludeClasses(".*\\.CustomFee")
        // Exposes: com.esaulpaugh.headlong.abi.Tuple
        excludeClasses(".*\\.ContractFunctionResult")
        // Exposes: org.bouncycastle.crypto.params.KeyParameter
        excludeClasses(".*\\.PrivateKey.*")
        // Exposes: io.grpc.stub.AbstractFutureStub (and others)
        excludeClasses(".*Grpc")
    }
}

What to do

Check each of the dependencies and do one of three things:

  1. Change our public API such that it uses no types from the dependency. Maybe it's just one or two types that were used by mistake before the scope check existed.
  2. Keep the necessary exclusions. Maybe it was not intended to use the type(s) on the API, or the place where the types are used is not considered public API despite the fact that it is technically accessible. Maybe change the API at a later point.
  3. Move the dependency scope to requires transitive as a conscious decision to make the 3rd party dependency part of our API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jjohannes