🚧 Draft PR: Prototype for Gradle Native Helper Integration #12471
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Example calling dependency list command echo '{"function":"list_dependencies","args":{"projectDir":"spec/fixtures/projects/sample_project"}}' \
| java -jar build/libs/gradle-helper.jarResponse: {
"result": [
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/32.1.2-jre/5e64ec7e056456bef3a4bc4c6fdaef71e8ab6318/guava-32.1.2-jre.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/32.1.2-jre/e1911d4544f426600132fbd450a7ccab8a3ce8dc/guava-32.1.2-jre-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='COMPILE'}', id='GradleModuleVersion{group='com.google.guava', name='guava', version='32.1.2-jre'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.guava/failureaccess/1.0.1/1dcf1de382a0bf95a3d8b0849546c88bac1292c9/failureaccess-1.0.1.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.guava/failureaccess/1.0.1/1d064e61aad6c51cc77f9b59dc2cccc78e792f5a/failureaccess-1.0.1-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='COMPILE'}', id='GradleModuleVersion{group='com.google.guava', name='failureaccess', version='1.0.1'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/b421526c5f297295adef1c886e5246c39d4ac629/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar, source=null, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='COMPILE'}', id='GradleModuleVersion{group='com.google.guava', name='listenablefuture', version='9999.0-empty-to-avoid-conflict-with-guava'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.code.findbugs/jsr305/3.0.2/25ea2e8b0c338a877313bd4672d3fe056ea78f0d/jsr305-3.0.2.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.code.findbugs/jsr305/3.0.2/b19b5927c2c25b6c70f093767041e641ae0b1b35/jsr305-3.0.2-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='COMPILE'}', id='GradleModuleVersion{group='com.google.code.findbugs', name='jsr305', version='3.0.2'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/org.checkerframework/checker-qual/3.33.0/de2b60b62da487644fc11f734e73c8b0b431238f/checker-qual-3.33.0.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/org.checkerframework/checker-qual/3.33.0/ee4ecf6c55e3f2b05b839aa05c70f1298437ebe9/checker-qual-3.33.0-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='COMPILE'}', id='GradleModuleVersion{group='org.checkerframework', name='checker-qual', version='3.33.0'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.errorprone/error_prone_annotations/2.18.0/89b684257096f548fa39a7df9fdaa409d4d4df91/error_prone_annotations-2.18.0.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.errorprone/error_prone_annotations/2.18.0/8781f46ef842929cf22e83273ef0d2091b96845f/error_prone_annotations-2.18.0-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='COMPILE'}', id='GradleModuleVersion{group='com.google.errorprone', name='error_prone_annotations', version='2.18.0'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.j2objc/j2objc-annotations/2.8/c85270e307e7b822f1086b93689124b89768e273/j2objc-annotations-2.8.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/com.google.j2objc/j2objc-annotations/2.8/74fb66e276fc42784d884d51f841e35232bc90de/j2objc-annotations-2.8-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='PROVIDED'}', id='GradleModuleVersion{group='com.google.j2objc', name='j2objc-annotations', version='2.8'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/junit/junit/4.13.2/8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12/junit-4.13.2.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/junit/junit/4.13.2/33987872a811fe4d4001ed494b07854822257f42/junit-4.13.2-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='TEST'}', id='GradleModuleVersion{group='junit', name='junit', version='4.13.2'}'}",
"IdeaLibraryDependency{file=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/org.hamcrest/hamcrest-core/1.3/42a25dc3219429f0e5d060061f71acb49bf010a0/hamcrest-core-1.3.jar, source=/Users/kbukum1/.gradle/caches/modules-2/files-2.1/org.hamcrest/hamcrest-core/1.3/1dc37250fbc78e23a65a67fbbaf71d2e9cbc3c0b/hamcrest-core-1.3-sources.jar, javadoc=null, exported=false, scope='IdeaDependencyScope{scope='TEST'}', id='GradleModuleVersion{group='org.hamcrest', name='hamcrest-core', version='1.3'}'}"
]
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What are you trying to accomplish?
This PR introduces a prototype for a native Gradle helper using the Gradle Tooling API to improve Dependabot's support for Gradle projects.
✅ What’s included
gradle/helpers/GradleHelperclass using the Tooling API to extract dependency metadata./gradlew) and shadowJar packagingspec/fixtures/projects/for manual testingREADME.mdexplaining structure, usage, and roadmap🤔 Why
Dependabot currently handles some Gradle functionality, including recent support for
gradle.lockfile. However, several challenges remain:This helper is a prototype to validate the feasibility of embedding a native JVM-based interface, bringing us closer to parity with how we handle ecosystems like Maven or pip.
🔍 What it does
Currently, the CLI supports:
{ "function": "list_dependencies", "args": { "projectDir": "/path/to/gradle/project" } }It will return a flat list of dependencies based on the
IdeaProjectmodel.🧪 How to test
Build the helper:
cd gradle/helpers ./gradlew shadowJarRun it:
You can add more example projects under
spec/fixtures/projects/for local experimentation.📦 Integration Plan
The Ruby side of Dependabot can:
SharedHelpers.run_helper_subprocessWe expect to add new commands over time and use this structure to unify and simplify Gradle metadata handling.
🔮 Follow-ups (not in this PR)
Investigate if further enhancement to
gradle.lockfilesupport is needed (e.g., diffing, native parsing)Add commands to:
Support for multi-project and included builds
Support for dependency graph submission with Gradle's full resolution model
📌 Notes for Reviewers
This PR is a minimal prototype, intended to validate architecture and tooling
Feedback welcome on:
We're prioritizing correctness and extensibility over performance at this stage
✅ Checklist
SharedHelpers./gradlew shadowJar