Add dependency-analysis plugin and implement some recommendations (#4798)

Co-authored-by: schalkms <30376729+schalkms@users.noreply.github.com>
2026-03-10 08:11:23 +00:00 · 2022-06-02 22:19:44 +10:00
parent 8e27a307ee
commit 1258c2fe82
12 changed files with 24 additions and 11 deletions
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -6,6 +6,7 @@ plugins {
    id("io.gitlab.arturbosch.detekt")
    alias(libs.plugins.gradleVersions)
    alias(libs.plugins.sonarqube)
+    alias(libs.plugins.dependencyAnalysis)
 }

 allprojects {
@@ -44,6 +45,16 @@ allprojects {
    }
 }

+dependencyAnalysis {
+    issues {
+        all {
+            onUsedTransitiveDependencies {
+                severity("ignore")
+            }
+        }
+    }
+}
+
 val analysisDir = file(projectDir)
 val baselineFile = file("$rootDir/config/detekt/baseline.xml")
 val configFile = file("$rootDir/config/detekt/detekt.yml")
--- a/detekt-core/build.gradle.kts
+++ b/detekt-core/build.gradle.kts
@@ -3,12 +3,12 @@ plugins {
 }

 dependencies {
+    api(projects.detektApi)
+    api(projects.detektParser)
+    api(projects.detektTooling)
    implementation(libs.snakeyaml)
-    implementation(projects.detektApi)
    implementation(projects.detektMetrics)
-    implementation(projects.detektParser)
    implementation(projects.detektPsiUtils)
-    implementation(projects.detektTooling)
    implementation(projects.detektReportHtml)
    implementation(projects.detektReportTxt)
    implementation(projects.detektReportXml)
--- a/detekt-formatting/build.gradle.kts
+++ b/detekt-formatting/build.gradle.kts
@@ -3,7 +3,7 @@ plugins {
 }

 dependencies {
-    implementation(projects.detektApi)
+    compileOnly(projects.detektApi)
    implementation(libs.ktlint.rulesetStandard) {
        exclude(group = "org.jetbrains.kotlin")
    }
--- a/detekt-psi-utils/build.gradle.kts
+++ b/detekt-psi-utils/build.gradle.kts
@@ -4,7 +4,7 @@ plugins {
 }

 dependencies {
-    implementation(libs.kotlin.compilerEmbeddable)
+    api(libs.kotlin.compilerEmbeddable)

    testImplementation(libs.assertj)
    testImplementation(projects.detektTest)
--- a/detekt-report-sarif/src/main/kotlin/io/github/detekt/report/sarif/Results.kt
+++ b/detekt-report-sarif/src/main/kotlin/io/github/detekt/report/sarif/Results.kt
@@ -12,7 +12,7 @@ import io.gitlab.arturbosch.detekt.api.Location
 import io.gitlab.arturbosch.detekt.api.RuleSetId
 import io.gitlab.arturbosch.detekt.api.SeverityLevel

-fun toResults(detektion: Detektion): List<io.github.detekt.sarif4k.Result> =
+internal fun toResults(detektion: Detektion): List<io.github.detekt.sarif4k.Result> =
    detektion.findings.flatMap { (ruleSetId, findings) ->
        findings.map { it.toResult(ruleSetId) }
    }
--- a/detekt-report-sarif/src/main/kotlin/io/github/detekt/report/sarif/RuleDescriptors.kt
+++ b/detekt-report-sarif/src/main/kotlin/io/github/detekt/report/sarif/RuleDescriptors.kt
@@ -13,7 +13,7 @@ import java.util.ServiceLoader
 /**
 * Given the existing config, return a list of [ReportingDescriptor] for the rules.
 */
-fun toReportingDescriptors(config: Config): List<ReportingDescriptor> {
+internal fun toReportingDescriptors(config: Config): List<ReportingDescriptor> {
    val sets =
        ServiceLoader.load(RuleSetProvider::class.java, SarifOutputReport::class.java.classLoader)
            .map { it.instance(config.subConfig(it.ruleSetId)) }
--- a/detekt-report-txt/build.gradle.kts
+++ b/detekt-report-txt/build.gradle.kts
@@ -3,7 +3,7 @@ plugins {
 }

 dependencies {
-    implementation(projects.detektApi)
+    compileOnly(projects.detektApi)
    testImplementation(testFixtures(projects.detektApi))
    testImplementation(libs.assertj)
 }
--- a/detekt-report-xml/build.gradle.kts
+++ b/detekt-report-xml/build.gradle.kts
@@ -3,7 +3,7 @@ plugins {
 }

 dependencies {
-    implementation(projects.detektApi)
+    compileOnly(projects.detektApi)
    testImplementation(testFixtures(projects.detektApi))
    testImplementation(libs.assertj)
 }
--- a/detekt-sample-extensions/build.gradle.kts
+++ b/detekt-sample-extensions/build.gradle.kts
@@ -5,7 +5,7 @@ plugins {
 dependencies {
    // When creating a sample extension, change this dependency to the detekt-api version you build against
    // e.g. io.gitlab.arturbosch.detekt:detekt-api:1.x.x
-    implementation(projects.detektApi)
+    compileOnly(projects.detektApi)
    // When creating a sample extension, change this dependency to the detekt-test version you build against
    // e.g. io.gitlab.arturbosch.detekt:detekt-test:1.x.x
    testImplementation(projects.detektTest)
--- a/detekt-test-utils/build.gradle.kts
+++ b/detekt-test-utils/build.gradle.kts
@@ -5,10 +5,10 @@ plugins {

 dependencies {
    api(libs.kotlin.stdlibJdk8)
+    api(libs.junit.api)
    compileOnly(libs.spek.dsl)
    implementation(projects.detektParser)
    implementation(libs.kotlin.scriptUtil)
-    implementation(libs.junit.api)

    testImplementation(libs.assertj)
    runtimeOnly(libs.kotlin.scriptingCompilerEmbeddable)
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,5 +1,6 @@
 kotlin.code.style=official
 systemProp.sonar.host.url=http://localhost:9000
+systemProp.dependency.analysis.test.analysis=false
 org.gradle.parallel=true
 org.gradle.caching=true
 org.gradle.jvmargs=-Xmx1g -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -43,6 +43,7 @@ contester-driver = { module = "io.github.davidburstrom.contester:contester-drive

 [plugins]
 binaryCompatibilityValidator = { id = "org.jetbrains.kotlinx.binary-compatibility-validator", version = "0.10.0" }
+dependencyAnalysis = { id = "com.autonomousapps.dependency-analysis", version = "1.2.1" }
 dokka = { id = "org.jetbrains.dokka", version.ref = "dokka" }
 gradleVersions = { id = "com.github.ben-manes.versions", version = "0.42.0" }
 pluginPublishing = { id = "com.gradle.plugin-publish", version = "0.21.0" }