Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression of Gradle incremental compilation #1315

Closed
ben-manes opened this issue May 2, 2022 · 5 comments
Closed

Regression of Gradle incremental compilation #1315

ben-manes opened this issue May 2, 2022 · 5 comments

Comments

@ben-manes
Copy link

I am observing file overwrites which should have been resolved in AutoValue 1.9 with #1075. It was flagged by a security tool as a possible indicator of a supply chain compromise.

Error: StepSecurity Harden Runner: Source code overwritten file: /home/runner/work/caffeine/caffeine/simulator/build/generated/sources/annotationProcessor/java/main/com/github/benmanes/caffeine/cache/simulator/report/csv/AutoValue_PlotCsv_ChartStyle.java syscall: openat by exe: /opt/hostedtoolcache/Java_Zulu_jdk/17.0.3-7/x64/bin/java

The build scan confirms this as a stableSources input change.

Screen Shot 2022-05-02 at 10 50 53 AM

I reproduced this locally using,

./gradlew --console plain --no-build-cache simulator:clean simulator:compileJava \
  && ./gradlew --console plain --no-build-cache simulator:compileJava

$ ./gradlew --console plain --no-build-cache simulator:clean simulator:compileJava && ./gradlew --console plain --no-build-cache simulator:compileJava
Configuration on demand is an incubating feature.
> Task :caffeine:downloadCaffeineLocal UP-TO-DATE
> Task :caffeine:compileJavaPoetJava UP-TO-DATE
> Task :caffeine:processJavaPoetResources UP-TO-DATE
> Task :caffeine:javaPoetClasses UP-TO-DATE
> Task :simulator:clean
> Task :caffeine:generateNodes UP-TO-DATE
> Task :caffeine:generateLocalCaches UP-TO-DATE
> Task :caffeine:compileJava UP-TO-DATE
> Task :caffeine:processResources NO-SOURCE
> Task :caffeine:classes UP-TO-DATE
> Task :caffeine:compileCodeGenJava UP-TO-DATE
> Task :caffeine:processCodeGenResources NO-SOURCE
> Task :caffeine:codeGenClasses UP-TO-DATE
> Task :caffeine:jar UP-TO-DATE
> Task :simulator:downloadCaffeineLocal
> Task :simulator:compileJava

BUILD SUCCESSFUL in 40s
11 actionable tasks: 3 executed, 8 up-to-date
Configuration on demand is an incubating feature.
> Task :caffeine:downloadCaffeineLocal UP-TO-DATE
> Task :simulator:downloadCaffeineLocal UP-TO-DATE
> Task :caffeine:compileJavaPoetJava UP-TO-DATE
> Task :caffeine:processJavaPoetResources UP-TO-DATE
> Task :caffeine:javaPoetClasses UP-TO-DATE
> Task :caffeine:generateNodes UP-TO-DATE
> Task :caffeine:generateLocalCaches UP-TO-DATE
> Task :caffeine:compileJava UP-TO-DATE
> Task :caffeine:processResources NO-SOURCE
> Task :caffeine:classes UP-TO-DATE
> Task :caffeine:compileCodeGenJava UP-TO-DATE
> Task :caffeine:processCodeGenResources NO-SOURCE
> Task :caffeine:codeGenClasses UP-TO-DATE
> Task :caffeine:jar UP-TO-DATE
> Task :simulator:compileJava

BUILD SUCCESSFUL in 5s
10 actionable tasks: 1 executed, 9 up-to-dat

To avoid flukes, I used a resolution strategy to force the dependency to the right version if an old version was transitively referenced. I also tried to remove a convenience extension, auto-builder, in case it broke the incremental build. The above command still showed a rebuild locally.

This is a minor annoyance but it would be nice to have a clean bill of health from security audits.
@ben-manes ben-manes mentioned this issue May 2, 2022
Closed
@eamonnmcmanus
Copy link
Member

Is this an issue with AutoValue or with Gradle? We don't have much Gradle expertise on this project, unfortunately.

@ben-manes
Copy link
Author

I don't know, the inputs changed which would make sense as newly generated classes added to the classpath. However you would think Gradle would understand why they came about as implicit inputs and not invalidate the compilation unit. Unfortunately the compilation toolchain and that low level interaction is outside of my gradle experience. Probably if we tried something similar like MapStruct would help indicate if this is a bug in the annotation processor or the toolchain.

@ben-manes
Copy link
Author

ben-manes commented May 3, 2022
edited
Loading

I was able to narrow the problem down to my build's configuration, sorry for the noise.

I copied an example (jhipster/generator-jhipster#9134) which had the following. The eclipse plugin doesn't have sourceSets so that referred to the top-level and then changed the java plugin's compile input, and caused the invalidation. My mistake of googling for a snippet instead of thinking through it myself.

eclipse {
  sourceSets.main {
    java.srcDir "${buildDir}/generated/sources/annotationProcessor/java/main"
  }
}

The proper fix is,

import org.gradle.plugins.ide.eclipse.model.SourceFolder

eclipse.classpath.file.beforeMerged {
  entries.add(new SourceFolder(
    "${buildDir.name}/generated/sources/annotationProcessor/java/main", 'bin/main'))
}

@tbroyer
Copy link
Contributor

tbroyer commented May 3, 2022

@ben-manes you might want to use https://plugins.gradle.org/plugin/com.diffplug.eclipse.apt for proper Eclipse support.

@ben-manes
Copy link
Author

Thanks! Switching to that did not seem to find the sources, assuming it replaced my snippet. I'll play with it and see if there is some docs that I missed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tbroyer @ben-manes @eamonnmcmanus