| # TODO(davido): Migrate all dependencies from WORKSPACE to MODULE.bazel |
| # https://issues.gerritcodereview.com/issues/303819949 |
| |
| bazel_dep(name = "bazel_features", version = "1.39.0") |
| bazel_dep(name = "platforms", version = "1.0.0") |
| bazel_dep(name = "rules_jvm_external", version = "6.10") |
| bazel_dep(name = "rules_shell", version = "0.6.1") |
| |
| # nongoogle bazel_deps |
| bazel_dep(name = "rules_java", version = "8.11.0") |
| bazel_dep(name = "rules_proto", version = "7.1.0") |
| bazel_dep(name = "rules_python", version = "1.8.0-rc1") |
| |
| # This must come BEFORE bazel_dep(name = "protobuf") |
| # because they register the from-source toolchain, |
| # and the first registration wins. |
| bazel_dep(name = "toolchains_protoc", version = "0.6.0") |
| bazel_dep(name = "protobuf", version = "33.2") |
| bazel_dep(name = "jgit") |
| local_path_override( |
| module_name = "jgit", |
| path = "./modules/jgit", |
| ) |
| |
| bazel_dep(name = "rbe_autoconfig") |
| git_override( |
| module_name = "rbe_autoconfig", |
| commit = "c4d733d0399ebf2ee1ffb897be5fbaba23738e04", |
| remote = "https://github.com/davido/rbe_autoconfig.git", |
| ) |
| |
| register_toolchains("//tools:all") |
| |
| maven = use_extension("@rules_jvm_external//:extensions.bzl", "maven") |
| |
| # Root-level dependency versions declared by Gerrit must take precedence over |
| # versions contributed by layered modules (e.g. JGit) when resolving the shared |
| # maven.install("external_deps") repository. |
| # |
| # rules_jvm_external currently lacks a mechanism for the root module to globally |
| # enforce its declared versions across the layered Maven graph when using |
| # bzlmod. In particular, version_conflict_policy = "pinned" still fails early |
| # with duplicate artifacts when multiple modules contribute different versions. |
| # |
| # As a workaround, we explicitly force the root-selected versions here via |
| # maven.amend_artifact(force_version = "true") for GA coordinates that may also |
| # be introduced transitively by JGit. |
| # |
| # Versions themselves are sourced from deps.toml and the pinned lockfile. |
| # |
| # TODO(davido): Remove this workaround once global root version enforcement is |
| # supported in rules_jvm_external: |
| # https://github.com/bazel-contrib/rules_jvm_external/issues/1549 |
| _GERRIT_FORCED_ARTIFACTS = [ |
| "args4j:args4j", |
| "com.googlecode.javaewah:JavaEWAH", |
| "commons-codec:commons-codec", |
| "org.apache.commons:commons-lang3", |
| "org.eclipse.jetty:jetty-http", |
| "org.eclipse.jetty:jetty-io", |
| "org.eclipse.jetty:jetty-security", |
| "org.eclipse.jetty:jetty-server", |
| "org.eclipse.jetty:jetty-util", |
| "org.eclipse.jetty:jetty-util-ajax", |
| ] |
| |
| [ |
| maven.amend_artifact( |
| name = "external_deps", |
| coordinates = coord, |
| force_version = "true", |
| ) |
| for coord in _GERRIT_FORCED_ARTIFACTS |
| ] |
| |
| # Empty maven.install call to apply the configuration to the installation from |
| # toml files. |
| maven.install( |
| name = "external_deps", |
| artifacts = [], |
| # CRITICAL: Must remain "error". |
| # This guarantees fail-fast behavior if multiple versions of the same |
| # artifact are introduced by contributing modules. Downgrading this to |
| # "warn" would allow version skew to silently leak into release.war. |
| duplicate_version_warning = "error", |
| excluded_artifacts = [ |
| # Although flexmark is published as many small modules, the `flexmark-all` |
| # artifact is a shaded aggregate that already includes all required classes. |
| # Resolving both the aggregate and the individual modules would package |
| # duplicate class definitions into the WAR. |
| # |
| # The exclusions below prevent rules_jvm_external from pulling in the modular |
| # flexmark artifacts transitively, keeping the runtime classpath minimal and |
| # deterministic. |
| "com.vladsch.flexmark:flexmark", |
| "com.vladsch.flexmark:flexmark-ext-abbreviation", |
| "com.vladsch.flexmark:flexmark-ext-admonition", |
| "com.vladsch.flexmark:flexmark-ext-anchorlink", |
| "com.vladsch.flexmark:flexmark-ext-aside", |
| "com.vladsch.flexmark:flexmark-ext-attributes", |
| "com.vladsch.flexmark:flexmark-ext-autolink", |
| "com.vladsch.flexmark:flexmark-ext-definition", |
| "com.vladsch.flexmark:flexmark-ext-emoji", |
| "com.vladsch.flexmark:flexmark-ext-enumerated-reference", |
| "com.vladsch.flexmark:flexmark-ext-escaped-character", |
| "com.vladsch.flexmark:flexmark-ext-footnotes", |
| "com.vladsch.flexmark:flexmark-ext-gfm-issues", |
| "com.vladsch.flexmark:flexmark-ext-gfm-strikethrough", |
| "com.vladsch.flexmark:flexmark-ext-gfm-tasklist", |
| "com.vladsch.flexmark:flexmark-ext-gfm-users", |
| "com.vladsch.flexmark:flexmark-ext-gitlab", |
| "com.vladsch.flexmark:flexmark-ext-ins", |
| "com.vladsch.flexmark:flexmark-ext-jekyll-front-matter", |
| "com.vladsch.flexmark:flexmark-ext-jekyll-tag", |
| "com.vladsch.flexmark:flexmark-ext-macros", |
| "com.vladsch.flexmark:flexmark-ext-media-tags", |
| "com.vladsch.flexmark:flexmark-ext-resizable-image", |
| "com.vladsch.flexmark:flexmark-ext-superscript", |
| "com.vladsch.flexmark:flexmark-ext-tables", |
| "com.vladsch.flexmark:flexmark-ext-toc", |
| "com.vladsch.flexmark:flexmark-ext-typographic", |
| "com.vladsch.flexmark:flexmark-ext-wikilink", |
| "com.vladsch.flexmark:flexmark-ext-xwiki-macros", |
| "com.vladsch.flexmark:flexmark-ext-yaml-front-matter", |
| "com.vladsch.flexmark:flexmark-ext-youtube-embedded", |
| "com.vladsch.flexmark:flexmark-html2md-converter", |
| "com.vladsch.flexmark:flexmark-jira-converter", |
| "com.vladsch.flexmark:flexmark-pdf-converter", |
| "com.vladsch.flexmark:flexmark-profile-pegdown", |
| "com.vladsch.flexmark:flexmark-util", |
| "com.vladsch.flexmark:flexmark-util-ast", |
| "com.vladsch.flexmark:flexmark-util-builder", |
| "com.vladsch.flexmark:flexmark-util-collection", |
| "com.vladsch.flexmark:flexmark-util-data", |
| "com.vladsch.flexmark:flexmark-util-dependency", |
| "com.vladsch.flexmark:flexmark-util-format", |
| "com.vladsch.flexmark:flexmark-util-html", |
| "com.vladsch.flexmark:flexmark-util-misc", |
| "com.vladsch.flexmark:flexmark-util-options", |
| "com.vladsch.flexmark:flexmark-util-sequence", |
| "com.vladsch.flexmark:flexmark-util-visitor", |
| "com.vladsch.flexmark:flexmark-youtrack-converter", |
| # Gerrit must not ship legacy logging implementations. |
| # These artifacts can clash with Gerrit’s SLF4J + reload4j setup |
| # and cause classpath or runtime conflicts. |
| # Exclude them to keep the logging stack consistent and clean. |
| "log4j:log4j", |
| "org.slf4j:slf4j-log4j12", |
| # openid4java depends on commons-logging |
| # openid4java: transitively depends on commons-logging; exclude it as |
| # it does not appear to be required at runtime. |
| "commons-logging:commons-logging", |
| # commons-validator: used only for email address validation; exclude its |
| # transitive commons-* dependencies (e.g. beanutils, collections, |
| # digester) to avoid pulling unused libraries into the runtime set. |
| "commons-beanutils:commons-beanutils", |
| "commons-collections:commons-collections", |
| "commons-digester:commons-digester", |
| # sshd-common and sshd-core are bundled inside sshd-osgi. |
| # Exclude them here to avoid duplicate classes and version skew. |
| "org.apache.sshd:sshd-common", |
| "org.apache.sshd:sshd-core", |
| # These transitive Lucene modules are not used at runtime by Gerrit |
| # and were not included prior to the migration. Exclude them to keep |
| # the WAR contents aligned with the previous runtime footprint. |
| "org.apache.lucene:lucene-facet", |
| "org.apache.lucene:lucene-queries", |
| "org.apache.lucene:lucene-sandbox", |
| # soy-template: transitively depends on escapevelocity, json, and |
| # jsr250-api; exclude them since Gerrit does not require them at runtime. |
| "com.google.escapevelocity:escapevelocity", |
| "javax.annotation:jsr250-api", |
| "org.json:json", |
| # xml-apis provides legacy XML API interfaces that are already available |
| # from the JDK. It is pulled transitively via the OpenID HTML/XML parsing |
| # stack (xerces / nekohtml) and is excluded to avoid shipping redundant |
| # XML API definitions in the WAR. |
| "xml-apis:xml-apis", |
| ], |
| fail_if_repin_required = True, |
| fail_on_missing_checksum = True, |
| fetch_sources = True, |
| known_contributing_modules = [ |
| "jgit", |
| "gerrit", |
| ], |
| lock_file = "//:external_deps.lock.json", |
| repositories = [ |
| "https://repo1.maven.org/maven2", |
| "https://gerrit-maven.storage.googleapis.com", |
| ], |
| version_conflict_policy = "pinned", |
| ) |
| maven.from_toml( |
| name = "external_deps", |
| libs_versions_toml = "//tools:deps.toml", |
| ) |
| maven.from_toml( |
| name = "external_deps", |
| libs_versions_toml = "//tools:nongoogle.toml", |
| ) |
| use_repo(maven, "external_deps") |
