Add a presubmit to verify no new JS dependencies (#1334)

* Add a presubmit to verify no new JS dependencies Verify that we have a known set of javascript dependencies. This guards against the inadvertent introduction of a new dependency with a disallowed license. TESTED: Added a new package to packages.json, observed presubmit failure. * Replaced f-strings, printed python version For some reason, it looks like we're using a python version older than 3.6 on our CI machines. * Remove python version trace.
2025-04-29 19:47:51 +02:00 · 2021-09-23 14:42:47 -04:00 · 2021-09-23 14:42:47 -04:00 · 9eb55edde7
commit 9eb55edde7
parent 831767ecdb
1 changed files with 32 additions and 0 deletions
--- a/config/presubmits.py
+++ b/config/presubmits.py
@ -17,9 +17,11 @@ These aren't built in to the static code analysis tools we use (e.g. Checkstyle,
 Error Prone) so we must write them manually.
 """

+import json
 import os
 from typing import List, Tuple
 import sys
+import textwrap
 import re

 # We should never analyze any generated files
@ -28,6 +30,13 @@ UNIVERSALLY_SKIPPED_PATTERNS = {"/build/", "cloudbuild-caches", "/out/", ".git/"
 FORBIDDEN = 1
 REQUIRED = 2

+# The list of expected json packages and their licenses.
+# These should be one of the allowed licenses in:
+# config/dependency-license/allowed_licenses.json
+EXPECTED_JS_PACKAGES = [
+    'google-closure-library',   # Owned by Google, Apache 2.0
+]
+

 class PresubmitCheck:

@ -308,6 +317,26 @@ def verify_flyway_index():
  return not success


+def verify_javascript_deps():
+  """Verifies that we haven't introduced any new javascript dependencies."""
+  with open('package.json') as f:
+    package = json.load(f)
+
+  deps = list(package['dependencies'].keys())
+  if deps != EXPECTED_JS_PACKAGES:
+    print('Unexpected javascript dependencies.  Was expecting '
+          '%s, got %s.' % (EXPECTED_JS_PACKAGES, deps))
+    print(textwrap.dedent("""
+        * If the new dependencies are intentional, please verify that the
+        * license is one of the allowed licenses (see
+        * config/dependency-license/allowed_licenses.json) and add an entry
+        * for the package (with the license in a comment) to the
+        * EXPECTED_JS_PACKAGES variable in config/presubmits.py.
+        """))
+    return True
+  return False
+
+
 def get_files():
  for root, dirnames, filenames in os.walk("."):
    for filename in filenames:
@ -331,5 +360,8 @@ if __name__ == "__main__":
  # when we put it here it fails fast before all of the tests are run.
  failed |= verify_flyway_index()

+  # Make sure we haven't introduced any javascript dependencies.
+  failed |= verify_javascript_deps()
+
  if failed:
    sys.exit(1)