[ci/tool] Add external dependency validation #3466
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
p: camera
p: go_router
p: go_router_builder
p: rfw
tarrinneal
approved these changes
Mar 15, 2023
| } | ||
|
|
||
| // Checks whether a given dependency is allowed. | ||
| bool _allowDependency(String name, Dependency dependency) { |
There was a problem hiding this comment.
This method name seems a little off from what I would expect. Something like _isDependancyAllowed or something similar.
As is I would expect this to add the dep to an allow list. Up to you if you agree.
There was a problem hiding this comment.
Good call, changed to _shouldAllowDependency
stuartmorgan-g
added
override: no versioning needed
|
Overrides: packages changes are to |
stuartmorgan-g
requested review from
cbracken,
cyanglaz,
jmagman,
vashworth,
gmackall,
camsim99,
keyonghan and
domesticmouse
as code owners
Can we turn on dependabot for this case? |
It's on my list to look into in general; currently we're not using it for Dart at all so I don't know how configurable it is. Ideally we'd use it for major versions of most dependencies, and now for other versions of these pinned items. (For cases like |
ditman
approved these changes
Mar 16, 2023
| @@ -21,4 +21,4 @@ dev_dependencies: | |||
| sdk: flutter | |||
| integration_test: | |||
| sdk: flutter | |||
| mocktail: ^0.3.0 | |||
| mocktail: 0.3.0 | |||
There was a problem hiding this comment.
(My bad, this should have never happened in the first place)
Co-authored-by: Jenn Magder <[email protected]>
Co-authored-by: Jenn Magder <[email protected]>
cbracken
approved these changes
Mar 16, 2023
stuartmorgan-g
added
the
autosubmit
auto-submit
bot
removed
the
autosubmit
|
auto label is removed for flutter/packages, pr: 3466, Failed to merge pr#: 3466 with Pull request could not be merged: Pull Request is not mergeable. |
stuartmorgan-g
added
the
autosubmit
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Mar 17, 2023
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Mar 17, 2023
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Mar 20, 2023
tarrinneal
pushed a commit
to flutter/flutter
that referenced
this pull request
Mar 20, 2023
* 7636eb7 [go_router_builder] Support default value for `Set`, `List` and `Iterable` route parameters (flutter/packages#3391) * 26c95da [image_picker] Move HashSet construction within if-statement (flutter/packages#3448) * f5687b2 [image_picker] fix typos in comments (flutter/packages#3413) * 84afba7 [image_picker] Migrate Android to Pigeon (flutter/packages#3476) * 42927fc [image_picker]: Bump androidx.exifinterface:exifinterface from 1.3.3 to 1.3.6 in /packages/image_picker/image_picker_android/android (flutter/packages#3238) * 9a44bdf Require Dart SDK 2.14, because of using APIs. (flutter/packages#3468) * 12609a2 [ci] Clean up iOS simulators (flutter/packages#3458) * 9b136a9 [ci/tool] Add external dependency validation (flutter/packages#3466) * 11aab47 Manual roll Flutter from fb7e828 to 67e5f66 (8 revisions) (flutter/packages#3482) * 784291b Update goldens (flutter/packages#3442) * 43a42d1 [webview_flutter_android] Updates Dart and Java InstanceManagers (flutter/packages#3282) * d0de136 [camera] Reland android flip/change camera while recording (flutter/packages#3460) * 74fd094 [image_picker_android] Adjust file extension in FileUtils when it does not match its mime type (flutter/packages#3409) * d2f1d2d [flutter_adaptive_scaffold] : 🐛 [FIX] : Issue: 121135. (flutter/packages#3253) * 3d078b5 Roll Flutter from 67e5f66 to 53dfd23 (39 revisions) (flutter/packages#3484) * 3b3a09d [url_launcher] Convert iOS to Pigeon (flutter/packages#3481) * 80cd50a Roll Flutter from 53dfd23 to 6bd2b3c (17 revisions) (flutter/packages#3486) * 998bb29 [webview_flutter] Updates the README with the migration of `WebView.initialCookies` and Hybrid Composition on (flutter/packages#3470) * bbf86a7 Roll Flutter from 6bd2b3c to 3e4e092 (7 revisions) (flutter/packages#3490)
10 tasks
Merged
nploi
pushed a commit
to nploi/packages
that referenced
this pull request
Jul 16, 2023
[ci/tool] Add external dependency validation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We've had a general policy of avoiding external dependencies for at least the last year, but it hadn't really been communicated or enforced. It's now documented in the wiki, and this adds tooling and CI that validates that every package we depend on here is either a) local to this repository, b) from the SDK, or c) in an explicit allow list config file.
This follows the general trend in the repository away from "hope people know/remember/check for all of the policies" to "validate in CI and require explicit opt-out for exceptions". Once this lands, I'll update the wiki to point to the relevant config files where exceptions should be added when we choose to make exceptions.
In most cases, this just allows everything we're already using. For some example and dev-only dependencies, this moves to pinning since that's a simple change to make.
See flutter/flutter#122713
Pre-launch Checklist
dart format.)[shared_preferences]pubspec.yamlwith an appropriate new version according to the pub versioning philosophy, or this PR is exempt from version changes.CHANGELOG.mdto add a description of the change, following repository CHANGELOG style.///).