From a56dc2e8b63411a04fe68577fc061f9982bf0d7d Mon Sep 17 00:00:00 2001
From: Peter Laird <plaird@salesforce.com>
Date: Mon, 28 Oct 2024 22:20:23 -0600
Subject: [PATCH] Fail by default if junit/mockito in deps

---
 springboot/springboot.bzl    | 10 +++++-----
 springboot/springboot_doc.md |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/springboot/springboot.bzl b/springboot/springboot.bzl
index 0cf11b1..ee9c2f0 100644
--- a/springboot/springboot.bzl
+++ b/springboot/springboot.bzl
@@ -223,8 +223,8 @@ def _banneddeps_rule_impl(ctx):
     if found_banned:
         ctx.actions.write(output, "FAIL", is_executable = False)
         fail("Found banned jars in the springboot rule [" + ctx.label.name
-          + "] dependency list:\n" + banned_filenames
-          + "\nSee the deps_banned attribute on this rule for the matched patterns.")
+          + "] dependency list. Filenames:\n" + banned_filenames
+          + "\nYou can ignore these by setting deps_banned = [] on the springboot() rule.\n")
     else:
         ctx.actions.write(output, "SUCCESS", is_executable = False)
     return [DefaultInfo(files = depset(outputs))]
@@ -367,7 +367,7 @@ def springboot(
         boot_app_class,
         boot_launcher_class = "org.springframework.boot.loader.JarLauncher",
         deps = None,
-        deps_banned = None,
+        deps_banned = [ "junit", "mockito", ], # detects common mistake of test dep pollution
         deps_exclude = None,
         deps_exclude_paths = None,
         deps_index_file = None,
@@ -409,10 +409,10 @@ def springboot(
         Ex: *com.sample.SampleMain*
       deps: Optional. An additional set of Java dependencies to add to the executable.
         Normally all dependencies are set on the *java_library*.
-      deps_banned: Optional. A list of strings to match against the jar filenams in the transitive graph of
+      deps_banned: Optional. A list of strings to match against the jar filenames in the transitive graph of
         dependencies for this springboot app. If any of these strings is found within any jar name, the rule will fail.
         This is useful for detecting jars that should never go to production. The list of dependencies is
-        obtained after the deps_exclude processing has run.
+        obtained after the deps_exclude processing has run. Default: [ "junit", "mockito" ]
       deps_exclude: Optional. A list of jar labels that will be omitted from the final packaging step.
         This is a manual option for eliminating a problematic dependency that cannot be eliminated upstream.
         Ex: *["@maven//:commons_cli_commons_cli"]*.
diff --git a/springboot/springboot_doc.md b/springboot/springboot_doc.md
index fb61ac6..02e1311 100755
--- a/springboot/springboot_doc.md
+++ b/springboot/springboot_doc.md
@@ -28,7 +28,7 @@ Note that the rule README has more detailed usage instructions for each attribut
 | boot_app_class |  **Required**. The fully qualified name of the class annotated with @SpringBootApplication.   Ex: *com.sample.SampleMain*   |  none |
 | boot_launcher_class |  **Optional**. Allows you to switch to the new *org.springframework.boot.loader.launch.JarLauncher* introduced in Boot 3.2.0. Defaults to the old launcher.   |  *org.springframework.boot.loader.JarLauncher* |
 | deps |  Optional. An additional set of Java dependencies to add to the executable.   Normally all dependencies are set on the *java_library*.   |  <code>None</code> |
-| deps_banned| Optional. A list of strings to match against the jar filenames in the transitive graph of dependencies for this springboot app. If any of these strings is found within any jar name, the rule will fail. This is useful for detecting jars that should never go to production. The list of dependencies is obtained after the deps_exclude processing has run. | <code>None</code> |
+| deps_banned| Optional. A list of strings to match against the jar filenames in the transitive graph of dependencies for this springboot app. If any of these strings is found within any jar name, the rule will fail. This is useful for detecting jars that should never go to production. The list of dependencies is obtained after the deps_exclude processing has run. | <code>[ "junit", "mockito" ]</code> |
 | deps_exclude |  Optional. This attribute provides a list of partial paths that will be omitted   from the final packaging step if the string is contained within the dep filename. This is a more raw method   than deps_exclude for eliminating a problematic dependency/file that cannot be eliminated upstream.   Ex: [*jackson-databind-*].   |  <code>None</code> |
 | deps_exclude_paths |  <p align="center"> - </p>   |  <code>None</code> |
 | deps_index_file |  Optional. Uses Spring Boot's   [classpath index feature](https://docs.spring.io/spring-boot/docs/current/reference/html/appendix-executable-jar-format.html#executable-jar-war-index-files-classpath)   to define classpath order. This feature is not commonly used, as the application must be extracted from the jar   file for it to work. Ex: *my_classpath_index.idx*   |  <code>None</code> |