Adds Experimental Gradle Configurations flag (#425)

Changelog.md

@@ -1,5 +1,11 @@
 # Spectrometer Changelog
 
+## v2.19.4
+
+- Adds experimental capability for filtering gradle configuration for analysis. ([#425](https://github.com/fossas/spectrometer/pull/425))
+
+Refer to: [Gradle documentation](docs/references/strategies/languages/gradle/gradle.md#experimental-only-selecting-set-of-configurations-for-analysis) for more details.
+
 ## v2.19.3
 
 - Removes `fossa compatibility` command. ([#383](https://github.com/fossas/spectrometer/pull/383))

docs/references/files/fossa-yml.md

@@ -115,7 +115,6 @@ Default:
 - SVN: The CLI will run `svn info` and compare the "URL" and "Repository Root" fields in an attempt to determine a branch.
 - No VCS: The CLI will leave the branch field empty.
 
-
 ### `targets:`
 The targets filtering section allows you to specify the exact targets which be should be scanned. 
 

docs/references/files/fossa-yml.v3.schema.json

@@ -210,6 +210,25 @@
                     "description": "Associated path with target type (if any)"
                 }
             }
+        },
+        "experimental": {
+            "type": "object",
+            "description": "Experimental preferences with fossa cli.",
+            "properties": {
+                "gradle": {
+                    "type": "object",
+                    "description": "Gradle preferences for all targets",
+                    "properties": {
+                        "configurations-only": {
+                            "type": "array",
+                            "description": "Configurations to only include in analysis (by default excludes any other configurations not listed)",
+                            "items": {"type": "string"},
+                            "minItems": 1,
+                            "uniqueItems": true 
+                        }
+                    }
+                }
+            }
         }
     },
     "type": "object",

docs/references/strategies/languages/gradle/gradle.md

@@ -31,6 +31,7 @@ Gradle users generally specify their builds using a `build.gradle` file (written
   - [Manually specifying Gradle dependencies](#manually-specifying-gradle-dependencies)
   - [Configurations For Development and Testing](#configurations-for-development-and-testing)
   - [Android Gradle Configurations For Development and Testing](#android-gradle-configurations-for-development-and-testing)
+  - [(Experimental) Only Selecting Set of Configurations For Analysis](#experimental-only-selecting-set-of-configurations-for-analysis)
 
 ## Concepts
 
@@ -274,4 +275,18 @@ We classify following configurations, and dependencies originating from it as a
 - kotlinCompilerPluginClasspathRelease
 - kotlinKlibCommonizerClasspath
 - kotlinNativeCompilerPluginClasspath
+```
+
+## (Experimental) Only Selecting Set of Configurations For Analysis
+
+You can use [configuration file](../../../files/fossa-yml.md) to provide set of configurations to filter the analysis for. Any configurations not listed will be excluded from analysis. This feature is experimental and may be changed or removed at any time, without warning.
+
+```yaml
+version: 3
+
+experimental:
+  gradle:
+    configurations-only:
+      - example-1-config-to-include
+      - example-2-config-to-include
 ```

src/App/Fossa/Analyze.hs

@@ -20,6 +20,7 @@ import App.Fossa.Analyze.Debug (collectDebugBundle, diagToDebug)
 import App.Fossa.Analyze.GraphMangler (graphingToGraph)
 import App.Fossa.Analyze.Project (ProjectResult (..), mkResult)
 import App.Fossa.Analyze.Types (
+  AnalyzeExperimentalPreferences (..),
   AnalyzeProject (..),
   AnalyzeTaskEffs,
  )
@@ -43,6 +44,7 @@ import Control.Carrier.Diagnostics qualified as Diag
 import Control.Carrier.Diagnostics.StickyContext (stickyDiag)
 import Control.Carrier.Finally (Has, runFinally)
 import Control.Carrier.Output.IO (Output, output, runOutput)
+import Control.Carrier.Reader (Reader, runReader)
 import Control.Carrier.StickyLogger (StickyLogger, logSticky', runStickyLogger)
 import Control.Carrier.TaskPool (
   Progress (..),
@@ -182,11 +184,13 @@ analyzeMain ::
   Flag IncludeAll ->
   ModeOptions ->
   AllFilters ->
+  AnalyzeExperimentalPreferences ->
   IO ()
-analyzeMain workdir logSeverity destination project unpackArchives jsonOutput includeAll modeOptions filters =
+analyzeMain workdir logSeverity destination project unpackArchives jsonOutput includeAll modeOptions filters preferences =
   withDefaultLogger logSeverity
     . Diag.logWithExit_
     . runReadFSIO
+    . runReader preferences
     . runExecIO
     $ case logSeverity of
       -- In --debug mode, emit a debug bundle to "fossa.debug.json"
@@ -211,6 +215,7 @@ runDependencyAnalysis ::
   , Has ReadFS sig m
   , Has Exec sig m
   , Has (Output ProjectResult) sig m
+  , Has (Reader AnalyzeExperimentalPreferences) sig m
   , MonadIO m
   ) =>
   -- | Analysis base directory
@@ -313,6 +318,7 @@ analyze ::
   , Has Debug sig m
   , Has Exec sig m
   , Has ReadFS sig m
+  , Has (Reader AnalyzeExperimentalPreferences) sig m
   , MonadIO m
   ) =>
   BaseDir ->

src/App/Fossa/Analyze/Types.hs

@@ -1,17 +1,25 @@
 module App.Fossa.Analyze.Types (
   AnalyzeProject (..),
   AnalyzeTaskEffs,
+  AnalyzeExperimentalPreferences (..),
 ) where
 
 import Control.Carrier.Diagnostics
 import Control.Effect.Debug (Debug)
 import Control.Effect.Lift
+import Control.Effect.Reader (Reader)
 import Control.Monad.IO.Class (MonadIO)
+import Data.Set (Set)
+import Data.Text (Text)
 import Effect.Exec (Exec)
 import Effect.Logger (Logger)
 import Effect.ReadFS (ReadFS)
 import Types
 
+newtype AnalyzeExperimentalPreferences = AnalyzeExperimentalPreferences
+  {gradleOnlyConfigsAllowed :: Maybe (Set Text)}
+  deriving (Show, Eq, Ord)
+
 type AnalyzeTaskEffs sig m =
   ( Has (Lift IO) sig m
   , MonadIO m
@@ -20,6 +28,7 @@ type AnalyzeTaskEffs sig m =
   , Has Logger sig m
   , Has Diagnostics sig m
   , Has Debug sig m
+  , Has (Reader AnalyzeExperimentalPreferences) sig m
   )
 
 class AnalyzeProject a where

src/App/Fossa/Configuration.hs

@@ -10,6 +10,8 @@ module App.Fossa.Configuration (
   ConfigRevision (..),
   ConfigTargets (..),
   ConfigPaths (..),
+  ExperimentalConfigs (..),
+  ExperimentalGradleConfigs (..),
 ) where
 
 import App.Docs (fossaYmlDocUrl)
@@ -19,6 +21,8 @@ import Control.Effect.Lift (Lift)
 import Data.Aeson (FromJSON (parseJSON), withObject, (.!=), (.:), (.:?))
 import Data.Functor (($>))
 import Data.Maybe (fromMaybe)
+import Data.Set (Set)
+import Data.Set qualified as Set
 import Data.Text (Text)
 import Data.Text.Prettyprint.Doc (Doc, Pretty (pretty), vsep)
 import Effect.Logger (Severity (SevWarn), logWarn, withDefaultLogger)
@@ -37,6 +41,7 @@ data ConfigFile = ConfigFile
   , configRevision :: Maybe ConfigRevision
   , configTargets :: Maybe ConfigTargets
   , configPaths :: Maybe ConfigPaths
+  , configExperimental :: Maybe ExperimentalConfigs
   }
   deriving (Eq, Ord, Show)
 
@@ -70,6 +75,14 @@ data ConfigPaths = ConfigPaths
   }
   deriving (Eq, Ord, Show)
 
+newtype ExperimentalConfigs = ExperimentalConfigs
+  {gradle :: Maybe ExperimentalGradleConfigs}
+  deriving (Eq, Ord, Show)
+
+newtype ExperimentalGradleConfigs = ExperimentalGradleConfigs
+  {gradleConfigsOnly :: Set (Text)}
+  deriving (Eq, Ord, Show)
+
 instance FromJSON ConfigFile where
   parseJSON = withObject "ConfigFile" $ \obj ->
     ConfigFile <$> obj .: "version"
@@ -79,6 +92,7 @@ instance FromJSON ConfigFile where
       <*> obj .:? "revision"
       <*> obj .:? "targets"
       <*> obj .:? "paths"
+      <*> obj .:? "experimental"
 
 instance FromJSON ConfigProject where
   parseJSON = withObject "ConfigProject" $ \obj ->
@@ -106,6 +120,14 @@ instance FromJSON ConfigPaths where
     ConfigPaths <$> (obj .:? "only" .!= [])
       <*> (obj .:? "exclude" .!= [])
 
+instance FromJSON ExperimentalConfigs where
+  parseJSON = withObject "ExperimentalConfigs" $ \obj ->
+    ExperimentalConfigs <$> obj .:? "gradle"
+
+instance FromJSON ExperimentalGradleConfigs where
+  parseJSON = withObject "ExperimentalGradleConfigs" $ \obj ->
+    ExperimentalGradleConfigs <$> (obj .: "configurations-only" .!= Set.fromList [])
+
 defaultFile :: Path Rel File
 defaultFile = $(mkRelFile ".fossa.yml")
 

src/App/Fossa/ListTargets.hs

@@ -5,10 +5,12 @@ module App.Fossa.ListTargets (
 ) where
 
 import App.Fossa.Analyze (DiscoverFunc (DiscoverFunc), discoverFuncs)
+import App.Fossa.Analyze.Types (AnalyzeExperimentalPreferences)
 import App.Types (BaseDir (..))
 import Control.Carrier.AtomicCounter
 import Control.Carrier.Debug (ignoreDebug)
 import Control.Carrier.Finally
+import Control.Carrier.Reader (Reader, runReader)
 import Control.Carrier.StickyLogger (StickyLogger, logSticky', runStickyLogger)
 import Control.Carrier.TaskPool
 import Control.Concurrent (getNumCapabilities)
@@ -28,8 +30,8 @@ import Path
 import Path.IO (makeRelative)
 import Types (BuildTarget (..), DiscoveredProject (..), FoundTargets (..))
 
-listTargetsMain :: Severity -> BaseDir -> IO ()
-listTargetsMain logSeverity (BaseDir basedir) = do
+listTargetsMain :: AnalyzeExperimentalPreferences -> Severity -> BaseDir -> IO ()
+listTargetsMain preferences logSeverity (BaseDir basedir) = do
   capabilities <- getNumCapabilities
 
   ignoreDebug
@@ -40,6 +42,7 @@ listTargetsMain logSeverity (BaseDir basedir) = do
     . runReadFSIO
     . runExecIO
     . runAtomicCounter
+    . runReader preferences
     $ runAll basedir
 
 runAll ::
@@ -51,6 +54,7 @@ runAll ::
   , MonadIO m
   , Has AtomicCounter sig m
   , Has Debug sig m
+  , Has (Reader AnalyzeExperimentalPreferences) sig m
   ) =>
   Path Abs Dir ->
   m ()

src/App/Fossa/Main.hs

@@ -15,9 +15,11 @@ import App.Fossa.Analyze (
   VSIAnalysisMode (..),
   analyzeMain,
  )
+import App.Fossa.Analyze.Types (AnalyzeExperimentalPreferences (..))
 import App.Fossa.Configuration (
   ConfigFile (
     configApiKey,
+    configExperimental,
     configPaths,
     configProject,
     configRevision,
@@ -28,6 +30,8 @@ import App.Fossa.Configuration (
   ConfigProject (configProjID),
   ConfigRevision (configBranch, configCommit),
   ConfigTargets (targetsExclude, targetsOnly),
+  ExperimentalConfigs (gradle),
+  ExperimentalGradleConfigs (gradleConfigsOnly),
   mergeFileCmdMetadata,
   readConfigFileIO,
  )
@@ -168,6 +172,7 @@ appMain = do
 
   let CmdOptions{..} = maybe cmdConfig (mergeFileCmdConfig cmdConfig) fileConfig
 
+  let analyzePreferences = AnalyzeExperimentalPreferences (gradleConfigsOnly <$> (gradle =<< configExperimental =<< fileConfig))
   let logSeverity = bool SevInfo SevDebug optDebug
 
   maybeApiKey <- checkAPIKey optAPIKey
@@ -215,7 +220,7 @@ appMain = do
       let analyzeOverride = override{overrideBranch = analyzeBranch <|> ((fileConfig >>= configRevision) >>= configBranch)}
           combinedFilters = normalizedFilters fileConfig analyzeOptions
           modeOptions = ModeOptions analyzeVSIMode assertionMode analyzeBinaryDiscoveryMode
-          doAnalyze destination = analyzeMain analyzeBaseDir logSeverity destination analyzeOverride analyzeUnpackArchives analyzeJsonOutput analyzeIncludeAllDeps modeOptions combinedFilters
+          doAnalyze destination = analyzeMain analyzeBaseDir logSeverity destination analyzeOverride analyzeUnpackArchives analyzeJsonOutput analyzeIncludeAllDeps modeOptions combinedFilters analyzePreferences
 
       if analyzeOutput
         then doAnalyze OutputStdout
@@ -245,7 +250,7 @@ appMain = do
     --
     ListTargetsCommand dir -> do
       baseDir <- validateDir dir
-      listTargetsMain logSeverity baseDir
+      listTargetsMain analyzePreferences logSeverity baseDir
     --
     VPSCommand VPSOptions{..} -> do
       apikey <- requireKey maybeApiKey