[Bug]: gazelle silently doesn't add gitignored folders if they are referenced via an `import`
Closed this issue · 2 comments
What happened?
@etlovett and I discovered this and wanted to share
It looks like Gazelle is ignoring gitignored paths when generating dependencies, which means that an outside file can reach through into a private package despite Bazel's visibility rules. The setup:
Codegenned and gitignored folder at src/client/css/internal/styled-system
src/client/css/BUILD.bazel
makes src/client/css/index.ts
visible to the whole app
src/client/css/internal/BUILD.bazel
makes src/client/css/internal/index.ts
visible only to src/client/css:__subpackages__
Given the above…
Somewhere else in the app, importing from './path/to/src/client/css/internal'
will cause Gazelle to see the import and add //src/client/css/internal
to the local BUILD.bazel file and then visibility will cause failures
Somewhere else in the app, importing from './path/to/src/client/css/internal/styled-system/someFile'
will not cause Gazelle to see the import and add //src/client/css/internal
to the local BUILD.bazel file, so visibility will not be checked and the app will happily compile
What we believe is going on is that the internal
folder is being placed in bazel-bin
and thus it happens to be available for reference by another component when it should not be. What should happen is gazelle
should error if an ignored path is imported
Version
Development (host) and target OS/architectures:
Output of bazel --version
:
Version of the Aspect rules, or other relevant rules from your
WORKSPACE
or MODULE.bazel
file:
Language(s) and/or frameworks involved:
How to reproduce
See above
Any other information?
No response
Today gazelle ignores anything listed in .gitignore
or .bazelignore
, but I guess git-ignored files could still be consumed by bazel when bazel is not first tool run. Is that your use case?
WDYT about adding an optional to opt-out of the gitignore? I think ignoring anything in .bazelignore should always be ignored still though.
So in our case the generated files exist on disk and are ignored purely for the IDE to get type checking from them. Under bazel we want users to interact with a different folder as that's the main "export" we wish for them to use. So it's not that we want to opt out of the gitignore. We want to error if someone tries to reach for a file that is ignored as we don't want them interacting with it.
I think that's slightly different from what I understand you are describing. Is that correct?