[Bug]: gazelle silently doesn't add gitignored folders if they are referenced via an `import`

Question

[Bug]: gazelle silently doesn't add gitignored folders if they are referenced via an `import`

Closed this issue 18 days ago · 2 comments

What happened?

@etlovett and I discovered this and wanted to share

It looks like Gazelle is ignoring gitignored paths when generating dependencies, which means that an outside file can reach through into a private package despite Bazel's visibility rules. The setup:

Codegenned and gitignored folder at src/client/css/internal/styled-system
src/client/css/BUILD.bazel makes src/client/css/index.ts visible to the whole app
src/client/css/internal/BUILD.bazel makes src/client/css/internal/index.ts visible only to src/client/css:__subpackages__

Given the above…
Somewhere else in the app, importing from './path/to/src/client/css/internal' will cause Gazelle to see the import and add //src/client/css/internal to the local BUILD.bazel file and then visibility will cause failures
Somewhere else in the app, importing from './path/to/src/client/css/internal/styled-system/someFile' will not cause Gazelle to see the import and add //src/client/css/internal to the local BUILD.bazel file, so visibility will not be checked and the app will happily compile

What we believe is going on is that the internal folder is being placed in bazel-bin and thus it happens to be available for reference by another component when it should not be. What should happen is gazelle should error if an ignored path is imported

Version

Development (host) and target OS/architectures:

Output of bazel --version:

Version of the Aspect rules, or other relevant rules from your
WORKSPACE or MODULE.bazel file:

Language(s) and/or frameworks involved:

How to reproduce

See above

Any other information?

No response

Answer 1 · 2024-05-21T20:35:35.000Z

Today gazelle ignores anything listed in .gitignore or .bazelignore, but I guess git-ignored files could still be consumed by bazel when bazel is not first tool run. Is that your use case?

WDYT about adding an optional to opt-out of the gitignore? I think ignoring anything in .bazelignore should always be ignored still though.

Answer 2 · 2024-05-21T20:39:26.000Z

So in our case the generated files exist on disk and are ignored purely for the IDE to get type checking from them. Under bazel we want users to interact with a different folder as that's the main "export" we wish for them to use. So it's not that we want to opt out of the gitignore. We want to error if someone tries to reach for a file that is ignored as we don't want them interacting with it.

I think that's slightly different from what I understand you are describing. Is that correct?