Remove Maven, Use Gradle
jaredsburrows opened this issue · 13 comments
There are Maven and Gradle files. Can we go through and make this a Gradle based project?
Yes, I'd love for it to be gradle-based. Just haven't had the time to do it.
Do you have a list of items that remain? project seems to build just file. What about testing and publishing?
We haven't tried testing and deploying with gradle yet so I'm unsure if they work or not.
On a related note, it would be nice to remove the MavenDependencyResolver. The dependency on Maven source is the #1 blocker to being able to compile ktlint within the Google codebase. I will likely keep looking for a solution for it, but would appreciate others chiming in if they have any information about how this is used or what it could be replaced with.
@bethcutler doing some GitHub archaeology, it looks like it was added to support loading 3rd party reporters directly from the command line: #176
I would personally be fine slightly breaking that functionality and requiring command-line users to download reporter jars locally instead of resolving them automatically, but I don't have a good sense of how important this functionality is. @jeremymailen @JLLeitschuh is this used in either of your plugins?
Nope, kotlinter-gradle doesn't need the MavenDependencyResolver.
Reporters aren't extensible yet and if they were, would use Gradle's ability to resolve dependencies similar to adding rulesets https://github.com/jeremymailen/kotlinter-gradle#custom-rules
@shashachu No, we use Gradle's jar resolver.
The only security vulnerability ever reported against Ktlint was due to the internal KtLint repository resolver.
https://nvd.nist.gov/vuln/detail/CVE-2019-1010260
#332
Thankfully, that's been fixed.
I don't know how the Ktlint maven plugin works though.
https://github.com/gantsign/ktlint-maven-plugin
CC: @Tapchicoma
Originally ticket was about using Gradle build system to build ktlint itself.
Imho, removing MavenDependencyResolver should be a separate issue. I may imagine use-cases when people are using just command-line ktlint installation with 3rd party rules/dependencies and this should be discussed with them.
Fair point. I've started a new discussion in #451.
@shashachu The last task we have to do is create the runnable binary that the maven plugin provides, correct? Then we can remove maven completely.
@jaredsburrows it is already there - shadowJarExecutable:
Line 41 in 907b289
@Tapchicoma Awesome! Time to remove maven now.