[BEAM-10961] Enable strict dependency analysis on all Java modules

buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy

@@ -21,27 +21,26 @@ package org.apache.beam.gradle
 import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar
 import groovy.json.JsonOutput
 import groovy.json.JsonSlurper
-import org.gradle.api.attributes.Category
 import org.gradle.api.GradleException
 import org.gradle.api.Plugin
 import org.gradle.api.Project
 import org.gradle.api.Task
 import org.gradle.api.artifacts.Configuration
 import org.gradle.api.artifacts.ProjectDependency
+import org.gradle.api.attributes.Category
 import org.gradle.api.file.FileCollection
 import org.gradle.api.file.FileTree
 import org.gradle.api.plugins.quality.Checkstyle
 import org.gradle.api.publish.maven.MavenPublication
+import org.gradle.api.tasks.PathSensitivity
+import org.gradle.api.tasks.JavaExec
 import org.gradle.api.tasks.Copy
 import org.gradle.api.tasks.Delete
 import org.gradle.api.tasks.Exec
-import org.gradle.api.tasks.JavaExec
 import org.gradle.api.tasks.bundling.Jar
 import org.gradle.api.tasks.compile.JavaCompile
 import org.gradle.api.tasks.javadoc.Javadoc
 import org.gradle.api.tasks.testing.Test
-import org.gradle.api.tasks.PathSensitive
-import org.gradle.api.tasks.PathSensitivity
 import org.gradle.testing.jacoco.tasks.JacocoReport
 
 import java.util.concurrent.atomic.AtomicInteger
@@ -101,7 +100,7 @@ class BeamModulePlugin implements Plugin<Project> {
     boolean checkerTooSlowOnTests = false
 
     /** Controls whether the dependency analysis plugin is enabled. */
-    boolean enableStrictDependencies = false
+    boolean enableStrictDependencies = true
 
     /** Override the default "beam-" + `dash separated path` archivesBaseName. */
     String archivesBaseName = null
@@ -850,7 +849,7 @@ class BeamModulePlugin implements Plugin<Project> {
       // configurations because they are never required to be shaded or become a
       // dependency of the output.
       def compileOnlyAnnotationDeps = [
-        "com.google.auto.value:auto-value-annotations:1.7",
+        "com.google.auto.value:auto-value-annotations:1.7.2",
         "com.google.auto.service:auto-service-annotations:1.0-rc6",
         "com.google.j2objc:j2objc-annotations:1.3",
         // These dependencies are needed to avoid error-prone warnings on package-info.java files,

buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_26_0.groovy

@@ -43,40 +43,13 @@ class GrpcVendoring_1_26_0 {
   static def npn_api_version = "1.1.1.v20141010"
   static def jboss_marshalling_version = "1.4.11.Final"
   static def jboss_modules_version = "1.1.0.Beta1"
-
   /** Returns the list of compile time dependencies. */
   static List<String> dependencies() {
     return [
-      "com.google.guava:guava:$guava_version",
       "com.google.protobuf:protobuf-java:$protobuf_version",
-      "com.google.protobuf:protobuf-java-util:$protobuf_version",
-      "com.google.code.gson:gson:$gson_version",
-      "io.grpc:grpc-auth:$grpc_version",
-      "io.grpc:grpc-core:$grpc_version",
-      "io.grpc:grpc-context:$grpc_version",
-      "io.grpc:grpc-netty:$grpc_version",
       "io.grpc:grpc-protobuf:$grpc_version",
       "io.grpc:grpc-stub:$grpc_version",
-      "io.netty:netty-transport-native-epoll:$netty_version",
-      // tcnative version from https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty
-      "io.netty:netty-tcnative-boringssl-static:2.0.33.Final",
-      "com.google.auth:google-auth-library-credentials:$google_auth_version",
-      "io.grpc:grpc-testing:$grpc_version",
-      "com.google.api.grpc:proto-google-common-protos:$proto_google_common_protos_version",
-      "io.opencensus:opencensus-api:$opencensus_version",
-      "io.opencensus:opencensus-contrib-grpc-metrics:$opencensus_version",
-      "io.perfmark:perfmark-api:$perfmark_version",
-      "com.github.jponge:lzma-java:$lzma_java_version",
-      "com.google.protobuf.nano:protobuf-javanano:$protobuf_javanano_version",
-      "com.jcraft:jzlib:$jzlib_version",
-      "com.ning:compress-lzf:$compress_lzf_version",
-      "net.jpountz.lz4:lz4:$lz4_version",
-      "org.bouncycastle:bcpkix-jdk15on:$bouncycastle_version",
-      "org.bouncycastle:bcprov-jdk15on:$bouncycastle_version",
-      "org.eclipse.jetty.alpn:alpn-api:$alpn_api_version",
-      "org.eclipse.jetty.npn:npn-api:$npn_api_version",
-      "org.jboss.marshalling:jboss-marshalling:$jboss_marshalling_version",
-      "org.jboss.modules:jboss-modules:$jboss_modules_version"
+      "io.grpc:grpc-api:$grpc_version",
     ]
   }
 
@@ -86,12 +59,7 @@ class GrpcVendoring_1_26_0 {
    */
   static List<String> runtimeDependencies() {
     return [
-      'com.google.errorprone:error_prone_annotations:2.3.3',
-      'commons-logging:commons-logging:1.2',
-      'org.apache.logging.log4j:log4j-api:2.6.2',
-      'org.slf4j:slf4j-api:1.7.30',
       // TODO(BEAM-9288): Enable relocation for conscrypt
-      "org.conscrypt:conscrypt-openjdk-uber:$conscrypt_version"
     ]
   }
 

examples/java/build.gradle

@@ -66,7 +66,11 @@ dependencies {
   compile library.java.joda_time
   compile library.java.proto_google_cloud_datastore_v1
   compile library.java.slf4j_api
-  compile library.java.slf4j_jdk14
+  compile "com.google.api.grpc:proto-google-cloud-language-v1:1.81.4"
+  compile library.java.jsr305
+  compile "com.google.oauth-client:google-oauth-client:1.31.0"
+  permitUnusedDeclared "com.google.auto.value:auto-value-annotations:1.7.2"
+  permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
   runtime project(path: ":runners:direct-java", configuration: "shadow")
   testCompile project(":sdks:java:io:google-cloud-platform")
   testCompile project(":sdks:java:extensions:ml")

examples/kotlin/build.gradle

@@ -59,18 +59,17 @@ dependencies {
   compile library.java.google_api_services_pubsub
   compile library.java.google_auth_library_credentials
   compile library.java.google_auth_library_oauth2_http
-  compile library.java.google_cloud_datastore_v1_proto_client
   compile library.java.google_http_client
   compile library.java.joda_time
-  compile library.java.proto_google_cloud_datastore_v1
   compile library.java.slf4j_api
-  compile library.java.slf4j_jdk14
+  compile "com.google.guava:guava:25.1-jre"
+  compile "org.jetbrains.kotlin:kotlin-stdlib:1.3.72"
+  compile "org.jetbrains:annotations:13.0"
   runtime project(path: ":runners:direct-java", configuration: "shadow")
   testCompile project(":sdks:java:io:google-cloud-platform")
-  testCompile library.java.hamcrest_core
-  testCompile library.java.hamcrest_library
   testCompile library.java.junit
-  testCompile library.java.mockito_core
+  permitUnusedDeclared "com.google.auto.value:auto-value-annotations:1.7.2"
+  permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
 
   // Add dependencies for the PreCommit configurations
   // For each runner a project level dependency on the examples project.
@@ -87,7 +86,6 @@ dependencies {
   sparkRunnerPreCommit project(":sdks:java:io:hadoop-file-system")
   sparkRunnerPreCommit library.java.spark_streaming
   sparkRunnerPreCommit library.java.spark_core
-  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
 }
 
 /*

gradle.properties

@@ -31,3 +31,6 @@ javaVersion=1.8
 
 docker_image_default_repo_root=apache
 docker_image_default_repo_prefix=beam_
+
+org.gradle.daemon=true
+file.encoding=utf-8

model/fn-execution/build.gradle

@@ -28,6 +28,9 @@ ext.summary = "Portable definitions for execution user-defined functions."
 dependencies {
   // We purposely depend on the unshaded classes for protobuf compilation and
   // export the shaded variant as the actual runtime dependency.
+  compile "com.google.guava:guava:28.1-android"
   compile project(path: ":model:pipeline", configuration: "unshaded")
   runtime project(path: ":model:pipeline", configuration: "shadow")
+  permitUnusedDeclared library.java.vendored_grpc_1_26_0
+  permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
 }

model/job-management/build.gradle

@@ -32,4 +32,7 @@ dependencies {
   // export the shaded variant as the actual runtime dependency.
   compile project(path: ":model:pipeline", configuration: "unshaded")
   runtime project(path: ":model:pipeline", configuration: "shadow")
+  permitUnusedDeclared library.java.vendored_grpc_1_26_0
+  permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
+  compile "com.google.guava:guava:28.1-android"
 }

model/pipeline/build.gradle

@@ -32,3 +32,9 @@ configurations {
 artifacts {
     unshaded jar
 }
+
+
+dependencies {
+    permitUnusedDeclared library.java.vendored_grpc_1_26_0
+    permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
+}

release/build.gradle

@@ -24,7 +24,6 @@ repositories {
 
 dependencies {
   compile library.groovy.groovy_all
-  compile 'commons-cli:commons-cli:1.2'
 }
 
 task runJavaExamplesValidationTask {

runners/core-construction-java/build.gradle

@@ -60,8 +60,9 @@ dependencies {
   compile library.java.jackson_databind
   compile library.java.joda_time
   compile library.java.slf4j_api
-  testCompile library.java.hamcrest_core
-  testCompile library.java.hamcrest_library
+  compile "com.fasterxml.jackson.core:jackson-annotations:2.10.2"
+  compile library.java.jsr305
+  compile library.java.avro
   testCompile library.java.junit
   testCompile library.java.mockito_core
   testCompile library.java.jackson_annotations

runners/core-java/build.gradle

@@ -41,17 +41,17 @@ test {
 dependencies {
   compile project(path: ":model:pipeline", configuration: "shadow")
   compile project(path: ":sdks:java:core", configuration: "shadow")
-  compile project(path: ":model:fn-execution", configuration: "shadow")
+  compile project(path: ":model:job-management:", configuration: "shadow")
   compile project(":runners:core-construction-java")
-  compile project(":sdks:java:fn-execution")
+  permitUsedUndeclared project(":sdks:java:fn-execution")
   compile library.java.vendored_guava_26_0_jre
   compile library.java.joda_time
+  compile library.java.jsr305
+  compile library.java.vendored_grpc_1_26_0
+  compile library.java.slf4j_api
   testCompile project(path: ":sdks:java:core", configuration: "shadowTest")
   testCompile library.java.junit
-  testCompile library.java.hamcrest_core
-  testCompile library.java.hamcrest_library
   testCompile library.java.mockito_core
   testCompile library.java.slf4j_api
-  testCompile library.java.jackson_dataformat_yaml
   testRuntimeOnly library.java.slf4j_simple
 }

runners/direct-java/build.gradle

@@ -26,7 +26,8 @@ def dependOnProjects = [":runners:core-construction-java",
                         ":runners:core-java",
                         ":runners:local-java",
                         ":runners:java-fn-execution",
-                        ":sdks:java:fn-execution"]
+                        ":sdks:java:fn-execution"
+                        ]
 
 applyJavaNature(
         automaticModuleName: 'org.apache.beam.runners.direct',
@@ -72,17 +73,16 @@ dependencies {
   shadow library.java.vendored_grpc_1_26_0
   shadow library.java.joda_time
   shadow library.java.slf4j_api
-  shadow library.java.args4j
+  permitUnusedDeclared library.java.vendored_grpc_1_26_0
+  permitUnusedDeclared project(":runners:java-fn-execution")
+  permitUnusedDeclared project(":sdks:java:fn-execution")
+  compile "com.fasterxml.jackson.core:jackson-databind:2.10.2"
+  compile library.java.jsr305
   provided library.java.hamcrest_core
   provided library.java.junit
   shadowTest project(path: ":sdks:java:core", configuration: "shadowTest")
   shadowTest project(path: ":runners:core-java", configuration: "testRuntime")
-  shadowTest library.java.slf4j_jdk14
   shadowTest library.java.mockito_core
-  shadowTest library.java.stax2_api
-  shadowTest library.java.woodstox_core_asl
-  shadowTest library.java.google_cloud_dataflow_java_proto_library_all
-  shadowTest library.java.jackson_dataformat_yaml
   needsRunner project(path: ":runners:core-construction-java", configuration: "testRuntime")
   needsRunner project(path: ":runners:core-java", configuration: "testRuntime")
   needsRunner project(path: ":sdks:java:core", configuration: "shadowTest")

runners/extensions-java/metrics/build.gradle

@@ -26,10 +26,11 @@ description = "Apache Beam :: Runners :: Extensions Java :: Metrics"
 ext.summary = "Beam Runners Extensions Metrics provides implementations of runners core metrics APIs."
 
 dependencies {
-  compile library.java.vendored_guava_26_0_jre
   compile project(path: ":sdks:java:core", configuration: "shadow")
   compile library.java.jackson_databind
   compile library.java.jackson_datatype_joda
+  compile library.java.jackson_core
+  compile library.java.joda_time
   testCompile library.java.joda_time
   testCompile library.java.junit
 }

runners/flink/1.10/job-server/build.gradle

@@ -29,3 +29,7 @@ project.ext {
 
 // Load the main build script which contains all build logic.
 apply from: "$basePath/flink_job_server.gradle"
+
+dependencies {
+  permitUnusedDeclared project(":runners:flink:1.10")
+}

runners/flink/1.11/job-server/build.gradle

@@ -29,3 +29,8 @@ project.ext {
 
 // Load the main build script which contains all build logic.
 apply from: "$basePath/flink_job_server.gradle"
+
+
+dependencies {
+  permitUnusedDeclared project(":runners:flink:1.11")
+}

runners/flink/1.8/build.gradle

@@ -17,7 +17,6 @@
  */
 
 def basePath = '..'
-
 /* All properties required for loading the Flink build script */
 project.ext {
   // Set the version of all Flink-related dependencies here.

runners/flink/1.8/job-server/build.gradle

@@ -29,3 +29,7 @@ project.ext {
 
 // Load the main build script which contains all build logic.
 apply from: "$basePath/flink_job_server.gradle"
+
+dependencies {
+  permitUnusedDeclared project(":runners:flink:1.8")
+}

runners/flink/1.9/build.gradle

@@ -31,3 +31,4 @@ project.ext {
 
 // Load the main build script which contains all build logic.
 apply from: "$basePath/flink_runner.gradle"
+

runners/flink/1.9/job-server/build.gradle

@@ -29,3 +29,7 @@ project.ext {
 
 // Load the main build script which contains all build logic.
 apply from: "$basePath/flink_job_server.gradle"
+
+dependencies {
+  permitUnusedDeclared project(":runners:flink:1.9")
+}

runners/flink/flink_runner.gradle

@@ -41,6 +41,7 @@ description = "Apache Beam :: Runners :: Flink $flink_version"
 evaluationDependsOn(":sdks:java:core")
 evaluationDependsOn(":runners:core-java")
 
+def checker_qual_version = "2.0.0"
 /*
  * Copy & merge source overrides into build directory.
  */
@@ -169,6 +170,19 @@ dependencies {
   validatesRunner project(path: ":runners:core-java", configuration: "testRuntime")
   validatesRunner project(project.path)
   miniCluster "org.apache.flink:flink-runtime-web_2.11:$flink_version"
+  compile project(path: ":model:fn-execution", configuration: "shadow")
+  compile project(path: ":model:pipeline", configuration: "shadow")
+  compile project(path: ":model:job-management:", configuration: "shadow")
+  compile project(":sdks:java:fn-execution")
+  compile project(path: ":vendor:sdks-java-extensions-protobuf", configuration: "shadow")
+  permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
+  permitUnusedDeclared library.java.jackson_annotations
+  compile library.java.jackson_databind
+  compile library.java.jsr305
+  compile "org.apache.flink:flink-annotations:$flink_version"
+  compile "org.apache.flink:flink-optimizer_2.11:$flink_version"
+  permitUnusedDeclared "org.apache.flink:flink-clients_2.11:$flink_version"
+  compile "org.checkerframework:checker-qual:$checker_qual_version"
 }
 
 class ValidatesRunnerConfig {

runners/flink/job-server/flink_job_server.gradle

@@ -94,6 +94,8 @@ dependencies {
   runtimeOnly project(":sdks:java:io:google-cloud-platform")
   // SqlTransform
   runtimeOnly project(":sdks:java:extensions:sql:expansion-service")
+  permitUnusedDeclared project(":runners:flink:1.8")
+  permitUnusedDeclared "org.checkerframework:checker-qual:3.7.0"
 }
 
 // NOTE: runShadow must be used in order to run the job server. The standard run

runners/google-cloud-dataflow-java/build.gradle

@@ -78,18 +78,26 @@ dependencies {
   compile library.java.google_api_client
   compile library.java.google_api_services_clouddebugger
   compile library.java.google_api_services_dataflow
-  compile library.java.google_api_services_storage
+  testImplementation 'com.google.apis:google-api-services-storage:v1-rev20200611-1.30.10'
   compile library.java.google_auth_library_credentials
   compile library.java.google_auth_library_oauth2_http
   compile library.java.google_http_client
-  compile library.java.google_http_client_jackson2
+  testImplementation 'com.google.http-client:google-http-client-jackson2:1.34.0'
   compile library.java.jackson_annotations
   compile library.java.jackson_core
   compile library.java.jackson_databind
   compile library.java.joda_time
   compile library.java.slf4j_api
   compile library.java.vendored_grpc_1_26_0
-  testCompile library.java.hamcrest_core
+  compile library.java.jsr305
+  compile "org.checkerframework:checker-qual:2.0.0"
+  compile "org.hamcrest:hamcrest:2.1"
+  compile "com.google.auth:google-auth-library-credentials:0.19.0"
+  permitUnusedDeclared "com.google.guava:guava:25.1-jre"
+  permitUnusedDeclared "io.opencensus:opencensus-api:0.24.0"
+  compile "org.checkerframework:checker-qual:2.0.0"
+  permitUnusedDeclared "org.conscrypt:conscrypt-openjdk-uber:2.5.1"
+  permitUnusedDeclared "com.google.api.grpc:proto-google-common-protos:1.17.0"
   testCompile library.java.guava_testlib
   testCompile library.java.junit
   testCompile project(path: ":sdks:java:io:google-cloud-platform", configuration: "testRuntime")
@@ -99,8 +107,6 @@ dependencies {
   testCompile library.java.google_cloud_dataflow_java_proto_library_all
   testCompile library.java.jackson_dataformat_yaml
   testCompile library.java.mockito_core
-  testCompile library.java.proto_google_cloud_datastore_v1
-  testCompile library.java.slf4j_jdk14
   validatesRunner project(path: ":sdks:java:core", configuration: "shadowTest")
   validatesRunner project(project.path)
   validatesRunner project(path: project.path, configuration: "testRuntime")