Add @maven//:outdated to check for updated versions of artifacts

.bazelci/presubmit.yml

@@ -9,6 +9,7 @@ tasks:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
       - bazel run @duplicate_artifacts_test//:pin
+      - bazel run @regression_testing//:outdated
     test_flags:
       - "--//settings:stamp_manifest=True"
     test_targets:
@@ -31,6 +32,7 @@ tasks:
     shell_commands:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
+      - bazel run @regression_testing//:outdated
     test_targets:
       - "--"
       - "//..."
@@ -40,6 +42,7 @@ tasks:
     shell_commands:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
+      - bazel run @regression_testing//:outdated
     test_targets:
       - "--"
       - "//..."
@@ -49,6 +52,7 @@ tasks:
     shell_commands:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
+      - bazel run @regression_testing//:outdated
     test_targets:
       - "--"
       - "//..."
@@ -63,6 +67,7 @@ tasks:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
       - bazel run @duplicate_artifacts_test//:pin
+      - bazel run @regression_testing//:outdated
     test_targets:
       - "--"
       - "//..."
@@ -75,6 +80,7 @@ tasks:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
       - bazel run @duplicate_artifacts_test//:pin
+      - bazel run @regression_testing//:outdated
     test_flags:
       - "--//settings:stamp_manifest=True"
     test_targets:
@@ -91,6 +97,7 @@ tasks:
       - bazel run @unpinned_regression_testing//:pin
       - bazel run @unpinned_maven_install_in_custom_location//:pin
       - bazel run @duplicate_artifacts_test//:pin
+      - bazel run @regression_testing//:outdated
     test_targets:
       - "--"
       - "//..."

README.md

@@ -18,6 +18,7 @@ Table of Contents
          * [Custom location for maven_install.json](#custom-location-for-maven_installjson)
          * [Multiple maven_install.json files](#multiple-maven_installjson-files)
       * [Generated targets](#generated-targets)
+      * [Outdated artifacts](#outdated-artifacts)
       * [Advanced usage](#advanced-usage)
          * [Fetch source JARs](#fetch-source-jars)
          * [Checksum verification](#checksum-verification)
@@ -285,6 +286,14 @@ the artifact, which integrates with rules like [bazel-common's
 for generating POM files. See the [`pom_file_generation`
 example](examples/pom_file_generation/) for more information.
 
+## Outdated artifacts
+
+To check for updates of artifacts, run the following command at the root of your Bazel workspace:
+
+```
+$ bazel run @maven//:outdated
+```
+
 ## Advanced usage
 
 ### Fetch source JARs
@@ -827,7 +836,7 @@ migration, convert legacy Android support library (`com.android.support`)
 libraries to rely on new AndroidX packages using the
 [Jetifier](https://developer.android.com/studio/command-line/jetifier) tool.
 Enable jetification by specifying `jetify = True` in `maven_install.`
-Control which artifacts to jetify with `jetify_include_list` — list of artifacts that need to be jetified in `groupId:artifactId` format. 
+Control which artifacts to jetify with `jetify_include_list` — list of artifacts that need to be jetified in `groupId:artifactId` format.
 By default all artifacts are jetified if `jetify` is set to True.
 
 NOTE: There is a performance penalty to using jetifier due to modifying fetched binaries, fetching
@@ -952,7 +961,7 @@ bazel run --stamp \
   //user_project:exported_lib.publish`
 ```
 
-When using the `gpg_sign` option, the current default key will be used for 
+When using the `gpg_sign` option, the current default key will be used for
 signing, and the `gpg` binary needs to be installed on the machine.
 
 ## Demo

WORKSPACE

@@ -51,9 +51,20 @@ http_archive(
 # dependencies. So, we omit them to keep the WORKSPACE file simpler.
 # https://skydoc.bazel.build/docs/getting_started_stardoc.html
 
+load("//:defs.bzl", "maven_install")
+
+maven_install(
+    name = "outdated",
+    artifacts = [
+        "org.apache.maven:maven-artifact:3.6.3",
+    ],
+    repositories = [
+        "https://repo1.maven.org/maven2",
+    ],
+)
+
 # Begin test dependencies
 
-load("//:defs.bzl", "maven_install")
 load("//:specs.bzl", "maven")
 
 maven_install(

coursier.bzl

@@ -58,6 +58,18 @@ sh_binary(
 )
 """
 
+_BUILD_OUTDATED = """
+sh_binary(
+    name = "outdated",
+    srcs = ["outdated.sh"],
+    data = [
+        "@rules_jvm_external//private/tools/prebuilt:outdated_deploy.jar",
+        "outdated.artifacts",
+        "outdated.repositories"
+    ],
+)
+"""
+
 def _is_verbose(repository_ctx):
     return bool(repository_ctx.os.environ.get("RJE_VERBOSE"))
 
@@ -265,16 +277,43 @@ def _get_jq_http_files():
         ])
     return lines
 
+def _add_outdated_files(repository_ctx, artifacts, repositories):
+    repository_ctx.file(
+        "outdated.artifacts",
+        "\n".join(["{}:{}:{}".format(artifact["group"], artifact["artifact"], artifact["version"]) for artifact in artifacts]) + "\n",
+        executable = False,
+    )
+
+    repository_ctx.file(
+        "outdated.repositories",
+        "\n".join([repo["repo_url"] for repo in repositories]) + "\n",
+        executable = False,
+    )
+
+    repository_ctx.template(
+        "outdated.sh",
+        repository_ctx.attr._outdated,
+        {
+            "{repository_name}": repository_ctx.name,
+            "{proxy_opts}": " ".join(_get_java_proxy_args(repository_ctx)),
+        },
+        executable = True,
+    )
+
 def _pinned_coursier_fetch_impl(repository_ctx):
     if not repository_ctx.attr.maven_install_json:
         fail("Please specify the file label to maven_install.json (e.g." +
              "//:maven_install.json).")
 
     _windows_check(repository_ctx)
 
+    repositories = []
+    for repository in repository_ctx.attr.repositories:
+        repositories.append(json_parse(repository))
+
     artifacts = []
-    for a in repository_ctx.attr.artifacts:
-        artifacts.append(json_parse(a))
+    for artifact in repository_ctx.attr.artifacts:
+        artifacts.append(json_parse(artifact))
 
     # Read Coursier state from maven_install.json.
     repository_ctx.symlink(
@@ -396,19 +435,21 @@ def _pinned_coursier_fetch_impl(repository_ctx):
         "compat_repository.bzl",
         repository_ctx.attr._compat_repository,
         substitutions = {},
-        executable = False,  # not executable
+        executable = False,
     )
 
     repository_ctx.file(
         "BUILD",
-        _BUILD.format(
+        (_BUILD + _BUILD_OUTDATED).format(
             visibility = "private" if repository_ctx.attr.strict_visibility else "public",
             repository_name = repository_ctx.name,
             imports = generated_imports,
         ),
-        False,  # not executable
+        executable = False,
     )
 
+    _add_outdated_files(repository_ctx, artifacts, repositories)
+
     # Generate a compatibility layer of external repositories for all jar artifacts.
     if repository_ctx.attr.generate_compat_repositories:
         compat_repositories_bzl = ["load(\"@%s//:compat_repository.bzl\", \"compat_repository\")" % repository_ctx.name]
@@ -423,7 +464,7 @@ def _pinned_coursier_fetch_impl(repository_ctx):
             repository_ctx.file(
                 "compat.bzl",
                 "\n".join(compat_repositories_bzl) + "\n",
-                False,  # not executable
+                executable = False,
             )
 
 def split_url(url):
@@ -645,12 +686,12 @@ def _coursier_fetch_impl(repository_ctx):
         repositories.append(json_parse(repository))
 
     artifacts = []
-    for a in repository_ctx.attr.artifacts:
-        artifacts.append(json_parse(a))
+    for artifact in repository_ctx.attr.artifacts:
+        artifacts.append(json_parse(artifact))
 
     excluded_artifacts = []
-    for a in repository_ctx.attr.excluded_artifacts:
-        excluded_artifacts.append(json_parse(a))
+    for artifact in repository_ctx.attr.excluded_artifacts:
+        excluded_artifacts.append(json_parse(artifact))
 
     # Once coursier finishes a fetch, it generates a tree of artifacts and their
     # transitive dependencies in a JSON file. We use that as the source of truth
@@ -790,7 +831,7 @@ def _coursier_fetch_impl(repository_ctx):
     repository_ctx.file(
         "hasher_argsfile",
         "\n".join([str(f) for f in files_to_hash]) + "\n",
-        False,  # Not executable
+        executable = False,
     )
     exec_result = repository_ctx.execute(
         hasher_command + ["--argsfile", repository_ctx.path("hasher_argsfile")],
@@ -839,17 +880,21 @@ def _coursier_fetch_impl(repository_ctx):
     # the user invokes artifact pinning. Normalize the repository name here.
     if repository_ctx.name.startswith("unpinned_"):
         repository_name = repository_ctx.name[len("unpinned_"):]
+        outdated_build_file_content = ""
     else:
         repository_name = repository_ctx.name
+        # Add outdated artifact files if this is a pinned repo
+        outdated_build_file_content = _BUILD_OUTDATED
+        _add_outdated_files(repository_ctx, artifacts, repositories)
 
     repository_ctx.file(
         "BUILD",
-        (_BUILD + _BUILD_PIN).format(
+        (_BUILD + _BUILD_PIN + outdated_build_file_content).format(
             visibility = "private" if repository_ctx.attr.strict_visibility else "public",
             repository_name = repository_name,
             imports = generated_imports,
         ),
-        False,  # not executable
+        executable = False,
     )
 
     # If maven_install.json has already been used in maven_install,
@@ -907,7 +952,7 @@ def _coursier_fetch_impl(repository_ctx):
             "compat_repository.bzl",
             repository_ctx.attr._compat_repository,
             substitutions = {},
-            executable = False,  # not executable
+            executable = False,
         )
 
         compat_repositories_bzl = ["load(\"@%s//:compat_repository.bzl\", \"compat_repository\")" % repository_ctx.name]
@@ -922,12 +967,14 @@ def _coursier_fetch_impl(repository_ctx):
         repository_ctx.file(
             "compat.bzl",
             "\n".join(compat_repositories_bzl) + "\n",
-            False,  # not executable
+            executable = False,
         )
 
 pinned_coursier_fetch = repository_rule(
     attrs = {
         "_compat_repository": attr.label(default = "//:private/compat_repository.bzl"),
+        "_outdated": attr.label(default = "//:private/outdated.sh"),
+        "repositories": attr.string_list(),  # list of repository objects, each as json
         "artifacts": attr.string_list(),  # list of artifact objects, each as json
         "fetch_sources": attr.bool(default = False),
         "generate_compat_repositories": attr.bool(default = False),  # generate a compatible layer with repositories for each artifact
@@ -953,6 +1000,7 @@ coursier_fetch = repository_rule(
         "_sha256_hasher": attr.label(default = "//private/tools/prebuilt:hasher_deploy.jar"),
         "_pin": attr.label(default = "//:private/pin.sh"),
         "_compat_repository": attr.label(default = "//:private/compat_repository.bzl"),
+        "_outdated": attr.label(default = "//:private/outdated.sh"),
         "repositories": attr.string_list(),  # list of repository objects, each as json
         "artifacts": attr.string_list(),  # list of artifact objects, each as json
         "fail_on_missing_checksum": attr.bool(default = True),

defs.bzl

@@ -126,6 +126,7 @@ def maven_install(
         # Create the repository generated from a maven_install.json file.
         pinned_coursier_fetch(
             name = name,
+            repositories = repositories_json_strings,
             artifacts = artifacts_json_strings,
             maven_install_json = maven_install_json,
             fetch_sources = fetch_sources,

private/outdated.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if [ -f "private/tools/prebuilt/outdated_deploy.jar" ]; then
+    outdated_jar_path=private/tools/prebuilt/outdated_deploy.jar
+else
+    outdated_jar_path=external/rules_jvm_external/private/tools/prebuilt/outdated_deploy.jar
+fi
+
+java {proxy_opts} -jar $outdated_jar_path external/{repository_name}/outdated.artifacts external/{repository_name}/outdated.repositories

private/tools/java/rules/jvm/external/maven/BUILD

@@ -13,3 +13,19 @@ java_binary(
         "//private/tools/java/rules/jvm/external:byte-streams",
     ],
 )
+
+java_binary(
+    name = "outdated",
+    srcs = ["Outdated.java"],
+    javacopts = [
+        "-source",
+        "8",
+        "-target",
+        "8",
+    ],
+    main_class = "rules.jvm.external.maven.Outdated",
+    visibility = ["//visibility:public"],
+    deps = [
+        "@outdated//:org_apache_maven_maven_artifact",
+    ],
+)