From d12d068c3724415275674055c738ff7684886679 Mon Sep 17 00:00:00 2001 From: Pei Wang Date: Fri, 13 Aug 2021 04:50:34 +0000 Subject: [PATCH] build: Turn tsec checks into bazel tests. (#43108) Introduce two new bazel rules: tsec_test and tsec_config, for describing the tsec checks and the tsconfig file needed for such checks, respectively. Currently, tsec_test only checks the srcs of a ts_library or ng_module. It does not check direct or transitive dependencies. Also, tsconfig files need to be manually maintained to make sure tsec can read all necessary input (including global symbols). PR Close #43108 --- .gitignore | 3 - .pullapprove.yml | 4 +- package.json | 6 +- packages/BUILD.bazel | 8 + .../animations/browser/tsconfig-tsec.json | 20 --- packages/animations/tsconfig-tsec.json | 18 --- packages/common/http/tsconfig-tsec.json | 20 --- packages/common/tsconfig-tsec.json | 18 --- packages/compiler/BUILD.bazel | 13 ++ packages/core/BUILD.bazel | 14 +- packages/core/src/compiler/BUILD.bazel | 13 ++ packages/core/src/compiler/tsconfig-tsec.json | 8 + packages/core/src/di/interface/BUILD.bazel | 13 ++ .../core/src/di/interface/tsconfig-tsec.json | 7 + packages/core/src/interface/BUILD.bazel | 13 ++ .../core/src/interface/tsconfig-tsec.json | 7 + packages/core/src/reflection/BUILD.bazel | 13 ++ .../core/src/reflection/tsconfig-tsec.json | 7 + packages/core/src/util/BUILD.bazel | 14 ++ packages/core/src/util/tsconfig-tsec.json | 9 ++ packages/core/tsconfig-tsec.json | 9 +- .../tsconfig-tsec.json | 25 --- packages/platform-browser/BUILD.bazel | 13 ++ .../platform-browser/animations/BUILD.bazel | 13 ++ .../animations/tsconfig-tsec.json | 8 - packages/platform-browser/tsconfig-tsec.json | 6 - packages/platform-server/BUILD.bazel | 13 ++ packages/platform-server/init/BUILD.bazel | 13 ++ .../platform-server/init/tsconfig-tsec.json | 8 + packages/platform-server/tsconfig-tsec.json | 15 +- packages/tsconfig-tsec-base.json | 2 +- packages/tsconfig-tsec.json | 10 -- packages/zone.js/lib/tsconfig-tsec.json | 9 -- tools/defaults.bzl | 21 +++ tools/tsec.bzl | 143 ++++++++++++++++++ yarn.lock | 8 +- 36 files changed, 376 insertions(+), 168 deletions(-) delete mode 100644 packages/animations/browser/tsconfig-tsec.json delete mode 100644 packages/animations/tsconfig-tsec.json delete mode 100644 packages/common/http/tsconfig-tsec.json delete mode 100644 packages/common/tsconfig-tsec.json create mode 100644 packages/core/src/compiler/tsconfig-tsec.json create mode 100644 packages/core/src/di/interface/tsconfig-tsec.json create mode 100644 packages/core/src/interface/tsconfig-tsec.json create mode 100644 packages/core/src/reflection/tsconfig-tsec.json create mode 100644 packages/core/src/util/tsconfig-tsec.json delete mode 100644 packages/platform-browser-dynamic/tsconfig-tsec.json create mode 100644 packages/platform-server/init/tsconfig-tsec.json delete mode 100644 packages/tsconfig-tsec.json delete mode 100644 packages/zone.js/lib/tsconfig-tsec.json create mode 100644 tools/tsec.bzl diff --git a/.gitignore b/.gitignore index 43dc8355e072f..140aed39fc014 100644 --- a/.gitignore +++ b/.gitignore @@ -52,6 +52,3 @@ baseline.json # Husky .husky/_ - -# tsec -.tsec diff --git a/.pullapprove.yml b/.pullapprove.yml index 15a63e1bd3c87..3af885b08e5fa 100644 --- a/.pullapprove.yml +++ b/.pullapprove.yml @@ -731,10 +731,10 @@ groups: 'packages/core/test/linker/security_integration_spec.ts', 'packages/compiler/src/schema/**', 'packages/platform-browser/src/security/**', - 'packages/tsconfig-tsec.json', 'packages/tsconfig-tsec-base.json', 'packages/**/tsconfig-tsec.json', - 'packages/tsec-exemption.json' + 'packages/tsec-exemption.json', + 'tools/tsec.bzl', 'aio/content/guide/security.md', 'aio/content/examples/security/**', 'aio/content/images/guide/security/**', diff --git a/package.json b/package.json index 76e6f734043ae..5e2133ec54d00 100644 --- a/package.json +++ b/package.json @@ -26,6 +26,7 @@ "prepare": "husky install", "test-ivy-aot": "bazelisk test --config=ivy --build_tag_filters=-no-ivy-aot,-fixme-ivy-aot --test_tag_filters=-no-ivy-aot,-fixme-ivy-aot", "test-non-ivy": "bazelisk test --build_tag_filters=-ivy-only --test_tag_filters=-ivy-only", + "test-tsec": "bazelisk test //... --build_tag_filters=tsec --test_tag_filters=tsec", "test-fixme-ivy-aot": "bazelisk test --config=ivy --build_tag_filters=-no-ivy-aot --test_tag_filters=-no-ivy-aot", "list-fixme-ivy-targets": "bazelisk query --output=label 'attr(\"tags\", \"\\[.*fixme-ivy.*\\]\", //...) except kind(\"sh_binary\", //...) except kind(\"devmode_js_sources\", //...)' | sort", "lint": "yarn -s tslint && yarn -s ng-dev format changed --check", @@ -36,8 +37,7 @@ "symbol-extractor:update": "node tools/symbol-extractor/run_all_symbols_extractor_tests.js accept", "ts-circular-deps:check": "yarn -s ng-dev ts-circular-deps check --config ./packages/circular-deps-test.conf.js", "ts-circular-deps:approve": "yarn -s ng-dev ts-circular-deps approve --config ./packages/circular-deps-test.conf.js", - "check-tooling-setup": "yarn tsc --project .ng-dev/tsconfig.json", - "tsec:packages": "yarn tsec -b packages/tsconfig-tsec.json" + "check-tooling-setup": "yarn tsc --project .ng-dev/tsconfig.json" }, "// 1": "dependencies are used locally and by bazel", "dependencies": { @@ -181,7 +181,7 @@ "sauce-connect": "https://saucelabs.com/downloads/sc-4.6.2-linux.tar.gz", "semver": "^7.3.5", "ts-node": "^10.0.0", - "tsec": "0.1.7", + "tsec": "0.1.8", "tslint-eslint-rules": "5.4.0", "tslint-no-toplevel-property-access": "0.0.2", "typed-graphqlify": "^3.1.1", diff --git a/packages/BUILD.bazel b/packages/BUILD.bazel index f8e2de5fc2af9..59ce4860dbf45 100644 --- a/packages/BUILD.bazel +++ b/packages/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ts_config", "ts_library") +load("//tools:tsec.bzl", "tsec_config") package(default_visibility = ["//visibility:public"]) @@ -22,6 +23,13 @@ ts_config( deps = [":tsconfig-build.json"], ) +tsec_config( + name = "tsec_config", + src = "tsconfig-tsec-base.json", + exemption = ":tsec-exemption.json", + deps = [":tsconfig-build.json"], +) + exports_files([ "license-banner.txt", "README.md", diff --git a/packages/animations/browser/tsconfig-tsec.json b/packages/animations/browser/tsconfig-tsec.json deleted file mode 100644 index 65f9e28b17e5e..0000000000000 --- a/packages/animations/browser/tsconfig-tsec.json +++ /dev/null @@ -1,20 +0,0 @@ -/** For building //packages/animations/browser. */ -{ - "extends": "../../tsconfig-tsec-base.json", - "compilerOptions": { - "baseUrl": ".", - "outDir": ".tsec", - "paths": { - "@angular/core": ["../../core"], - "@angular/animations": ["../"] - } - }, - "include": [ - "*.ts", - "src/**/*.ts" - ], - "references": [ - {"path": "../../core/tsconfig-tsec.json"}, - {"path": "../tsconfig-tsec.json"} - ] -} diff --git a/packages/animations/tsconfig-tsec.json b/packages/animations/tsconfig-tsec.json deleted file mode 100644 index d43c2ca84443b..0000000000000 --- a/packages/animations/tsconfig-tsec.json +++ /dev/null @@ -1,18 +0,0 @@ -/** For building //packages/animations. */ -{ - "extends": "../tsconfig-tsec-base.json", - "compilerOptions": { - "baseUrl": ".", - "outDir": ".tsec", - "paths": { - "@angular/core": ["../core"] - } - }, - "include": [ - "*.ts", - "src/**/*.ts" - ], - "references": [ - {"path": "../core/tsconfig-tsec.json"} - ] -} diff --git a/packages/common/http/tsconfig-tsec.json b/packages/common/http/tsconfig-tsec.json deleted file mode 100644 index e0dc44681a1c6..0000000000000 --- a/packages/common/http/tsconfig-tsec.json +++ /dev/null @@ -1,20 +0,0 @@ -/** For building //packages/common/http. */ -{ - "extends": "../../tsconfig-tsec-base.json", - "compilerOptions": { - "baseUrl": ".", - "outDir": ".tsec", - "paths": { - "@angular/core": ["../../core"], - "@angular/common": [".."] - } - }, - "include": [ - "*.ts", - "src/**/*.ts" - ], - "references": [ - {"path": "../../core/tsconfig-tsec.json"}, - {"path": "../tsconfig-tsec.json"} - ] -} diff --git a/packages/common/tsconfig-tsec.json b/packages/common/tsconfig-tsec.json deleted file mode 100644 index 8f96fb839c16c..0000000000000 --- a/packages/common/tsconfig-tsec.json +++ /dev/null @@ -1,18 +0,0 @@ -/** For building //packages/common. */ -{ - "extends": "../tsconfig-tsec-base.json", - "compilerOptions": { - "baseUrl": ".", - "outDir": ".tsec", - "paths": { - "@angular/core": ["../core"] - } - }, - "include": [ - "*.ts", - "src/**/*.ts" - ], - "references": [ - {"path": "../core/tsconfig-tsec.json"} - ] -} diff --git a/packages/compiler/BUILD.bazel b/packages/compiler/BUILD.bazel index fa2e1a342d176..c5315e173f29a 100644 --- a/packages/compiler/BUILD.bazel +++ b/packages/compiler/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ng_package", "ts_library") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = ["//visibility:public"]) @@ -12,6 +13,18 @@ ts_library( ), ) +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "compiler", + tsconfig = "tsec_config", +) + ng_package( name = "npm_package", srcs = [ diff --git a/packages/core/BUILD.bazel b/packages/core/BUILD.bazel index e6b58532b785e..7ae99b1c05aa5 100644 --- a/packages/core/BUILD.bazel +++ b/packages/core/BUILD.bazel @@ -1,5 +1,6 @@ load("@build_bazel_rules_nodejs//:index.bzl", "generated_file_test") load("//tools:defaults.bzl", "api_golden_test", "api_golden_test_npm_package", "ng_module", "ng_package") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") load("//packages/common/locales:index.bzl", "generate_base_locale_file") package(default_visibility = ["//visibility:public"]) @@ -34,12 +35,23 @@ ng_module( "//packages/core/src/interface", "//packages/core/src/reflection", "//packages/core/src/util", - "//packages/localize", "//packages/zone.js/lib:zone_d_ts", "@npm//rxjs", ], ) +tsec_config( + name = "tsconfig-tsec", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "core", + tsconfig = "tsconfig-tsec", +) + ng_package( name = "npm_package", srcs = [ diff --git a/packages/core/src/compiler/BUILD.bazel b/packages/core/src/compiler/BUILD.bazel index 457eb5db788bc..eafa9852b3d23 100644 --- a/packages/core/src/compiler/BUILD.bazel +++ b/packages/core/src/compiler/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ts_library") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = [ "//packages/compiler/test:__pkg__", @@ -17,3 +18,15 @@ ts_library( "//packages/core/src/util", ], ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "compiler", + tsconfig = "tsec_config", +) diff --git a/packages/core/src/compiler/tsconfig-tsec.json b/packages/core/src/compiler/tsconfig-tsec.json new file mode 100644 index 0000000000000..e98abf20f236b --- /dev/null +++ b/packages/core/src/compiler/tsconfig-tsec.json @@ -0,0 +1,8 @@ +/** For building //packages/core/src/compiler. */ +{ + "extends": "../../../tsconfig-tsec-base.json", + "include": [ + "**/*.ts", + "../util/ng_dev_mode.d.ts" + ] +} diff --git a/packages/core/src/di/interface/BUILD.bazel b/packages/core/src/di/interface/BUILD.bazel index 787db340e91e2..4011a986f07ec 100644 --- a/packages/core/src/di/interface/BUILD.bazel +++ b/packages/core/src/di/interface/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ts_library") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = [ "//packages/core:__subpackages__", @@ -18,3 +19,15 @@ ts_library( "@npm//rxjs", ], ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "interface", + tsconfig = "tsec_config", +) diff --git a/packages/core/src/di/interface/tsconfig-tsec.json b/packages/core/src/di/interface/tsconfig-tsec.json new file mode 100644 index 0000000000000..990ba43b485e0 --- /dev/null +++ b/packages/core/src/di/interface/tsconfig-tsec.json @@ -0,0 +1,7 @@ +/** For building //packages/core/src/di/interface. */ +{ + "extends": "../../../../tsconfig-tsec-base.json", + "include": [ + "**/*.ts" + ] +} diff --git a/packages/core/src/interface/BUILD.bazel b/packages/core/src/interface/BUILD.bazel index 8f38896a4d83e..aef3e979a3b9e 100644 --- a/packages/core/src/interface/BUILD.bazel +++ b/packages/core/src/interface/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ts_library") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = [ "//packages/core:__subpackages__", @@ -13,3 +14,15 @@ ts_library( ], ), ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "interface", + tsconfig = "tsec_config", +) diff --git a/packages/core/src/interface/tsconfig-tsec.json b/packages/core/src/interface/tsconfig-tsec.json new file mode 100644 index 0000000000000..617b0901a83bf --- /dev/null +++ b/packages/core/src/interface/tsconfig-tsec.json @@ -0,0 +1,7 @@ +/** For building //packages/core/src/inteface. */ +{ + "extends": "../../../tsconfig-tsec-base.json", + "include": [ + "*.ts" + ] +} diff --git a/packages/core/src/reflection/BUILD.bazel b/packages/core/src/reflection/BUILD.bazel index baeae5551ad49..018e9ec1cdaca 100644 --- a/packages/core/src/reflection/BUILD.bazel +++ b/packages/core/src/reflection/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ts_library") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = [ "//packages/core:__subpackages__", @@ -17,3 +18,15 @@ ts_library( "//packages/core/src/util", ], ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "reflection", + tsconfig = "tsec_config", +) diff --git a/packages/core/src/reflection/tsconfig-tsec.json b/packages/core/src/reflection/tsconfig-tsec.json new file mode 100644 index 0000000000000..5d340f1929b02 --- /dev/null +++ b/packages/core/src/reflection/tsconfig-tsec.json @@ -0,0 +1,7 @@ +/** For building //packages/core/src/reflection. */ +{ + "extends": "../../../tsconfig-tsec-base.json", + "include": [ + "**/*.ts" + ] +} diff --git a/packages/core/src/util/BUILD.bazel b/packages/core/src/util/BUILD.bazel index 3ea2b343c1f35..2a9b29a7c9be4 100644 --- a/packages/core/src/util/BUILD.bazel +++ b/packages/core/src/util/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ts_library") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = [ "//packages/core:__subpackages__", @@ -15,6 +16,19 @@ ts_library( deps = [ "//packages:types", "//packages/core/src/interface", + "//packages/zone.js/lib:zone_d_ts", "@npm//rxjs", ], ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "util", + tsconfig = "tsec_config", +) diff --git a/packages/core/src/util/tsconfig-tsec.json b/packages/core/src/util/tsconfig-tsec.json new file mode 100644 index 0000000000000..501d2d37978cc --- /dev/null +++ b/packages/core/src/util/tsconfig-tsec.json @@ -0,0 +1,9 @@ +/** For building //packages/core/src/util. */ +{ + "extends": "../../../tsconfig-tsec-base.json", + "include": [ + "**/*.ts", + "../../../*.d.ts", + "../../../zone.js/lib/zone.d.ts" + ] +} diff --git a/packages/core/tsconfig-tsec.json b/packages/core/tsconfig-tsec.json index aab35fef5f9f0..e08e6c8433dc1 100644 --- a/packages/core/tsconfig-tsec.json +++ b/packages/core/tsconfig-tsec.json @@ -1,15 +1,10 @@ /** For building //packages/core. */ { "extends": "../tsconfig-tsec-base.json", - "compilerOptions": { - "outDir": ".tsec" - }, "include": [ "*.ts", "src/**/*.ts", - "../*.d.ts" - ], - "references": [ - {"path": "../zone.js/lib/tsconfig-tsec.json"} + "../*.d.ts", + "../zone.js/lib/zone.d.ts" ] } diff --git a/packages/platform-browser-dynamic/tsconfig-tsec.json b/packages/platform-browser-dynamic/tsconfig-tsec.json deleted file mode 100644 index 5a2fa5fdba811..0000000000000 --- a/packages/platform-browser-dynamic/tsconfig-tsec.json +++ /dev/null @@ -1,25 +0,0 @@ -/** For building //packages/platform-browser-dynamic. */ -{ - "extends": "../tsconfig-tsec-base.json", - "compilerOptions": { - "baseUrl": ".", - "outDir": ".tsec", - "paths": { - "@angular/core": ["../core"], - "@angular/common": ["../common"], - "@angular/compiler": ["../compiler"], - "@angular/platform-browser": ["../platform-browser"] - } - }, - "include": [ - "*.ts", - "src/**/*.ts", - "../*.d.ts" - ], - "references": [ - {"path": "../core/tsconfig-tsec.json"}, - {"path": "../common/tsconfig-tsec.json"}, - {"path": "../compiler/tsconfig-tsec.json"}, - {"path": "../platform-browser/tsconfig-tsec.json"} - ] -} diff --git a/packages/platform-browser/BUILD.bazel b/packages/platform-browser/BUILD.bazel index 4f09dabc9f48e..953dd71a12991 100644 --- a/packages/platform-browser/BUILD.bazel +++ b/packages/platform-browser/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "api_golden_test_npm_package", "ng_module", "ng_package") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = ["//visibility:public"]) @@ -19,6 +20,18 @@ ng_module( ], ) +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "platform-browser", + tsconfig = "tsec_config", +) + ng_package( name = "npm_package", srcs = [ diff --git a/packages/platform-browser/animations/BUILD.bazel b/packages/platform-browser/animations/BUILD.bazel index e7c29ebdada4c..f212405a3b7c7 100644 --- a/packages/platform-browser/animations/BUILD.bazel +++ b/packages/platform-browser/animations/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ng_module") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = ["//visibility:public"]) @@ -20,3 +21,15 @@ ng_module( "//packages/platform-browser", ], ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "animations", + tsconfig = "tsec_config", +) diff --git a/packages/platform-browser/animations/tsconfig-tsec.json b/packages/platform-browser/animations/tsconfig-tsec.json index e55934d259736..646cf09491d00 100644 --- a/packages/platform-browser/animations/tsconfig-tsec.json +++ b/packages/platform-browser/animations/tsconfig-tsec.json @@ -3,7 +3,6 @@ "extends": "../../tsconfig-tsec-base.json", "compilerOptions": { "baseUrl": ".", - "outDir": ".tsec", "paths": { "@angular/core": ["../../core"], "@angular/common": ["../../common"], @@ -15,12 +14,5 @@ "include": [ "*.ts", "src/**/*.ts" - ], - "references": [ - {"path": "../../core/tsconfig-tsec.json"}, - {"path": "../../common/tsconfig-tsec.json"}, - {"path": "../tsconfig-tsec.json"}, - {"path": "../../animations/tsconfig-tsec.json"}, - {"path": "../../animations/browser/tsconfig-tsec.json"} ] } diff --git a/packages/platform-browser/tsconfig-tsec.json b/packages/platform-browser/tsconfig-tsec.json index 2912fcce184ea..aaf6c6e02a6de 100644 --- a/packages/platform-browser/tsconfig-tsec.json +++ b/packages/platform-browser/tsconfig-tsec.json @@ -3,7 +3,6 @@ "extends": "../tsconfig-tsec-base.json", "compilerOptions": { "baseUrl": ".", - "outDir": ".tsec", "paths": { "@angular/core": ["../core"], "@angular/common": ["../common"] @@ -13,10 +12,5 @@ "*.ts", "src/**/*.ts", "../*.d.ts" - ], - "references": [ - {"path": "../core/tsconfig-tsec.json"}, - {"path": "../common/tsconfig-tsec.json"}, - {"path": "../zone.js/lib/tsconfig-tsec.json"} ] } diff --git a/packages/platform-server/BUILD.bazel b/packages/platform-server/BUILD.bazel index 130308d1a5b58..5b3576782321b 100644 --- a/packages/platform-server/BUILD.bazel +++ b/packages/platform-server/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "api_golden_test_npm_package", "ng_module", "ng_package") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = ["//visibility:public"]) @@ -26,6 +27,18 @@ ng_module( ], ) +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "platform-server", + tsconfig = "tsec_config", +) + ng_package( name = "npm_package", srcs = [ diff --git a/packages/platform-server/init/BUILD.bazel b/packages/platform-server/init/BUILD.bazel index a3dcc6c6670c2..941ed07114d90 100644 --- a/packages/platform-server/init/BUILD.bazel +++ b/packages/platform-server/init/BUILD.bazel @@ -1,4 +1,5 @@ load("//tools:defaults.bzl", "ng_module") +load("//tools:tsec.bzl", "tsec_config", "tsec_test") package(default_visibility = ["//visibility:public"]) @@ -16,3 +17,15 @@ ng_module( "//packages/platform-server", ], ) + +tsec_config( + name = "tsec_config", + src = ":tsconfig-tsec.json", + deps = ["//packages:tsec_config"], +) + +tsec_test( + name = "tsec_test", + target = "init", + tsconfig = "tsec_config", +) diff --git a/packages/platform-server/init/tsconfig-tsec.json b/packages/platform-server/init/tsconfig-tsec.json new file mode 100644 index 0000000000000..1143acd103e31 --- /dev/null +++ b/packages/platform-server/init/tsconfig-tsec.json @@ -0,0 +1,8 @@ +/** For building //packages/platform-server/init. */ +{ + "extends": "../../tsconfig-tsec-base.json", + "include": [ + "*.ts", + "src/**/*.ts" + ] +} diff --git a/packages/platform-server/tsconfig-tsec.json b/packages/platform-server/tsconfig-tsec.json index b231f88e09df1..e375f46b910bb 100644 --- a/packages/platform-server/tsconfig-tsec.json +++ b/packages/platform-server/tsconfig-tsec.json @@ -3,7 +3,6 @@ "extends": "../tsconfig-tsec-base.json", "compilerOptions": { "baseUrl": ".", - "outDir": ".tsec", "paths": { "@angular/core": ["../core"], "@angular/common": ["../common"], @@ -17,17 +16,7 @@ }, "include": [ "*.ts", - "src/**/*.ts" - ], - "references": [ - {"path": "../core/tsconfig-tsec.json"}, - {"path": "../common/tsconfig-tsec.json"}, - {"path": "../common/http/tsconfig-tsec.json"}, - {"path": "../compiler/tsconfig-tsec.json"}, - {"path": "../platform-browser/tsconfig-tsec.json"}, - {"path": "../platform-browser/animations/tsconfig-tsec.json"}, - {"path": "../platform-browser-dynamic/tsconfig-tsec.json"}, - {"path": "../zone.js/lib/tsconfig-tsec.json"}, - {"path": "../animations/browser/tsconfig-tsec.json"} + "src/**/*.ts", + "../zone.js/lib/*.d.ts" ] } diff --git a/packages/tsconfig-tsec-base.json b/packages/tsconfig-tsec-base.json index c774e37bfe36c..27d6d4cfffbf9 100644 --- a/packages/tsconfig-tsec-base.json +++ b/packages/tsconfig-tsec-base.json @@ -3,7 +3,7 @@ "extends": "./tsconfig-build.json", "compilerOptions": { "composite": true, - "emitDeclarationOnly": true, + "noEmit": true, "lib": ["es2017", "dom"], "plugins": [{"name": "tsec", "exemptionConfig": "./tsec-exemption.json"}] } diff --git a/packages/tsconfig-tsec.json b/packages/tsconfig-tsec.json deleted file mode 100644 index dd177800777f5..0000000000000 --- a/packages/tsconfig-tsec.json +++ /dev/null @@ -1,10 +0,0 @@ -/** Main config for building all packages that need to be checked by tsec. */ -{ - "extends": "./tsconfig-tsec-base.json", - "include": [], - "references": [ - {"path": "core/tsconfig-tsec.json"}, - {"path": "platform-browser/tsconfig-tsec.json"}, - {"path": "platform-server/tsconfig-tsec.json"} - ] -} diff --git a/packages/zone.js/lib/tsconfig-tsec.json b/packages/zone.js/lib/tsconfig-tsec.json deleted file mode 100644 index 7596e9c3cfdd2..0000000000000 --- a/packages/zone.js/lib/tsconfig-tsec.json +++ /dev/null @@ -1,9 +0,0 @@ -/* For building //packages/zone.js/lib:zone_d_ts. */ -{ - "extends": "../../tsconfig-tsec-base.json", - "compilerOptions": { - "outFile": ".tsec/zone.d.ts", - "types": ["node"] - }, - "files": ["zone.ts"] -} diff --git a/tools/defaults.bzl b/tools/defaults.bzl index b0549c382a599..c5577c24927c0 100644 --- a/tools/defaults.bzl +++ b/tools/defaults.bzl @@ -12,6 +12,7 @@ load("@npm//typescript:index.bzl", "tsc") load("//packages/bazel:index.bzl", _ng_module = "ng_module", _ng_package = "ng_package") load("@npm//@angular/dev-infra-private/bazel/benchmark/ng_rollup_bundle:ng_rollup_bundle.bzl", _ng_rollup_bundle = "ng_rollup_bundle") load("//tools:ng_benchmark.bzl", _ng_benchmark = "ng_benchmark") +load("//tools:tsec.bzl", _get_forwarded_target_name = "get_forwarded_target_name", _ts_library_forwarded = "ts_library_forwarded") load("@npm//@angular/dev-infra-private/bazel/api-golden:index.bzl", _api_golden_test = "api_golden_test", _api_golden_test_npm_package = "api_golden_test_npm_package") load("@npm//@angular/dev-infra-private/bazel:extract_js_module_output.bzl", "extract_js_module_output") @@ -128,6 +129,16 @@ def ts_library(name, tsconfig = None, testonly = False, deps = [], module_name = **kwargs ) + # Forward `srcs` and `deps` to an implicitly create rule so that + # `tsec_test` can get those arguments from its `target` argument. + _ts_library_forwarded( + name = _get_forwarded_target_name(name), + testonly = True, + srcs = kwargs.get("srcs", []), + deps = deps, + tags = ["tsec"], + ) + # Select the es5 .js output of the ts_library for use in downstream boostrap targets # with `output_group = "es5_sources"`. This exposes an internal detail of ts_library # that is not ideal. @@ -181,6 +192,16 @@ def ng_module(name, tsconfig = None, entry_point = None, testonly = False, deps **kwargs ) + # Forward `srcs` and `deps` to an implicitly create rule so that + # `tsec_test` can get those arguments from its `target` argument. + _ts_library_forwarded( + name = _get_forwarded_target_name(name), + testonly = True, + srcs = kwargs.get("srcs", []), + deps = deps, + tags = ["tsec"], + ) + def ng_package(name, readme_md = None, license_banner = None, deps = [], **kwargs): """Default values for ng_package""" if not readme_md: diff --git a/tools/tsec.bzl b/tools/tsec.bzl new file mode 100644 index 0000000000000..fb72ed1275c4b --- /dev/null +++ b/tools/tsec.bzl @@ -0,0 +1,143 @@ +"""Bazel rules and macros for running tsec over a ng_module or ts_library.""" + +load("@npm//@bazel/typescript/internal:ts_config.bzl", "TsConfigInfo") +load("@build_bazel_rules_nodejs//:providers.bzl", "DeclarationInfo") +load("@npm//tsec:index.bzl", _tsec_test = "tsec_test") + +TsecTsconfigInfo = provider(fields = ["src", "exemption", "deps"]) + +def _tsec_config_impl(ctx): + deps = [] + + # Gather all extended tsconfig files. + if ctx.files.deps: + deps.extend(ctx.files.deps) + + for d in ctx.attr.deps: + # Gather all files from extended ts_config targets. + if TsConfigInfo in d: + deps.extend(d[TsConfigInfo].deps) + + # Gather all files from extended tsec_config targets. + if TsecTsconfigInfo in d: + deps.append(d[TsecTsconfigInfo].src) + if d[TsecTsconfigInfo].exemption: + deps.append(d[TsecTsconfigInfo].exemption) + deps.extend(d[TsecTsconfigInfo].deps) + src = ctx.file.src + return [ + # We need $(rootpath tsec_config_target) to get the path + # of the top-level config file as the argument for tsec + # binary. Only `src` should be stored in the DefaultInfo + # provider. + DefaultInfo(files = depset([src])), + TsecTsconfigInfo( + src = src, + exemption = ctx.file.exemption, + deps = deps, + ), + ] + +tsec_config = rule( + implementation = _tsec_config_impl, + attrs = { + "src": attr.label( + mandatory = True, + allow_single_file = [".json"], + doc = """The single tsconfig used for running tsec.""", + ), + "deps": attr.label_list( + allow_files = [".json"], + doc = """Any configs extended by `src`.""", + ), + "exemption": attr.label( + allow_single_file = [".json"], + doc = """The exemption list used by `src`.""", + ), + }, + doc = """Compute all transitive dependencies of a tsec_test config. """, +) + +TsLibInfo = provider(fields = ["srcs", "deps"]) + +def _ts_library_forwarded_impl(ctx): + """Forward `srcs` and `deps` of `ts_library` and `ng_module` macros to `_tsec_test`.""" + return [TsLibInfo(srcs = ctx.attr.srcs, deps = ctx.attr.deps)] + +ts_library_forwarded = rule( + implementation = _ts_library_forwarded_impl, + attrs = { + "srcs": attr.label_list(allow_files = [".ts", ".tsx"]), + "deps": attr.label_list(), + }, + doc = """A rule-in-the-middle to forward `srcs` and `deps` to _src_and_deps, to avoid repeating these arguments in tsec_test. + +Should only be used by the `ts_library` and `ng_module` macros in tools/default.bzel.""", +) + +def get_forwarded_target_name(name): + return "%s_forwarded" % name + +def _all_transitive_deps_impl(ctx): + files = [] + + if TsecTsconfigInfo not in ctx.attr.tsconfig: + fail("`tsconfig` must be a tsec_config target") + + tsec_tsconfig_info = ctx.attr.tsconfig[TsecTsconfigInfo] + files.append(tsec_tsconfig_info.src) + if tsec_tsconfig_info.exemption: + files.append(tsec_tsconfig_info.exemption) + files.extend(tsec_tsconfig_info.deps) + + if TsLibInfo not in ctx.attr.forwarded_ts_target: + fail("`target` must be a ts_library_forwarded target") + + ts_target_info = ctx.attr.forwarded_ts_target[TsLibInfo] + for s in ts_target_info.srcs: + if hasattr(s, "files"): + files.extend(s.files.to_list()) + + for d in ts_target_info.deps: + if DeclarationInfo in d: + files.extend(d[DeclarationInfo].transitive_declarations.to_list()) + if hasattr(d, "files"): + files.extend(d.files.to_list()) + + return [DefaultInfo(files = depset(files))] + +_all_transitive_deps = rule( + implementation = _all_transitive_deps_impl, + attrs = { + "tsconfig": attr.label(), + "forwarded_ts_target": attr.label(), + }, + doc = """Expand all transitive dependencies needed to run `_tsec_test`.""", +) + +def tsec_test(name, target, tsconfig): + """Run tsec over a ts_library or ng_module target to check its compatibility with Trusted Types. + + This rule DOES NOT check transitive dependencies. + + Args: + name: name of the tsec test + target: the ts_library or ng_module target to be checked + tsconfig: the tsec_config target used for configuring tsec + """ + all_transitive_deps_name = "%s_all_transitive_deps" % name + + _all_transitive_deps( + name = all_transitive_deps_name, + testonly = True, + tsconfig = tsconfig, + forwarded_ts_target = get_forwarded_target_name(target), + tags = ["tsec"], + ) + + _tsec_test( + name = name, + data = [tsconfig, all_transitive_deps_name], + tags = ["tsec"], + templated_args = ["-p", "$(rootpath %s)" % tsconfig], + ) diff --git a/yarn.lock b/yarn.lock index 0115cd689818d..d58705a6b1651 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13270,10 +13270,10 @@ ts-node@^10.0.0: make-error "^1.1.1" yn "3.1.1" -tsec@0.1.7: - version "0.1.7" - resolved "https://registry.yarnpkg.com/tsec/-/tsec-0.1.7.tgz#db217a1c7a47e2c0bca07aa9cd7ae28863343b22" - integrity sha512-hS8VPL8RX1jPvF8dPNvgZe9j0zE7L8Lj9pPuBYDoYaXDhGtXSfCY1Qn0vKTl7TaohXnnlnvlaNtvlMjubnX0CA== +tsec@0.1.8: + version "0.1.8" + resolved "https://registry.yarnpkg.com/tsec/-/tsec-0.1.8.tgz#010d0c020d94b7e984e4511f0dd3bafb271a49f3" + integrity sha512-flbk1R6DC/ef+ZyBMjSALVh04hHDLRtUehUjpxP+gpShqF6IOVbK1XsjxV/7Sus/eH8svjPyOgI+WvlGIbxCMg== dependencies: glob "^7.1.1" minimatch "^3.0.3"