From f0464b9e72e0ea4dca94a46f8e0f05a285955c44 Mon Sep 17 00:00:00 2001
From: Michael Comella <michael.l.comella@gmail.com>
Date: Wed, 15 Apr 2020 10:54:36 -0700
Subject: [PATCH] For #9644: restrict deps to specific repositories (#9649)

* For #9644: remove unnecessary leanplum maven repository.

The docs say it is [1] "only needed for Android SDK versions below 4.3.0".
That is API 18 and our min SDK is 21.

[1]: https://docs.leanplum.com/reference#android-setup

* For #9644: move buildscript block from :app to root project.

This will reduce the amount of duplication we need in specifying
restricted dependencies and centralize repository definitions. Since
we're a one project app, it shouldn't have a significant impact on
performance.

* For #9644: restrict dependencies following FFTV config.

However, there is a resolution error to be fixed in the next commit.

This is verbatim from FFTV except I removed the no-op "improve security
if code is refactored incorrectly" lines: these lines rarely changed and
I'm not that concerned. It might be better to simplify the
configuration.

Source:
  https://github.com/mozilla-mobile/firefox-tv/blob/62a2fa680c49beae271b55981d7afecc67d2aa21/buildSrc/src/main/java/org/mozilla/gradle/Dependencies.kt#L7
  https://github.com/mozilla-mobile/firefox-tv/blob/62a2fa680c49beae271b55981d7afecc67d2aa21/build.gradle#L31

* For #9644: restrict firebase deps to google repo.

This fixes the resolution error from the previous PR.
---
 app/build.gradle                       | 16 ------
 build.gradle                           | 71 +++++++++++++++++++++++---
 buildSrc/src/main/java/Dependencies.kt | 22 ++++++++
 3 files changed, 87 insertions(+), 22 deletions(-)

diff --git a/app/build.gradle b/app/build.gradle
index 44f821837..a99c75538 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -1,19 +1,3 @@
-// Allow installing Gradle plugins from the Mozilla Maven repositories
-buildscript {
-    repositories {
-        maven {
-            url "https://nightly.maven.mozilla.org/maven2"
-        }
-        maven {
-            url "https://maven.mozilla.org/maven2"
-        }
-
-        dependencies {
-            classpath "org.mozilla.components:tooling-glean-gradle:${Versions.mozilla_android_components}"
-        }
-    }
-}
-
 plugins {
     id "com.jetbrains.python.envs" version "0.0.26"
 }
diff --git a/build.gradle b/build.gradle
index 045a19b36..be0fcc461 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,10 +1,43 @@
 // Top-level build file where you can add configuration options common to all sub-projects/modules.
 
 buildscript {
+    // This logic is duplicated in the allprojects block: I don't know how to fix that.
     repositories {
-        google()
-        jcenter()
+        maven {
+            url "https://nightly.maven.mozilla.org/maven2"
+            content {
+                // Improve performance: only check moz maven for mozilla deps.
+                includeGroupByRegex RepoMatching.mozilla
+            }
+        }
+        maven {
+            url "https://maven.mozilla.org/maven2"
+            content {
+                // Improve performance: only check moz maven for mozilla deps.
+                includeGroupByRegex RepoMatching.mozilla
+            }
+        }
+        google() {
+            content {
+                // Improve performance: only check google maven for mozilla deps.
+                includeGroupByRegex RepoMatching.androidx
+                includeGroupByRegex RepoMatching.comGoogleAndroid
+                includeGroupByRegex RepoMatching.comGoogleFirebase
+                includeGroupByRegex RepoMatching.comAndroid
+            }
+        }
+        jcenter() {
+            content {
+                // Improve security: don't search deps with known repos.
+                excludeGroupByRegex RepoMatching.mozilla
+                excludeGroupByRegex RepoMatching.androidx
+                excludeGroupByRegex RepoMatching.comGoogleAndroid
+                excludeGroupByRegex RepoMatching.comGoogleFirebase
+                excludeGroupByRegex RepoMatching.comAndroid
+            }
+        }
     }
+
     dependencies {
         classpath Deps.tools_androidgradle
         classpath Deps.tools_kotlingradle
@@ -12,6 +45,8 @@ buildscript {
         classpath Deps.allopen
         classpath Deps.osslicenses_plugin
 
+        classpath "org.mozilla.components:tooling-glean-gradle:${Versions.mozilla_android_components}"
+
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
     }
@@ -22,19 +57,43 @@ plugins {
 }
 
 allprojects {
+    // This logic is duplicated in the buildscript block: I don't know how to fix that.
     repositories {
-        google()
         maven {
             url "https://nightly.maven.mozilla.org/maven2"
+            content {
+                // Improve performance: only check moz maven for mozilla deps.
+                includeGroupByRegex RepoMatching.mozilla
+            }
         }
         maven {
             url "https://maven.mozilla.org/maven2"
+            content {
+                // Improve performance: only check moz maven for mozilla deps.
+                includeGroupByRegex RepoMatching.mozilla
+            }
         }
-        maven {
-            url "https://repo.leanplum.com/"
+        google() {
+            content {
+                // Improve performance: only check google maven for google deps.
+                includeGroupByRegex RepoMatching.androidx
+                includeGroupByRegex RepoMatching.comGoogleAndroid
+                includeGroupByRegex RepoMatching.comGoogleFirebase
+                includeGroupByRegex RepoMatching.comAndroid
+            }
+        }
+        jcenter() {
+            content {
+                // Improve security: don't search deps with known repos.
+                excludeGroupByRegex RepoMatching.mozilla
+                excludeGroupByRegex RepoMatching.androidx
+                excludeGroupByRegex RepoMatching.comGoogleAndroid
+                excludeGroupByRegex RepoMatching.comGoogleFirebase
+                excludeGroupByRegex RepoMatching.comAndroid
+            }
         }
-        jcenter()
     }
+
     tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).all {
         kotlinOptions.jvmTarget = "1.8"
         kotlinOptions.allWarningsAsErrors = true
diff --git a/buildSrc/src/main/java/Dependencies.kt b/buildSrc/src/main/java/Dependencies.kt
index 627f3aa94..d869c8203 100644
--- a/buildSrc/src/main/java/Dependencies.kt
+++ b/buildSrc/src/main/java/Dependencies.kt
@@ -213,3 +213,25 @@ object Deps {
     const val junitParams = "org.junit.jupiter:junit-jupiter-params:${Versions.junit}"
     const val junitEngine = "org.junit.jupiter:junit-jupiter-engine:${Versions.junit}"
 }
+
+/**
+ * Functionality to limit specific dependencies to specific repositories. These are typically expected to be used by
+ * dependency group name (i.e. with `include/excludeGroup`). For additional info, see:
+ * https://docs.gradle.org/current/userguide/declaring_repositories.html#sec::matching_repositories_to_dependencies
+ *
+ * Note: I wanted to nest this in Deps but for some reason gradle can't find it so it's top-level now. :|
+ */
+object RepoMatching {
+    const val mozilla = "org\\.mozilla\\..*"
+    const val androidx = "androidx\\..*"
+    const val comAndroid = "com\\.android\\..*"
+    const val comGoogleFirebase = "com\\.google\\.firebase"
+
+    /**
+     * A matcher for com.google.android.* with one exception: the espresso-contrib dependency includes the
+     * accessibility-test-framework dependency, which is not available in the google repo. As such, we must
+     * explicitly exclude it from this regex so it can be found on jcenter. Note that the transitive dependency
+     * com.google.guava is also not available on google's repo.
+     */
+    const val comGoogleAndroid = "com\\.google\\.android\\.(?!apps\\.common\\.testing\\.accessibility\\.framework).*"
+}