build.gradle
author Jed Davis <jld@mozilla.com>
Wed, 27 Feb 2019 20:14:54 +0000
changeset 519405 493b443954fe15f7b542ba14671f25e5f8531dff
parent 517986 fa8d440c53823bc18834429c8978814d984e5fe2
child 520281 4e5d97c935151d28d1e06943133951918ac28568
permissions -rw-r--r--
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against https://demo.bitmovin.com/public/firefox/av1/ with the necessary prefs set. Depends on D20895 Differential Revision: https://phabricator.services.mozilla.com/D14525

def tryInt = { string ->
    if (string == null) {
        return string
    }
    if (string.isInteger()) {
        return string as Integer
    }
    return string
}

allprojects {
    // Expose the per-object-directory configuration to all projects.
    ext {
        mozconfig = gradle.mozconfig
        topsrcdir = gradle.mozconfig.topsrcdir
        topobjdir = gradle.mozconfig.topobjdir

        compileSdkVersion = 28
        targetSdkVersion = tryInt(mozconfig.substs.ANDROID_TARGET_SDK)
        minSdkVersion = tryInt(mozconfig.substs.MOZ_ANDROID_MIN_SDK_VERSION)
        manifestPlaceholders = [
            ANDROID_PACKAGE_NAME: mozconfig.substs.ANDROID_PACKAGE_NAME,
            ANDROID_TARGET_SDK: mozconfig.substs.ANDROID_TARGET_SDK,
            MOZ_ANDROID_MIN_SDK_VERSION: mozconfig.substs.MOZ_ANDROID_MIN_SDK_VERSION,
            MOZ_ANDROID_SHARED_ID: "${mozconfig.substs.ANDROID_PACKAGE_NAME}.sharedID",
        ]
    }

    repositories {
        gradle.mozconfig.substs.GRADLE_MAVEN_REPOSITORIES.each { repository ->
            maven {
                url repository
            }
        }
    }

    task downloadDependencies() {
        description 'Download all dependencies to the Gradle cache'
        doLast {
            configurations.each { configuration ->
                if (configuration.canBeResolved) {
                    configuration.allDependencies.each { dependency ->
                        try {
                            configuration.files(dependency)
                        } catch(e) {
                            println("Could not resolve ${configuration.name} -> ${dependency.name}")
                            println(" > ${e.message}")
                            if (e.cause) {
                                println(" >> ${e.cause}")
                                if (e.cause.cause) {
                                    println(" >> ${e.cause.cause}")
                                }
                            }
                            println("")
                        }
                    }
                }
            }
        }
    }
}

buildDir "${topobjdir}/gradle/build"

buildscript {
    repositories {
        gradle.mozconfig.substs.GRADLE_MAVEN_REPOSITORIES.each { repository ->
            maven {
                url repository
            }
        }
    }

    ext.kotlin_version = '1.2.41'
    ext.support_library_version = '26.1.0'
    ext.jacoco_version = '0.8.1'

    if (gradle.mozconfig.substs.MOZ_ANDROID_GOOGLE_PLAY_SERVICES) {
        ext.google_play_services_version = '15.0.1'
        ext.google_play_services_cast_version = '16.0.0'
    }

    dependencies {
        classpath 'org.mozilla.apilint:apilint:0.1.7'
        classpath 'com.android.tools.build:gradle:3.1.4'
        classpath 'com.getkeepsafe.dexcount:dexcount-gradle-plugin:0.8.2'
        classpath 'org.apache.commons:commons-exec:1.3'
        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
    }
}

// A stream that processes bytes line by line, prepending a tag before sending
// each line to Gradle's logging.
class TaggedLogOutputStream extends org.apache.commons.exec.LogOutputStream {
    String tag
    Logger logger

    TaggedLogOutputStream(tag, logger) {
        this.tag = tag
        this.logger = logger
    }

    void processLine(String line, int level) {
        logger.lifecycle("${this.tag} ${line}")
    }
}

ext.geckoBinariesOnlyIf = { task ->
    // Never for official builds.
    if (mozconfig.substs.MOZILLA_OFFICIAL) {
        rootProject.logger.lifecycle("Skipping task ${task.path} because: MOZILLA_OFFICIAL")
        return false
    }

    // Multi-l10n builds set `AB_CD=multi`, which isn't a valid locale.  This
    // causes the
    //
    // |mach build| > |mach gradle| >
    // |mach build mobile/android/base/generated_android_code_and_resources| >
    // AndroidManifest.xml > strings.xml > multi/brand.dtd
    //
    // dependency chain to fail, since multi isn't a real locale.  To avoid
    // this, if Gradle is invoked with AB_CD=multi, we don't invoke Make at all.
    if ('multi' == System.env.AB_CD) {
        rootProject.logger.lifecycle("Skipping task ${task.path} because: AB_CD=multi")
        return false
    }

    // Single-locale l10n repacks set `IS_LANGUAGE_REPACK=1` and handle resource
    // and code generation themselves.
    if ('1' == System.env.IS_LANGUAGE_REPACK) {
        rootProject.logger.lifecycle("Skipping task ${task.path} because: IS_LANGUAGE_REPACK")
        return false
    }

    rootProject.logger.lifecycle("Executing task ${task.path}")
    return true
}

task machBuildGeneratedAndroidCodeAndResources(type: Exec) {
    onlyIf rootProject.ext.geckoBinariesOnlyIf

    workingDir "${topsrcdir}"

    commandLine mozconfig.substs.PYTHON
    args "${topsrcdir}/mach"
    args 'build'
    args 'mobile/android/base/generated_android_code_and_resources'

    // Add `-v` if we're running under `--info` (or `--debug`).
    if (project.logger.isEnabled(LogLevel.INFO)) {
        args '-v'
    }

    // `path` is like `:machBuildGeneratedAndroidCodeAndResources`.
    standardOutput = new TaggedLogOutputStream("${path}>", logger)
    errorOutput = standardOutput
}

// Why |mach build mobile/android/base/...| and |mach build faster|?  |mach
// build faster| generates dependentlibs.list, which in turn depends on compiled
// code.  That causes a circular dependency between Java compilation/JNI wrapper
// generation/native code compilation.  So we have the special target for
// Android-specific generated code, and the |mach build faster| target for all
// the stuff that goes into the omnijar.
task machBuildFaster(type: Exec) {
    onlyIf rootProject.ext.geckoBinariesOnlyIf

    workingDir "${topsrcdir}"

    commandLine mozconfig.substs.PYTHON
    args "${topsrcdir}/mach"
    args 'build'
    args 'faster'

    // Add `-v` if we're running under `--info` (or `--debug`).
    if (project.logger.isEnabled(LogLevel.INFO)) {
        args '-v'
    }

    // `path` is like `:machBuildFaster`.
    standardOutput = new TaggedLogOutputStream("${path}>", logger)
    errorOutput = standardOutput
}

def createMachStagePackageTask(name) {
    return task(name, type: Exec) {
        onlyIf rootProject.ext.geckoBinariesOnlyIf

        dependsOn rootProject.machBuildFaster

        // We'd prefer to take these from the :omnijar project directly, but
        // it's awkward to reach across projects at evaluation time, so we
        // duplicate the list here.
        inputs.dir "${topsrcdir}/mobile/android/chrome"
        inputs.dir "${topsrcdir}/mobile/android/components"
        inputs.dir "${topsrcdir}/mobile/android/locales"
        inputs.dir "${topsrcdir}/mobile/android/modules"
        inputs.dir "${topsrcdir}/mobile/android/themes"
        inputs.dir "${topsrcdir}/toolkit"

        workingDir "${topobjdir}"

        // We'd prefer this to be a `mach` invocation, but `mach build
        // mobile/android/installer/stage-package` doesn't work as expected.
        commandLine mozconfig.substs.GMAKE
        args '-C'
        args "${topobjdir}/mobile/android/installer"
        args 'stage-package'

        outputs.file "${topobjdir}/dist/fennec/assets/${mozconfig.substs.ANDROID_CPU_ARCH}/libxul.so"
        outputs.file "${topobjdir}/dist/fennec/lib/${mozconfig.substs.ANDROID_CPU_ARCH}/libmozglue.so"

        // `path` is like `:machStagePackage`.
        standardOutput = new TaggedLogOutputStream("${path}>", logger)
        errorOutput = standardOutput
    }
}

createMachStagePackageTask("machStagePackageForFennec").with {
    outputs.file "${topobjdir}/dist/fennec/assets/omni.ja"
}

createMachStagePackageTask("machStagePackageForGeckoview").with {
    args 'MOZ_GECKOVIEW_JAR=1'
    outputs.file "${topobjdir}/dist/geckoview/assets/omni.ja"
    // Avoid races between stage-package invocations.
    mustRunAfter tasks["machStagePackageForFennec"]
}

afterEvaluate {
    subprojects { project ->
        if (project.name != 'thirdparty') {
            tasks.withType(JavaCompile) {
                // Add compiler args for all code except third-party code.
                options.compilerArgs += [
                    // Turn on all warnings, except...
                    "-Xlint:all",
                    // Deprecation, because we do use deprecated API for compatibility.
                    "-Xlint:-deprecation",
                    // Serial, because we don't use Java serialization.
                    "-Xlint:-serial",
                    // Classfile, because javac has a bug with MethodParameters attributes
                    // with Java 7. https://bugs.openjdk.java.net/browse/JDK-8190452
                    "-Xlint:-classfile",
                    // Turn all remaining warnings into errors,
                    // unless marked by @SuppressWarnings.
                    "-Werror"]
            }
            if (project.name == 'app') {
                tasks.withType(JavaCompile) {
                    // Turn off classfile warnings because upon updating to play services 15.0.0
                    // a warning is being thrown from play-services-base which fails the build
                    // (com/google/android/gms/common/api/GoogleApiClient.class):
                    // warning: Cannot find annotation method 'value()' in type 'GuardedBy':
                    // class file for javax.annotation.concurrent.GuardedBy not found
                    options.compilerArgs += ["-Xlint:-classfile"]
                }
            }
        }

        if (!hasProperty('android')) {
            return
        }
        android.applicationVariants.all {
            preBuild.dependsOn rootProject.machBuildGeneratedAndroidCodeAndResources
        }
        android.libraryVariants.all {
            preBuild.dependsOn rootProject.machBuildGeneratedAndroidCodeAndResources
        }
    }
}

apply plugin: 'idea'

idea {
    project {
        languageLevel = '1.8'
    }

    module {
        // Object directories take a huge amount of time for IntelliJ to index.
        // Exclude them.  Convention is that object directories start with obj.
        // IntelliJ is clever and will not exclude the parts of the object
        // directory that are referenced, if there are any.  In practice,
        // indexing the entirety of the tree is taking too long, so exclude all
        // but mobile/.
        def topsrcdirURI = file(topsrcdir).toURI()
        excludeDirs += files(file(topsrcdir)
            .listFiles({it.isDirectory()} as FileFilter)
            .collect({topsrcdirURI.relativize(it.toURI()).toString()}) // Relative paths.
            .findAll({!it.equals('mobile/')}))

        // If topobjdir is below topsrcdir, hide only some portions of that tree.
        def topobjdirURI = file(topobjdir).toURI()
        if (!topsrcdirURI.relativize(topobjdirURI).isAbsolute()) {
            excludeDirs -= file(topobjdir)
            excludeDirs += files(file(topobjdir).listFiles())
            excludeDirs -= file("${topobjdir}/gradle")
        }

        if (!mozconfig.substs.MOZ_INSTALL_TRACKING) {
            excludeDirs += file("${topsrcdir}/mobile/android/thirdparty/com/adjust")
        }
    }
}

task wrapper(type: Wrapper) {
}