build: Turn tsec checks into bazel tests. (#43108)

Introduce two new bazel rules: tsec_test and tsec_config, for describing the tsec checks and the tsconfig file needed for such checks, respectively. Currently, tsec_test only checks the srcs of a ts_library or ng_module. It does not check direct or transitive dependencies. Also, tsconfig files need to be manually maintained to make sure tsec can read all necessary input (including global symbols). PR Close #43108
angular · Sep 13, 2021 · d12d068 · d12d068
1 parent 509031c
commit d12d068
Show file tree

Hide file tree

Showing 36 changed files with 376 additions and 168 deletions.
diff --git a/.gitignore b/.gitignore
@@ -52,6 +52,3 @@ baseline.json
 
 # Husky
 .husky/_
-
-# tsec
-.tsec
diff --git a/.pullapprove.yml b/.pullapprove.yml
@@ -731,10 +731,10 @@ groups:
           'packages/core/test/linker/security_integration_spec.ts',
           'packages/compiler/src/schema/**',
           'packages/platform-browser/src/security/**',
-          'packages/tsconfig-tsec.json',
           'packages/tsconfig-tsec-base.json',
           'packages/**/tsconfig-tsec.json',
-          'packages/tsec-exemption.json'
+          'packages/tsec-exemption.json',
+          'tools/tsec.bzl',
           'aio/content/guide/security.md',
           'aio/content/examples/security/**',
           'aio/content/images/guide/security/**',

diff --git a/package.json b/package.json
@@ -26,6 +26,7 @@
     "prepare": "husky install",
     "test-ivy-aot": "bazelisk test --config=ivy --build_tag_filters=-no-ivy-aot,-fixme-ivy-aot --test_tag_filters=-no-ivy-aot,-fixme-ivy-aot",
     "test-non-ivy": "bazelisk test --build_tag_filters=-ivy-only --test_tag_filters=-ivy-only",
+    "test-tsec": "bazelisk test //... --build_tag_filters=tsec --test_tag_filters=tsec",
     "test-fixme-ivy-aot": "bazelisk test --config=ivy --build_tag_filters=-no-ivy-aot --test_tag_filters=-no-ivy-aot",
     "list-fixme-ivy-targets": "bazelisk query --output=label 'attr(\"tags\", \"\\[.*fixme-ivy.*\\]\", //...) except kind(\"sh_binary\", //...) except kind(\"devmode_js_sources\", //...)' | sort",
     "lint": "yarn -s tslint && yarn -s ng-dev format changed --check",
@@ -36,8 +37,7 @@
     "symbol-extractor:update": "node tools/symbol-extractor/run_all_symbols_extractor_tests.js accept",
     "ts-circular-deps:check": "yarn -s ng-dev ts-circular-deps check --config ./packages/circular-deps-test.conf.js",
     "ts-circular-deps:approve": "yarn -s ng-dev ts-circular-deps approve --config ./packages/circular-deps-test.conf.js",
-    "check-tooling-setup": "yarn tsc --project .ng-dev/tsconfig.json",
-    "tsec:packages": "yarn tsec -b packages/tsconfig-tsec.json"
+    "check-tooling-setup": "yarn tsc --project .ng-dev/tsconfig.json"
   },
   "// 1": "dependencies are used locally and by bazel",
   "dependencies": {
@@ -181,7 +181,7 @@
     "sauce-connect": "https://saucelabs.com/downloads/sc-4.6.2-linux.tar.gz",
     "semver": "^7.3.5",
     "ts-node": "^10.0.0",
-    "tsec": "0.1.7",
+    "tsec": "0.1.8",
     "tslint-eslint-rules": "5.4.0",
     "tslint-no-toplevel-property-access": "0.0.2",
     "typed-graphqlify": "^3.1.1",

diff --git a/packages/BUILD.bazel b/packages/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ts_config", "ts_library")
+load("//tools:tsec.bzl", "tsec_config")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -22,6 +23,13 @@ ts_config(
     deps = [":tsconfig-build.json"],
 )
 
+tsec_config(
+    name = "tsec_config",
+    src = "tsconfig-tsec-base.json",
+    exemption = ":tsec-exemption.json",
+    deps = [":tsconfig-build.json"],
+)
+
 exports_files([
     "license-banner.txt",
     "README.md",

diff --git a/packages/animations/browser/tsconfig-tsec.json b/packages/animations/browser/tsconfig-tsec.json
diff --git a/packages/animations/tsconfig-tsec.json b/packages/animations/tsconfig-tsec.json
diff --git a/packages/common/http/tsconfig-tsec.json b/packages/common/http/tsconfig-tsec.json
diff --git a/packages/common/tsconfig-tsec.json b/packages/common/tsconfig-tsec.json
diff --git a/packages/compiler/BUILD.bazel b/packages/compiler/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ng_package", "ts_library")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -12,6 +13,18 @@ ts_library(
     ),
 )
 
+tsec_config(
+    name = "tsec_config",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "compiler",
+    tsconfig = "tsec_config",
+)
+
 ng_package(
     name = "npm_package",
     srcs = [

diff --git a/packages/core/BUILD.bazel b/packages/core/BUILD.bazel
@@ -1,5 +1,6 @@
 load("@build_bazel_rules_nodejs//:index.bzl", "generated_file_test")
 load("//tools:defaults.bzl", "api_golden_test", "api_golden_test_npm_package", "ng_module", "ng_package")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 load("//packages/common/locales:index.bzl", "generate_base_locale_file")
 
 package(default_visibility = ["//visibility:public"])
@@ -34,12 +35,23 @@ ng_module(
         "//packages/core/src/interface",
         "//packages/core/src/reflection",
         "//packages/core/src/util",
-        "//packages/localize",
         "//packages/zone.js/lib:zone_d_ts",
         "@npm//rxjs",
     ],
 )
 
+tsec_config(
+    name = "tsconfig-tsec",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "core",
+    tsconfig = "tsconfig-tsec",
+)
+
 ng_package(
     name = "npm_package",
     srcs = [

diff --git a/packages/core/src/compiler/BUILD.bazel b/packages/core/src/compiler/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ts_library")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 
 package(default_visibility = [
     "//packages/compiler/test:__pkg__",
@@ -17,3 +18,15 @@ ts_library(
         "//packages/core/src/util",
     ],
 )
+
+tsec_config(
+    name = "tsec_config",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "compiler",
+    tsconfig = "tsec_config",
+)
diff --git a/packages/core/src/compiler/tsconfig-tsec.json b/packages/core/src/compiler/tsconfig-tsec.json
@@ -0,0 +1,8 @@
+/** For building //packages/core/src/compiler. */
+{
+  "extends": "../../../tsconfig-tsec-base.json",
+  "include": [
+    "**/*.ts",
+    "../util/ng_dev_mode.d.ts"
+  ]
+}
diff --git a/packages/core/src/di/interface/BUILD.bazel b/packages/core/src/di/interface/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ts_library")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 
 package(default_visibility = [
     "//packages/core:__subpackages__",
@@ -18,3 +19,15 @@ ts_library(
         "@npm//rxjs",
     ],
 )
+
+tsec_config(
+    name = "tsec_config",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "interface",
+    tsconfig = "tsec_config",
+)
diff --git a/packages/core/src/di/interface/tsconfig-tsec.json b/packages/core/src/di/interface/tsconfig-tsec.json
@@ -0,0 +1,7 @@
+/** For building //packages/core/src/di/interface. */
+{
+  "extends": "../../../../tsconfig-tsec-base.json",
+  "include": [
+    "**/*.ts"
+  ]
+}
diff --git a/packages/core/src/interface/BUILD.bazel b/packages/core/src/interface/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ts_library")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 
 package(default_visibility = [
     "//packages/core:__subpackages__",
@@ -13,3 +14,15 @@ ts_library(
         ],
     ),
 )
+
+tsec_config(
+    name = "tsec_config",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "interface",
+    tsconfig = "tsec_config",
+)
diff --git a/packages/core/src/interface/tsconfig-tsec.json b/packages/core/src/interface/tsconfig-tsec.json
@@ -0,0 +1,7 @@
+/** For building //packages/core/src/inteface. */
+{
+  "extends": "../../../tsconfig-tsec-base.json",
+  "include": [
+    "*.ts"
+  ]
+}
diff --git a/packages/core/src/reflection/BUILD.bazel b/packages/core/src/reflection/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ts_library")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 
 package(default_visibility = [
     "//packages/core:__subpackages__",
@@ -17,3 +18,15 @@ ts_library(
         "//packages/core/src/util",
     ],
 )
+
+tsec_config(
+    name = "tsec_config",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "reflection",
+    tsconfig = "tsec_config",
+)
diff --git a/packages/core/src/reflection/tsconfig-tsec.json b/packages/core/src/reflection/tsconfig-tsec.json
@@ -0,0 +1,7 @@
+/** For building //packages/core/src/reflection. */
+{
+  "extends": "../../../tsconfig-tsec-base.json",
+  "include": [
+    "**/*.ts"
+  ]
+}
diff --git a/packages/core/src/util/BUILD.bazel b/packages/core/src/util/BUILD.bazel
@@ -1,4 +1,5 @@
 load("//tools:defaults.bzl", "ts_library")
+load("//tools:tsec.bzl", "tsec_config", "tsec_test")
 
 package(default_visibility = [
     "//packages/core:__subpackages__",
@@ -15,6 +16,19 @@ ts_library(
     deps = [
         "//packages:types",
         "//packages/core/src/interface",
+        "//packages/zone.js/lib:zone_d_ts",
         "@npm//rxjs",
     ],
 )
+
+tsec_config(
+    name = "tsec_config",
+    src = ":tsconfig-tsec.json",
+    deps = ["//packages:tsec_config"],
+)
+
+tsec_test(
+    name = "tsec_test",
+    target = "util",
+    tsconfig = "tsec_config",
+)
diff --git a/packages/core/src/util/tsconfig-tsec.json b/packages/core/src/util/tsconfig-tsec.json
@@ -0,0 +1,9 @@
+/** For building //packages/core/src/util. */
+{
+  "extends": "../../../tsconfig-tsec-base.json",
+  "include": [
+    "**/*.ts",
+    "../../../*.d.ts",
+    "../../../zone.js/lib/zone.d.ts"
+  ]
+}
diff --git a/packages/core/tsconfig-tsec.json b/packages/core/tsconfig-tsec.json
@@ -1,15 +1,10 @@
 /** For building //packages/core. */
 {
   "extends": "../tsconfig-tsec-base.json",
-  "compilerOptions": {
-    "outDir": ".tsec"
-  },
   "include": [
     "*.ts",
     "src/**/*.ts",
-    "../*.d.ts"
-  ],
-  "references": [
-    {"path": "../zone.js/lib/tsconfig-tsec.json"}
+    "../*.d.ts",
+    "../zone.js/lib/zone.d.ts"
   ]
 }