From 1c801e7223bd76b95771c390ba889bd2bfad6438 Mon Sep 17 00:00:00 2001
From: Brandon Simmons <brandon@hasura.io>
Date: Thu, 18 Jan 2024 16:04:27 -0500
Subject: [PATCH] =?UTF-8?q?scripts:=20add=20script=20for=20searching=20sou?=
 =?UTF-8?q?rce=20of=20all=20haskell=20transitive=20de=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

…pendencies

Created in the process of hunting down a bug

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10613
GitOrigin-RevId: 7b44e7234c6b7be9ed7926a14c1cf9aa5f3c48e1
---
 ...kell-transitive-dependency-import-audit.sh | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100755 scripts/haskell-transitive-dependency-import-audit.sh

diff --git a/scripts/haskell-transitive-dependency-import-audit.sh b/scripts/haskell-transitive-dependency-import-audit.sh
new file mode 100755
index 00000000000..24089719367
--- /dev/null
+++ b/scripts/haskell-transitive-dependency-import-audit.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+shopt -s globstar
+
+## This tries to audit our transitive dependencies for occurrences of
+## problematic imports or function names.  very basic for now, can be 
+## extended. For now depends on ripgrep.
+if [ -z "$1" ]; then
+    echo "pass search string as first argument"
+    exit 1
+fi
+
+REPO_TOPLEVEL=$(git rev-parse --show-toplevel)
+FREEZE_FILE="$REPO_TOPLEVEL/cabal.project.freeze"
+
+if [ ! -f "$FREEZE_FILE" ]; then
+    echo "Freeze file not found"
+    exit 1
+fi
+
+# Temp dir in RAM so we don't thrash SSD
+TEMP_DIR=$(mktemp -d /dev/shm/hasura_dep_audit.XXXXXX)
+function cleanup {
+    rmdir "$TEMP_DIR" || echo "$TEMP_DIR was not empty and could not be removed so it probably contains matching libraries you'll want to check out by hand"
+}
+trap cleanup EXIT
+
+# Read the freeze file and extract package names and versions
+rg '^.* any\.([^ ]*) ==([^,]*),?' -r '$1-$2' "$FREEZE_FILE" | while read -r pkg_identifier; do
+    # Download the package
+    cabal get -d "$TEMP_DIR" "$pkg_identifier" >/dev/null || echo "   continuing anyway..."
+
+    if rg -q "$1" -ths "${TEMP_DIR:?}/$pkg_identifier"; then
+        echo
+        echo "Occurrence in $pkg_identifier"
+    else
+        echo -n .
+        # Clean up if nothing to see
+        rm -rf "${TEMP_DIR:?}/$pkg_identifier"
+    fi
+done
+