[TRTLLM-9228][infra] Verify thirdparty C++ process

cheshirekow · cheshirekow · commit 4f07f75ac89b · 2025-11-24T10:09:15.000-08:00
This change adds two tests to help ensure that thirdparty C++ code is
integrated according to the process descripted in
3rdparty/cpp-thirdparty.md. The desired process requires folks to use
FetchContent_Declare in 3rdparty/CMakeLists.txt. The two tests added
here search the following deviations of the desired process:

1. uses of FetchContent_Declare or ExternalProject_Add outside of
   3rdparty/CMakeLists.txt
2. new git-submodules added to the repo

Both scripts have the ability to allow-list exemptions if there are any
cases in the future where a deviation is warranted. The scripts live in
3rdparty/* where CODEOWNERS ensures that process reviewers will be
required on any new exemptions added to the allowlists.

Signed-off-by: Josh Bialkowski &lt;1309820+cheshirekow@users.noreply.github.com&gt;
diff --git a/3rdparty/test_cmake_third_party.py b/3rdparty/test_cmake_third_party.py
@@ -0,0 +1,166 @@
+"""
+This script searches for cmake function invocations that might indicate
+the addition of new third-party dependencies outside of the intended
+process (3rdparty/README.md).
+"""
+
+import argparse
+import collections
+import logging
+import os
+import pathlib
+import sys
+from typing import Generator
+
+logger = logging.getLogger(__name__)
+
+IGNORE_PATTERNS = [
+    ".*",  # Hidden files and directories, like .git
+    # This is where we actually want third-party stuff to go
+    "3rdparty/CMakeLists.txt",
+    # Historical use of ExternalProject_Add that is not yet migrated to 3rdparty
+    "cpp/tensorrt_llm/deep_ep/CMakeLists.txt",
+    # Historical build that is not included in the wheel build and thus exempt
+    # from the third-party process.
+    "triton_backend/inflight_batcher_llm/*",
+    "build",  # Default build directory
+    "cpp/build",  # Default extension module build directory
+]
+
+
+class DirectoryFilter:
+    """
+    Callable filter for directories that excludes any paths matching
+    IGNORE_PATTERNS.
+    """
+
+    def __init__(self, parent: pathlib.Path):
+        self.parent = parent
+
+    def __call__(self, name: str) -> bool:
+        path = self.parent / name
+        if any(path.match(pat) for pat in IGNORE_PATTERNS):
+            return False
+        return True
+
+
+class FileFilter:
+    """
+    Callable filter for file entries that (in order of precedence):
+
+    1. excludes any paths matching IGNORE_PATTERNS
+    2. includes only CMakeLists.txt and *.cmake files
+    """
+
+    def __init__(self, parent: pathlib.Path):
+        self.parent = parent
+
+    def __call__(self, name: str) -> bool:
+        path = self.parent / name
+        if any(path.match(pat) for pat in IGNORE_PATTERNS):
+            return False
+
+        if name == "CMakeLists.txt":
+            return True
+        elif name.endswith(".cmake"):
+            return True
+
+        return False
+
+
+def yield_sources(src_tree: pathlib.Path):
+    """
+    Perform a filesystem walk and yield any paths that should be scanned
+    """
+    for parent, dirs, files in os.walk(src_tree):
+        parent = pathlib.Path(parent)
+        relpath_parent = parent.relative_to(src_tree)
+
+        # Filter out ignored directories
+        dirs[:] = sorted(filter(DirectoryFilter(relpath_parent), dirs))
+
+        for file in sorted(filter(FileFilter(relpath_parent), files)):
+            yield parent / file
+
+
+ThirdpartyViolation = collections.namedtuple(
+    "ThirdpartyViolation", ["srcfile", "lineno", "note", "line"]
+)
+
+
+def yield_potential_thirdparty(
+    fullpath: pathlib.Path, relpath: pathlib.Path
+) -> Generator[ThirdpartyViolation, None, None]:
+    """
+    Look for patterns that might indicate the addition of new third-party
+    sources.
+    """
+    with fullpath.open("r", encoding="utf-8") as infile:
+        for lineno, line in enumerate(infile):
+            lineno += 1  # Make line numbers 1-based
+
+            if "FetchContent_Declare" in line:
+                note = "Invalid use of FetchContent_Declare outside of 3rdparty/CMakeLists.txt"
+                yield ThirdpartyViolation(relpath, lineno, note, line.strip())
+
+            if "ExternalProject_Add" in line:
+                note = "Invalid use of ExternalProject_Add outside of 3rdparty/CMakeLists.txt"
+                yield ThirdpartyViolation(relpath, lineno, note, line.strip())
+
+
+def check_sources(src_tree: pathlib.Path) -> int:
+    """
+    Common entry-point between main() and pytest. Prints any violations to
+    stderr and returns non-zero if any violations are found.
+    """
+    violations = []
+    for filepath in yield_sources(src_tree):
+        for violation in yield_potential_thirdparty(
+            filepath, filepath.relative_to(src_tree)
+        ):
+            violations.append(violation)
+
+    if not violations:
+        return 0
+
+    for violation in sorted(violations):
+        sys.stderr.write(
+            f"{violation.srcfile}:{violation.lineno}: {violation.note}\n"
+            + f"    {violation.line}\n"
+        )
+
+    logger.error(
+        "Found %d potential third-party violations. "
+        "If you are trying to add a new third-party dependency, "
+        "please follow the instructions in 3rdparty/cpp-thirdparty.md",
+        len(violations),
+    )
+    return 1
+
+
+class TestThirdPartyInCmake:
+    def test_cmake_listfiles(self):
+        """
+        Test that no third-party violations are found in the source tree.
+        """
+        source_tree = pathlib.Path(__file__).parents[1]
+        result = check_sources(source_tree)
+        assert result == 0
+
+
+def main():
+    parser = argparse.ArgumentParser(description="__doc__")
+    parser.add_argument(
+        "--src-tree",
+        default=pathlib.Path.cwd(),
+        type=pathlib.Path,
+        help="Path to the source tree, defaults to current directory",
+    )
+    args = parser.parse_args()
+    result = check_sources(args.src_tree)
+    sys.exit(result)
+
+
+if __name__ == "__main__":
+    logging.basicConfig(level=logging.INFO)
+    main()
diff --git a/3rdparty/test_git_modules.py b/3rdparty/test_git_modules.py
@@ -0,0 +1,109 @@
+"""
+This script audit the .gitmodules file to make sure that new git submodules
+are not added without following the proper process
+(cpp/3rdparty/cpp-thirdparty.md)
+"""
+
+import argparse
+import collections
+import logging
+import pathlib
+import configparser
+import sys
+
+logger = logging.getLogger(__name__)
+
+ALLOWLIST_SUBMODULES = [
+    # NOTE: please do not add new sobmodules here without following the process
+    # in 3rdparty/cpp-thirdparty.md. Prefer to use FetchContent or other methods
+    # to avoid adding new git submodules unless absolutely necessary.
+]
+
+ThirdpartyViolation = collections.namedtuple(
+    "ThirdpartyViolation", ["section", "path", "note"]
+)
+
+
+def find_violations(config: configparser.ConfigParser) -> list[str]:
+    violations = []
+    for section in config.sections():
+        if not section.startswith("submodule "):
+            raise ValueError(f"Unexpected section in .gitmodules: {section}")
+
+        path = config[section].get("path", "")
+        if not path:
+            raise ValueError(f"Missing path for submodule {section}")
+
+        if path not in ALLOWLIST_SUBMODULES:
+            violations.append(
+                ThirdpartyViolation(
+                    section=section,
+                    path=path,
+                    note="Submodule not in allowlist (see test_git_modules.py)",
+                )
+            )
+
+        if not path.startswith("3rdparty/"):
+            violations.append(
+                ThirdpartyViolation(
+                    section=section,
+                    path=path,
+                    note="Submodule path must be under 3rdparty/",
+                )
+            )
+    return violations
+
+
+def check_modules_file(git_modules_path: pathlib.Path) -> int:
+    """
+    Common entry-point between main() and pytest. Prints any violations to
+    stderr and returns non-zero if any violations are found.
+    """
+    config = configparser.ConfigParser()
+    config.read(git_modules_path)
+
+    violations = find_violations(config)
+
+    if violations:
+        for violation in violations:
+            sys.stderr.write(
+                f"{violation.section} (path={violation.path}): {violation.note}\n"
+            )
+
+        logger.error(
+            "Found %d potential third-party violations. "
+            "If you are trying to add a new third-party dependency, "
+            "please follow the instructions in cpp/3rdparty/cpp-thirdparty.md",
+            len(violations),
+        )
+        return 1
+    return 0
+
+
+class TestGitModules:
+    def test_gitmodules(self):
+        """
+        Test that no git submodules are added to .gitmodules without
+        following the defined process.
+        """
+        git_modules_path = pathlib.Path(__file__).parents[1] / ".gitmodules"
+        result = check_modules_file(git_modules_path)
+        assert result == 0
+
+
+def main():
+    parser = argparse.ArgumentParser(description="__doc__")
+    parser.add_argument(
+        "--git-modules-path",
+        default=pathlib.Path(".gitmodules"),
+        type=pathlib.Path,
+        help="Path to the .gitmodules file, defaults to .gitmodules in current directory",
+    )
+    args = parser.parse_args()
+    result = check_modules_file(args.git_modules_path)
+    sys.exit(result)
+
+
+if __name__ == "__main__":
+    logging.basicConfig(level=logging.INFO)
+    main()
diff --git a/tests/integration/test_lists/test-db/l0_a10.yml b/tests/integration/test_lists/test-db/l0_a10.yml
@@ -76,6 +76,9 @@ l0_a10:
   - unittest/llmapi/apps/test_chat_utils.py
   - unittest/llmapi/apps/test_tool_parsers.py
   - unittest/llmapi/apps/test_harmony_channel_validation.py
+  # third-party policy checks CPU-only
+  - 3rdparty/test_cmake_third_party.py
+  - 3rdparty/test_git_modules.py
 - condition:
     ranges:
       system_gpu_count:
