Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gradle does not return dependencies at all #9255

Closed
wkl3nk opened this issue Oct 8, 2024 · 1 comment · Fixed by #9256
Closed

Gradle does not return dependencies at all #9255

wkl3nk opened this issue Oct 8, 2024 · 1 comment · Fixed by #9256
Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs

Comments

@wkl3nk
Copy link
Contributor

wkl3nk commented Oct 8, 2024

Describe the bug

I use the Analyzer CLI to directly analyze a checked-out repository.
I explicitly use the Gradle package manager, not GradleInspector.
The repository is a simple gradle-based project with a little bit of Spring Boot.

ort --info -P ort.analyzer.enabledPackageManagers=Gradle analyze -i . -o .

The OSS Review Toolkit, version 35.0.0-029.sha.901aa9d,
built with JDK 21.0.3+9-LTS, running under Java 21.0.3.
...
Found 1 project(s) and 0 package(s) in total (not counting excluded ones).
Applied 0 curation(s) from 0 of 2 provider(s).
Resolved issues: 0 errors, 0 warnings, 0 hints.
Unresolved issues: 0 errors, 0 warnings, 0 hints.

Expected behavior

I would have expected > 60 dependencies, but I get 0.

  • ORT version: 35.0.0
  • Java version: 21
  • Gradle: 8.10.2

Analysis

The Gradle plugin iterates over the gradle configurations, tries to exclude (plugin) configurations that are deprecated.
Since Gradle 8.2, the configuration property resolutionAlternatives has changed to a ImmutableList, and this property can no longer be null, but instead the list can be empty. The code inside of the Gradle plugin does not reflect that change.

On the other hand, the code in the GradleInspector does reflect this change: 1d172c9

Please hang on for a PR.
@wkl3nk wkl3nk added bug Issues that are considered to be bugs to triage Issues that need triaging labels Oct 8, 2024
wkl3nk added a commit to boschglobal/oss-review-toolkit that referenced this issue Oct 8, 2024
@wkl3nk
fix(gradle): Also check for non-empty resolution alternatives
96734a9 
Starting with Gradle 8.2, a property that defines if a
gradle configuration is deprecated now can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all gradle configurations
are considered deprecated. As a result, no dependencies
for no gradle configurations are returned.

Fixes oss-review-toolkit#9255

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
@wkl3nk wkl3nk mentioned this issue Oct 8, 2024
Merged
@sschuberth
Copy link
Member

The Gradle plugin iterates over the gradle configurations, tries to exclude (plugin) configurations that are deprecated.

Still interesting how this can result in seeing less (or zero) dependencies. I would have assumed that if the Gradle analyzer does not exclude enough, we'd rather see too many dependencies.

@sschuberth sschuberth added analyzer About the analyzer tool and removed to triage Issues that need triaging labels Oct 8, 2024
@wkl3nk wkl3nk changed the title Gradle does return dependencies at all Gradle does not return dependencies at all Oct 8, 2024
wkl3nk added a commit to boschglobal/oss-review-toolkit that referenced this issue Oct 8, 2024
@wkl3nk
fix(gradle): Also check for non-empty resolution alternatives
385f560 
Starting with Gradle 8.2, a property that defines if a
Gradle configuration is deprecated can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all Gradle configurations
are considered deprecated. As a result, no dependencies
for Gradle configurations are returned.

Fixes oss-review-toolkit#9255.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
wkl3nk added a commit to boschglobal/oss-review-toolkit that referenced this issue Oct 8, 2024
@wkl3nk
fix(gradle): Also check for non-empty resolution alternatives
c28b77c 
Starting with Gradle 8.2, a property that defines if a
Gradle configuration is deprecated can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all Gradle configurations
are considered deprecated. As a result, no dependencies
for Gradle configurations are returned.

Fixes oss-review-toolkit#9255.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
wkl3nk added a commit to boschglobal/oss-review-toolkit that referenced this issue Oct 8, 2024
@wkl3nk
fix(gradle): Also check for non-empty resolution alternatives
f8080fd 
Starting with Gradle 8.2, a property that defines if a
Gradle configuration is deprecated can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all Gradle configurations
are considered deprecated. As a result, no dependencies
for Gradle configurations are returned.

Fixes oss-review-toolkit#9255.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
wkl3nk added a commit to boschglobal/oss-review-toolkit that referenced this issue Oct 9, 2024
@wkl3nk
fix(gradle): Also check for non-empty resolution alternatives
dc24e98 
Starting with Gradle 8.2, a property that defines if a
Gradle configuration is deprecated can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all Gradle configurations
are considered deprecated. As a result, no dependencies
for Gradle configurations are returned.

Fixes oss-review-toolkit#9255.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
wkl3nk added a commit to boschglobal/oss-review-toolkit that referenced this issue Oct 9, 2024
@wkl3nk
fix(gradle): Also check for non-empty resolution alternatives
215f41c 
Starting with Gradle 8.2, a property that defines if a
Gradle configuration is deprecated can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all Gradle configurations
are considered deprecated. As a result, no dependencies
for Gradle configurations are returned.

Fixes oss-review-toolkit#9255.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
sschuberth pushed a commit that referenced this issue Oct 9, 2024
@wkl3nk @sschuberth
fix(gradle): Also check for non-empty resolution alternatives
bca9748 
Starting with Gradle 8.2, a property that defines if a
Gradle configuration is deprecated can be an empty
list instead of just null. This is misinterpreted by the
Gradle analyzer plugin, and all Gradle configurations
are considered deprecated. As a result, no dependencies
for Gradle configurations are returned.

Fixes #9255.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(gradle): Also check for non-empty resolution alternatives boschglobal/oss-review-toolkit
2 participants
@sschuberth @wkl3nk