Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue caching Springboot app #472

Open
RyanOattes opened this issue Mar 4, 2022 · 3 comments
Open

Issue caching Springboot app #472

RyanOattes opened this issue Mar 4, 2022 · 3 comments

Comments

@RyanOattes
Copy link

Using Licensed already for React app via npm source (works great) but struggling to use for Springboot apps. First, would like to confirm I'm not missing a source that supports Maven pom.xml files. The dependency analysis on Github.com supports them, but I don't think I see a Licensed source for them.

Given that, I converted a clone of the app repo to Gradle so we can use that source, but running "gradle init" on the root directory. It looks like Licensed Gradle support is a bit dated - my first hint was the default config looks for the "runtime" configuration in build.gradle, which has been deprecated in favour of "implementation". I also hit an issue that "implementation" cannot be resolved. I punched through both of those issues by adding this to build.gradle:

configurations {
runtime.extendsFrom implementation {
canBeResolved = true
canBeConsumed = true
}
}

Current status is that Licensed spits out errors like this:

Caching dependency records for Kobai
gradle
Error antlr:antlr (2.7.7)
Error ch.qos.logback:logback-classic (1.2.3)
Error ch.qos.logback:logback-core (1.2.3)

and

  • Errors:
    • Kobai.gradle.antlr:antlr
      cached: false, filename: /Users/ryanoattes/dev/licensed/data-svcs/gradle/antlr:antlr.dep.yml, version: 2.7.7

      • '/Users/ryanoattes/git/kobai-data-services/studio-services/gradlew -q -b /Users/ryanoattes/git/kobai-data-services/studio-services/license-20220303-89401-j4ulnu.gradle generateLicenseReport' exited with status 1
        FAILURE: Build failed with an exception.

        • What went wrong:
          Some problems were found with the configuration of task ':generateLicenseReport' (type 'CacheableReportTask').

          • In plugin 'com.github.jk1.dependency-license-report' type 'com.github.jk1.license.task.CacheableReportTask' property 'config.cache.$0.filename' is missing an input or output annotation.

            Reason: A property without annotation isn't considered during up-to-date checking.

            Possible solutions:

            1. Add an input or output annotation.
            2. Mark it as @internal.

            Please refer to https://docs.gradle.org/7.4/userguide/validation_problems.html#missing_annotation for more details about this problem.

Based on this thread (jk1/Gradle-License-Report#203) it looks like this was a known issue with the Gradle-License-Report plugin that was resolved in Aug 2021 with an upgrade to 2.0 to support Gradle7.

In the Licensed repo, I see a commit (failed build) updating Gradle to the newest version of the plugin from June 2021, but that's before the new plugin was available.

So - That's where I am. If there is Maven support I'd love to drop the whole Gradle thread, but failing that some guidance on where to go from here would be great.
@jonabc
Copy link
Contributor

jonabc commented Mar 4, 2022
edited

👋 @RyanOattes

The dependency analysis on Github.com supports them, but I don't think I see a Licensed source for them.

This tool is separate from what you'll see online in a GitHub repo description or its dependency graph and is meant more for local analysis. Sorry for the confusion there

I don't have much experience with the Java ecosystem and have relied on contributors to build support. I would gladly welcome any PRs that add Maven support as well as provide any help needed in the integration! The core challenges are

  1. enumerating all dependencies for an app, with name and version at a minimum for each dependency but hopefully also a description and homepage link
  2. getting access to real files on disk that contain license contents (if any) for each dependency. IIRC Gradle dependencies don't include license files and so we needed to build some workarounds to pull license contents from online sources - does the same apply to Maven?

Similarly, I'd welcome any PRs that update the Gradle-License-Report plugin to support more Gradle versions! I'll give that update a shot but it might be quicker and easier if someone with more experience did it 😆

@RyanOattes
Copy link
Author

Thanks for the response @jonabc . I'll just wait and watch, then, since I'm not a Java dev!

@jonabc
Copy link
Contributor

jonabc commented Feb 25, 2023

@RyanOattes an update to the Gradle source was shipped in release 4.2.0. The problems resolved by the update sound very similar to what you called out in this issue. Can you give that a shot and let me know if you're able to use the Gradle source more reliably now? There's still no support for Maven unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jonabc @RyanOattes and others