Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bom file does not have dependencies #264

Closed
flaviomeira opened this issue Jan 27, 2023 · 5 comments
Closed

Bom file does not have dependencies #264

flaviomeira opened this issue Jan 27, 2023 · 5 comments
Labels
android Android related issues duplicate This issue or pull request already exists

Comments

@flaviomeira
Copy link

Following the configuration set in readme file the cyclonedxBom task runs without errors, but dependencies does not appear in the generated bom file

tasks.cyclonedxBom {
    setIncludeConfigs(listOf("runtimeClasspath"))
    setSkipConfigs(listOf("compileClasspath", "testCompileClasspath"))
    setSkipProjects(listOf(rootProject.name))
    setProjectType("application")
    setSchemaVersion("1.4")
    setDestination(project.file("build/reports"))
    setOutputName("bom")
    setIncludeBomSerialNumber(false)
    setComponentVersion("2.0.0")
}

./gradlew cyclonedxBom -info

Initialized native services in: /Users/user/.gradle/native
Initialized jansi services in: /Users/user/.gradle/native
The client will now receive all logging from the daemon (pid: 90281). The daemon log file: /Users/user/.gradle/daemon/7.5/daemon-90281.out.log
Starting 5th build in daemon [uptime: 2 hrs 29 mins 47.945 secs, performance: 96%]
Using 12 worker leases.
Now considering [/Users/user/projects/poc-cyclone] as hierarchies to watch
Watching the file system is configured to be enabled if available
File system watching is active
Starting Build
Settings evaluated using settings file '/Users/user/projects/poc-cyclone/settings.gradle.kts'.
Projects loaded. Root project using build file '/Users/user/projects/poc-cyclone/build.gradle.kts'.
Included projects: [root project 'Cyclone', project ':app', project ':login']

> Configure project :
Evaluating root project 'Cyclone' using build file '/Users/user/projects/poc-cyclone/build.gradle.kts'.
Caching disabled for Kotlin DSL accessors for root project 'Cyclone' because:
  Build cache is disabled
Skipping Kotlin DSL accessors for root project 'Cyclone' as it is up-to-date.

> Configure project :app
Evaluating project ':app' using build file '/Users/user/projects/poc-cyclone/app/build.gradle.kts'.
Using default execution profile
Using Kotlin Gradle Plugin gradle70 variant
Caching disabled for Kotlin DSL accessors for project ':app' because:
  Build cache is disabled
Skipping Kotlin DSL accessors for project ':app' as it is up-to-date.
Parsed shrinker version: 4.0.48

> Configure project :login
Evaluating project ':login' using build file '/Users/user/projects/poc-cyclone/login/build.gradle.kts'.
Using default execution profile
Using Kotlin Gradle Plugin gradle70 variant
Caching disabled for Kotlin DSL accessors for project ':login' because:
  Build cache is disabled
Skipping Kotlin DSL accessors for project ':login' as it is up-to-date.
Parsed shrinker version: 4.0.48
All projects evaluated.
Task name matched 'cyclonedxBom'
Selected primary task 'cyclonedxBom' from project :
Tasks to be executed: [task ':cyclonedxBom']
Tasks that were excluded: []
Resolve mutations for :cyclonedxBom (Thread[#790,Execution worker,5,main]) started.
:cyclonedxBom (Thread[#792,Execution worker Thread 3,5,main]) started.
producer locations for task group 0 (Thread[#794,Execution worker Thread 5,5,main]) started.
Resolve mutations for :cyclonedxBom (Thread[#790,Execution worker,5,main]) completed. Took 0.0 secs.
producer locations for task group 0 (Thread[#794,Execution worker Thread 5,5,main]) completed. Took 0.0 secs.

> Task :cyclonedxBom
Watching 1 directory hierarchies to track changes
Caching disabled for task ':cyclonedxBom' because:
  Build cache is disabled
Task ':cyclonedxBom' is not up-to-date because:
  Output property 'destination' file /Users/user/projects/poc-cyclone/build/reports/bom.json has been removed.
  Output property 'destination' file /Users/user/projects/poc-cyclone/build/reports/bom.xml has been removed.
Not watching anything anymore
Watching 0 directory hierarchies to track changes
CycloneDX: Parameters
------------------------------------------------------------------------
schemaVersion          : 1.4
includeBomSerialNumber : false
includeConfigs         : [runtimeClasspath]
skipConfigs            : [compileClasspath, testCompileClasspath]
skipProjects           : [Cyclone]
destination            : /Users/user/projects/poc-cyclone/build/reports
outputName             : bom
------------------------------------------------------------------------
CycloneDX: Resolving Dependencies
CycloneDX: Creating BOM
CycloneDX: Writing BOM XML
CycloneDX: Validating BOM
CycloneDX: Writing BOM JSON
CycloneDX: Validating BOM
Watching 1 directory hierarchies to track changes
:cyclonedxBom (Thread[#792,Execution worker Thread 3,5,main]) completed. Took 0.097 secs.

BUILD SUCCESSFUL in 1s

Generated bom file

{
  "bomFormat" : "CycloneDX",
  "specVersion" : "1.4",
  "version" : 1,
  "metadata" : {
    "timestamp" : "2023-01-27T14:29:25Z",
    "tools" : [
      {
        "vendor" : "CycloneDX",
        "name" : "cyclonedx-gradle-plugin",
        "version" : "1.7.3"
      }
    ],
    "component" : {
      "group" : "group",
      "name" : "Cyclone",
      "version" : "2.0.0",
      "purl" : "pkg:maven/group/Cyclone@unspecified?type=pom",
      "type" : "application",
      "bom-ref" : "pkg:maven/group/Cyclone@unspecified?type=pom"
    }
  },
  "components" : [
    {
      "group" : "Cyclone",
      "name" : "login",
      "version" : "unspecified",
      "purl" : "pkg:maven/Cyclone/login@unspecified?type=jar",
      "type" : "library",
      "bom-ref" : "pkg:maven/Cyclone/login@unspecified?type=jar"
    },
    {
      "group" : "Cyclone",
      "name" : "app",
      "version" : "unspecified",
      "purl" : "pkg:maven/Cyclone/app@unspecified?type=jar",
      "type" : "library",
      "bom-ref" : "pkg:maven/Cyclone/app@unspecified?type=jar"
    }
  ],
  "dependencies" : [
    {
      "ref" : "pkg:maven/group/Cyclone@unspecified?type=pom",
      "dependsOn" : [
        "pkg:maven/Cyclone/app@unspecified?type=jar",
        "pkg:maven/Cyclone/login@unspecified?type=jar"
      ]
    }
  ]
}

I tried to fix with the following configuration

tasks.cyclonedxBom {
    setIncludeConfigs(listOf("debugCompileClasspath"))  // Changing to debugCompileClasspath
    setSkipConfigs(listOf("compileClasspath", "testCompileClasspath"))
    setSkipProjects(listOf(rootProject.name))
    setProjectType("application")
    setSchemaVersion("1.4")
    setDestination(project.file("build/reports"))
    setOutputName("bom")
    setIncludeBomSerialNumber(false)
    setComponentVersion("2.0.0")
}

But cyclonedxBom runs with erros (./gradlew cyclonedxBom -info)

Initialized native services in: /Users/user/.gradle/native
Initialized jansi services in: /Users/user/.gradle/native
The client will now receive all logging from the daemon (pid: 90281). The daemon log file: /Users/user/.gradle/daemon/7.5/daemon-90281.out.log
Starting 6th build in daemon [uptime: 2 hrs 40 mins 8.417 secs, performance: 96%]
Using 12 worker leases.
Now considering [/Users/user/projects/poc-cyclone] as hierarchies to watch
Watching the file system is configured to be enabled if available
Now considering [/Users/user/projects/poc-cyclone] as hierarchies to watch
File system watching is active
Starting Build
Settings evaluated using settings file '/Users/user/projects/poc-cyclone/settings.gradle.kts'.
Projects loaded. Root project using build file '/Users/user/projects/poc-cyclone/build.gradle.kts'.
Included projects: [root project 'Cyclone', project ':app', project ':login']

> Configure project :
Evaluating root project 'Cyclone' using build file '/Users/user/projects/poc-cyclone/build.gradle.kts'.
Caching disabled for Kotlin DSL accessors for root project 'Cyclone' because:
  Build cache is disabled
Skipping Kotlin DSL accessors for root project 'Cyclone' as it is up-to-date.

> Configure project :app
Evaluating project ':app' using build file '/Users/user/projects/poc-cyclone/app/build.gradle.kts'.
Using default execution profile
Using Kotlin Gradle Plugin gradle70 variant
Caching disabled for Kotlin DSL accessors for project ':app' because:
  Build cache is disabled
Skipping Kotlin DSL accessors for project ':app' as it is up-to-date.
Parsed shrinker version: 4.0.48

> Configure project :login
Evaluating project ':login' using build file '/Users/user/projects/poc-cyclone/login/build.gradle.kts'.
Using default execution profile
Using Kotlin Gradle Plugin gradle70 variant
Caching disabled for Kotlin DSL accessors for project ':login' because:
  Build cache is disabled
Skipping Kotlin DSL accessors for project ':login' as it is up-to-date.
Parsed shrinker version: 4.0.48
All projects evaluated.
Task name matched 'cyclonedxBom'
Selected primary task 'cyclonedxBom' from project :
Tasks to be executed: [task ':cyclonedxBom']
Tasks that were excluded: []
Resolve mutations for :cyclonedxBom (Thread[#937,Execution worker,5,main]) started.
:cyclonedxBom (Thread[#940,Execution worker Thread 4,5,main]) started.
producer locations for task group 0 (Thread[#938,Execution worker Thread 2,5,main]) started.
producer locations for task group 0 (Thread[#938,Execution worker Thread 2,5,main]) completed. Took 0.0 secs.
Resolve mutations for :cyclonedxBom (Thread[#937,Execution worker,5,main]) completed. Took 0.0 secs.

> Task :cyclonedxBom
Watching 1 directory hierarchies to track changes
Caching disabled for task ':cyclonedxBom' because:
  Build cache is disabled
Task ':cyclonedxBom' is not up-to-date because:
  Value of input property 'includeConfigs' has changed for task ':cyclonedxBom'
Not watching anything anymore
Watching 0 directory hierarchies to track changes
CycloneDX: Parameters
------------------------------------------------------------------------
schemaVersion          : 1.4
includeBomSerialNumber : false
includeConfigs         : [debugCompileClasspath]
skipConfigs            : [compileClasspath, testCompileClasspath]
skipProjects           : [Cyclone]
destination            : /Users/user/projects/poc-cyclone/build/reports
outputName             : bom
------------------------------------------------------------------------
CycloneDX: Resolving Dependencies
Watching 1 directory hierarchies to track changes

> Task :cyclonedxBom FAILED
:cyclonedxBom (Thread[#940,Execution worker Thread 4,5,main]) completed. Took 2.427 secs.

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':cyclonedxBom'.
> The consumer was configured to find an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :login:
    - Configuration ':login:debugApiElements' variant android-aidl declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-aidl' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-lint-local-aar declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-lint-local-aar' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-lint-model-metadata declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-lint-model-metadata' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-lint-variant-dependencies-model declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-lint-variant-dependencies-model' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-lint-variant-dependencies-partial-results declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-lint-variant-dependencies-partial-results' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-manifest declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-manifest' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-renderscript declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-renderscript' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it
    - Configuration ':login:debugApiElements' variant android-symbol-with-package-name declares an API of a component, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '7.4.0', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
        - Unmatched attributes:
            - Provides attribute 'artifactType' with value 'android-symbol-with-package-name' but the consumer didn't ask for it
            - Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
            - Provides a library but the consumer didn't ask for it

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 4s

In order to run cyclonedxBom task successfully, we set 'configuration to default' in app dependencies.
app/build.gradle.kts
implementation(project(mapOf("path" to ":login", "configuration" to "default")))
With this configuration, cyclonedxBom task runs without errors and the bom file contains the project dependencies correctly (at first sight).

The problem with this configuration is that it breaks the app build, with the following error
e: /Users/user/projects/poc-cyclone/app/src/main/java/com/poc/cyclone/view/MainActivity.kt: (12, 24): Unresolved reference: login
MainActivity.kt (line 12)
import com.poc.cyclone.login.LoginActivity //Unresolved reference: LoginActivity

It seems to be a misconfiguration in the project, but I couldn't find the correct configuration.

This is the repo with this project: https://github.com/saviolli/poc-cyclone
@rkg-mm
Copy link

rkg-mm commented Feb 13, 2023

having the same problem in an android project

@kito99
Copy link

kito99 commented Feb 14, 2023

This looks like a duplicate of #223. (I'm having the same problem.)

@skhokhlov skhokhlov added the android Android related issues label Jul 31, 2024
@skhokhlov
Copy link
Member

Workaround: #223 (comment)

@skhokhlov
Copy link
Member

Main issue: #478

@skhokhlov skhokhlov added the duplicate This issue or pull request already exists label Jul 31, 2024
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
android Android related issues duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@skhokhlov @flaviomeira @kito99 @rkg-mm