Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cyclonedxBom feature for android library app not working #441

Closed
umutcansu opened this issue May 29, 2024 · 7 comments
Closed

cyclonedxBom feature for android library app not working #441

umutcansu opened this issue May 29, 2024 · 7 comments
Labels
android Android related issues duplicate This issue or pull request already exists question Further information is requested

Comments

@umutcansu
Copy link

Hi.
I can create a report with the skipConfigs feature in the module opened as an application. but when I do the same as a library, I get an error. thanks for your support.

top level gradle :

plugins {
    alias(libs.plugins.android.application) apply false
    alias(libs.plugins.android.library) apply( false)
    alias(libs.plugins.jetbrains.kotlin.android) apply false
}

app gradle:

plugins {
    alias(libs.plugins.android.application)
    alias(libs.plugins.jetbrains.kotlin.android)
    id "org.cyclonedx.bom" version "1.8.0"
}


cyclonedxBom {
    skipConfigs = [
            "debugCompileClasspath",
            "debugAndroidTestCompileClasspath",
            "debugUnitTestCompileClasspath",
            "releaseUnitTestCompileClasspath",
            "debugUnitTestRuntimeClasspath",
            "releaseUnitTestRuntimeClasspath"
    ]
    // Specified the version of the CycloneDX specification to use. Defaults to '1.5'
    schemaVersion = "1.5"
    // Boms destination directory. Defaults to 'build/reports'
    destination = file("build/reports")
    // The file name for the generated BOMs (before the file format suffix). Defaults to 'bom'
    outputName = "bom"
    // The file format generated, can be xml, json or all for generating both. Defaults to 'all'
    outputFormat = "json"
    // Exclude BOM Serial Number. Defaults to 'true'
    includeBomSerialNumber = false
    // Exclude License Text. Defaults to 'true'
    includeLicenseText = false
    // Override component version. Defaults to the project version
    componentVersion = "2.0.0"
}

library gradle :

plugins {

    alias(libs.plugins.android.library)
    alias(libs.plugins.jetbrains.kotlin.android)
    id "org.cyclonedx.bom" version "1.8.2"
}


cyclonedxBom {
    skipConfigs = [
            "debugCompileClasspath",
            "debugAndroidTestCompileClasspath",
            "debugUnitTestCompileClasspath",
            "releaseUnitTestCompileClasspath",
            "debugUnitTestRuntimeClasspath",
            "releaseUnitTestRuntimeClasspath"
    ]
    // Specified the type of project being built. Defaults to 'library'
    projectType = "library"
    // Specified the version of the CycloneDX specification to use. Defaults to '1.5'
    schemaVersion = "1.5"
    // Boms destination directory. Defaults to 'build/reports'
    destination = file("build/reports")
    // The file name for the generated BOMs (before the file format suffix). Defaults to 'bom'
    outputName = "bom"
    // The file format generated, can be xml, json or all for generating both. Defaults to 'all'
    outputFormat = "json"
    // Exclude BOM Serial Number. Defaults to 'true'
    includeBomSerialNumber = false
    // Exclude License Text. Defaults to 'true'
    includeLicenseText = false
    // Override component version. Defaults to the project version
    componentVersion = "2.0.0"
}

gradle command : gradle cyclonedxBom

gradle error message :

Execution failed for task ':myapplicationmodule:cyclonedxBom'.

The consumer was configured to find a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :myapplicationmodule:
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-aar-metadata declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-aar-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-art-profile declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-art-profile' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-assets declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-assets' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-classes-directory-Aorg.gradle.libraryelements=classes declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-classes-directory' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides its elements preferably in the form of class files but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-classes-jar declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-classes-jar' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides its elements packaged as a jar but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-compiled-dependencies-resources declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-compiled-dependencies-resources' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-consumer-proguard-rules declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-consumer-proguard-rules' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-java-res declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-java-res' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-jni declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-jni' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-lint' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides its elements packaged as a jar but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint-local-aar declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-lint-local-aar' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-manifest declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-manifest' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-navigation-json declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-navigation-json' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-public-res declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-public-res' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-res declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-res' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-symbol declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-symbol' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-symbol-with-package-name declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-symbol-with-package-name' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant jar declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'jar' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides its elements packaged as a jar but the consumer didn't ask for it
- Configuration ':myapplicationmodule:debugRuntimeElements' variant supported-locale-list declares a library for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'supported-locale-list' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
The following variants were also considered but didn't match the requested attributes:
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-instrumentation-test-lint-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-instrumentation-test-lint-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-instrumentation-test-lint-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-instrumentation-test-lint-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint-model-metadata-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-model-metadata declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint-variant-dependencies-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-variant-dependencies-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint-variant-dependencies-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-variant-dependencies-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint-vital-lint-variant-dependencies-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-vital-lint-variant-dependencies-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-lint-vital-variant-dependencies-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-lint-vital-variant-dependencies-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-unit-test-lint-model-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-unit-test-lint-model declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
- Configuration ':myapplicationmodule:debugRuntimeElements' variant android-unit-test-lint-partial-results-Aorg.gradle.category=verification-Aorg.gradle.verificationtype=android-unit-test-lint-partial-results declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.4.1', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Incompatible because this component declares a component of category 'verification' and the consumer needed a library
@umutcansu umutcansu changed the title android kütüphane uygulaması için cyclonedxBom özelliği çalışmıyor cyclonedxBom feature for android library app not working May 29, 2024
@dabdullin
Copy link

dabdullin commented Jul 15, 2024
edited
Loading

Do you have any updates? I am encountering the same issue with AGP versions 8.5.0 and 8.5.1. In the meantime, I had to automate the parsing of the "./gradlew :app:dependencies" output into the BOM format in Jenkins 😓

@glefloch

@dabdullin
Copy link

There was a hack created by @realdadfish a year ago, but it's no longer working :(

@skhokhlov
Copy link
Member

You can try to skip configuration debugRuntimeElements too. Will it work for you?

@skhokhlov skhokhlov added question Further information is requested android Android related issues labels Jul 31, 2024
@skhokhlov
Copy link
Member

Please try this workaround: #223 (comment)

@skhokhlov
Copy link
Member

Main issue: #478

@skhokhlov skhokhlov closed this as not planned Won't fix, can't repro, duplicate, stale Jul 31, 2024
@skhokhlov skhokhlov added the duplicate This issue or pull request already exists label Jul 31, 2024
@dabdullin
Copy link

Thank you @skhokhlov, I will try.

@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
android Android related issues duplicate This issue or pull request already exists question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skhokhlov @umutcansu @dabdullin