I have an Android (Kotlin) project that I want to test with spotbugs .
This testing will occur inside a docker
container using the gitlab/sast image. It will detect a gradle project and then execute spotbugs tests on that project.
When I run this image with
docker run \
--interactive --tty --rm \
--volume ${MY_PROJECT}:/code \
--volume /var/run/docker.sock:/var/run/docker.sock \
registry.gitlab.com/gitlab-org/security-products/sast:12-4-stable /app/bin/run /code
The sast
tool detects two projects in total, Gradlew
and Gradle
projects as showing in the logs.
Found Gradlew project in /tmp/app directory
Found Gradle project in /tmp/app/app directory
Found 2 analyzable projects.
The Gradlew
is successfully built but the Gradle
project fails to build.
Gradlew
Plugin
Building Gradlew project at /tmp/app.
Downloading https://services.gradle.org/distributions/gradle-5.6.1-all.zip
Unzipping /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx/gradle-5.6.1-all.zip to /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx
Set executable permissions for: /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx/gradle-5.6.1/bin/gradle
Welcome to Gradle 5.6.1!
Here are the highlights of this release:
- Incremental Groovy compilation
- Groovy compile avoidance
- Test fixtures for Java projects
- Manage plugin versions via settings script
For more details see https://docs.gradle.org/5.6.1/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
> Task :app:assemble UP-TO-DATE
> Task :app:lint SKIPPED
> Task :app:compileJava NO-SOURCE
> Task :app:processResources NO-SOURCE
> Task :app:classes UP-TO-DATE
> Task :app:spotbugsMain
Warning at xsl:variable on line 348 column 57 of default.xsl:
SXWN9001: A variable with no following sibling instructions has no effect
Warning at xsl:variable on line 351 column 57 of default.xsl:
SXWN9001: A variable with no following sibling instructions has no effect
> Task :app:check
> Task :app:build
BUILD SUCCESSFUL in 1m 49s
1 actionable task: 1 executed
Project built.
Gradle
Plugin
Building Gradle project at /tmp/app/app.
Welcome to Gradle 5.1!
Here are the highlights of this release:
- Control which dependencies can be retrieved from which repositories
- Production-ready configuration avoidance APIs
For more details see https://docs.gradle.org/5.1/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
FAILURE: Build failed with an exception.
* Where:
Build file '/tmp/app/app/build.gradle' line: 6
* What went wrong:
An exception occurred applying plugin request [id: 'com.github.triplet.play', version: '2.5.0']
> Failed to apply plugin [id 'com.github.triplet.play']
> Gradle Play Publisher's minimum Gradle version is at least Gradle 5.6.1 and yours is Gradle 5.1. Find the latest version at https://github.com/gradle/gradle/releases, then run './gradlew wrapper --gradle-version=$LATEST --distribution-type=ALL'.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 38s
Error: Project couldn't be built: exit status 1
2019/11/18 21:49:23 exit status 1
2019/11/18 21:49:23 Container exited with non zero status code
Just to provide some background on the com.github.triplet.play
tool, it's a gradle
plugin that is used to publish apk
's to the Play Store.
I was not expecting the Gradle
project to use version 5.1
because the Gradlew
project used version 5.6.1
and in gradle/wrapper/gradle-wrapper.properties
(project-level) I have specified version 5.6.1
.
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.1-all.zip
build.gradle
(project-level)
buildscript {
ext.kotlinVersion = '1.3.50'
ext.espressoVersion = "3.2.0"
ext.ktlintVersion = "9.1.0"
repositories {
google()
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:3.5.2'
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlinVersion"
}
}
allprojects {
apply from: "$rootDir/ktlint.gradle"
repositories {
google()
jcenter()
}
}
build.gradle
(app-level)
plugins {
id 'com.github.triplet.play' version '2.5.0'
id "com.github.spotbugs" version "2.0.1"
id "com.github.hierynomus.license-report" version"0.15.0"
}
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: "com.github.spotbugs"
android {
compileSdkVersion 29
defaultConfig {
applicationId "<REDACTED>"
minSdkVersion 21
targetSdkVersion 29
versionCode Integer.valueOf(System.env.VERSION_CODE ?: 1)
versionName "${System.getenv('APPLICATION_VERSION')}-${System.getenv('APPLICATION_BUILD_STAGE')}-${System.env.VERSION_SHA}"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
signingConfigs {
release {
storeFile file("${System.getenv('KEYSTORE_FILE_PATH')}")
storePassword "${System.getenv('SIGNING_KEY_PASSWORD')}"
keyAlias "${System.getenv('SIGNING_KEY_ALIAS')}"
keyPassword "${System.getenv('SIGNING_KEY_PASSWORD')}"
}
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
lintOptions {
abortOnError false
tasks.lint.enabled = false
}
}
dependencies {
implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlinVersion"
implementation 'androidx.appcompat:appcompat:1.1.0'
implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
implementation "androidx.test.espresso:espresso-idling-resource:$espressoVersion"
testImplementation 'junit:junit:4.12'
androidTestImplementation 'androidx.test.ext:junit:1.1.1'
androidTestImplementation 'androidx.test:rules:1.2.0'
androidTestImplementation "androidx.test.espresso:espresso-core:$espressoVersion"
spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.7.1'
}
play {
serviceAccountCredentials = file("${System.getenv('PLAY_STORE_JSON_CONFIG_PATH')}")
releaseStatus = "${System.getenv('PLAY_RELEASE_STATUS')}"
}
spotbugs {
toolVersion = '4.0.0-beta4'
excludeFilter = file("$rootProject.projectDir/spotbugs/excludeFilter.xml")
reportsDir = file("$project.buildDir/spotbugsReports")
}
tasks.withType(com.github.spotbugs.SpotBugsTask) {
classes = files("$project.buildDir/intermediates/javac")
source = fileTree("app/src/main/java")
reports {
html.enabled = true
xml.enabled = false
}
}
sourceSets {
// we define `main` sourceSet here, so SpotBugs Gradle Plugin generates `spotbugsMain` task
main {
java.srcDirs = []
}
}
downloadLicenses {
dependencyConfiguration "compile"
}
Is there anyway in Gradle to configure the tmp/app/app
(Gradle project) to use version 5.6.1
instead of version 5.1
<PROJECT_ROOT>\app\build.gradle
is specific for app module.
<PROJECT_ROOT>\build.gradle
is a " Top-level build file " where you can add configuration options common to all sub-projects/modules.
If you use another module in your project, as a local library you would have another build.gradle file: <PROJECT_ROOT>\module\build.gradle
For example in your top level file you can specify these common properties:
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.android.tools.build:gradle:1.3.0'
}
}
ext {
compileSdkVersion = 23
buildToolsVersion = "23.0.1"
}
In your app\build.gradle
apply plugin: 'com.android.application'
repositories {
mavenCentral()
}
android {
compileSdkVersion rootProject.ext.compileSdkVersion
buildToolsVersion rootProject.ext.buildToolsVersion
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.