Applying Gradle Dependency-Check plugin - maven

I am trying to use the dependency.check from the following link and have been unable to get it to run properly (at all) when following the instructions given.
https://github.com/jeremylong/DependencyCheck/tree/master/dependency-check-gradle
When trying to build with the apply plugin and additional dependency the fails on startup and it throws the following error.
Where:
Build file '/Users/aaron/work/backups/eiss/build.gradle' line: 25
What went wrong:
A problem occurred evaluating root project 'eiss'.
Failed to apply plugin [id 'dependency.check']
Plugin with id 'dependency.check' not found.
I made a little progress when making some changes but was still ultimately unsuccessful.
First, I commented out the apply plugin line.
Next, I switched:
classpath "com.thoughtworks.tools:dependency-check:0.0.7"
over to:
compile "com.thoughtworks.tools:dependency-check:0.0.7"
After these two changes it began recognizing the path and I was able to see it grabbing the items from the repository.
Even with the path correct I am still having issues with the apply plugin line with it throwing the same error whenever I place it into the script or even try to change the '.' in it into a '-' (both are used in the instructions and in different repository examples).
Any help on this issue would be appreciated! Thanks
lastly here is the build.gradle script. I didn't want to just leave this blob right in the center of the post.
defaultTasks 'assemble'
// For third party libs that are widely used, keep versions in one place
ext {
MONGO_JAVA_DRIVER = "org.mongodb:mongo-java-driver:2.12.3"
RABBITMQ_VERSION = "com.rabbitmq:amqp-client:3.4.3"
LOG4J = "log4j:log4j:1.2.16"
// For groovy there are multiple libs, just capture version number and use lib-name-$GROOVY_VERSION
GROOVY_VERSION = "2.3.6"
}
//
// Common settings for all projects
//
subprojects {
defaultTasks 'assemble'
apply plugin: 'groovy'
apply plugin: 'maven'
apply plugin: 'codenarc'
apply plugin: 'dependency.check'
targetCompatibility = "1.6"
sourceCompatibility = "1.6"
repositories {
mavenCentral()
}
dependencies {
compile LOG4J
compile "org.codehaus.groovy:groovy:${GROOVY_VERSION}"
compile "org.codehaus.groovy:groovy-json:${GROOVY_VERSION}"
compile "org.codehaus.groovy:groovy-templates:${GROOVY_VERSION}"
compile "com.thoughtworks.tools:dependency-check:0.0.7"
testCompile group: 'junit', name: 'junit', version: '4.+'
testCompile "org.codehaus.groovy:groovy-test:${GROOVY_VERSION}"
testCompile "org.hamcrest:hamcrest-core:1.3"
}
clean.doLast {
// The archive path is configured via the jar tasks. Can't use
// delete jar.archivePath because that will configure the delete with
// the wrong (default) path of build/libs/<component.jar>
jar.archivePath.delete()
jarSources.archivePath.delete()
}
//--------------------------------------------------------------------
// Run and test
//--------------------------------------------------------------------
test {
// Uncomment to see standard output when running tests
testLogging.showStandardStreams = true
// This causes tests to run even when nothing has changed
outputs.upToDateWhen { false }
maxParallelForks = 1
}
task runClass(dependsOn: 'classes', type: JavaExec) {
if (project.hasProperty('classToRun')) {
if (project.hasProperty('arguments')) {
args(arguments.split(','))
}
classpath = sourceSets.main.runtimeClasspath
main=classToRun
}
}
//run this task to create source jars
task jarSources(type:Jar){
destinationDir = new File(projectDir.parent + "/sourcelibs")
from sourceSets.main.allSource
classifier 'sources'
}
}

You added plugin dependency in a wrong place, to the dependencies of your project, not a build script itself, which will use it. Try to add buildscript dependencies, as it's made in the example of plugin installation
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.thoughtworks.tools:dependency-check:0.0.7'
}
}
And then return your apply plugin
apply plugin: 'dependency.check'

Though this is very old post, accepted answer is using legacy plugin application, whereas below could be used while using the plugins DSL: https://plugins.gradle.org/plugin/org.owasp.dependencycheck
plugins {
id "org.owasp.dependencycheck" version "7.3.0"
}

With recent version of gradle it is below steps
add id 'com.diffplug.spotless' version '6.3.0' in plugins section like
plugins {
id 'com.diffplug.spotless' version '6.3.0'
}
And define your task to generate required format reports. Here for e.g. xml and json will be generated along with the html report
dependencyCheck{
formats=['xml','json']
check.dependsOn(dependencyCheckAnalyze)
}
And this can be integrated with Sonar by adding below properties to sonare.properties file (Provide dependency plugin is installed already on the sonar)
sonar.dependencyCheck.xmlReportPath=build/reports/dependency-check-report.xml
sonar.dependencyCheck.jsonReportPath=build/reports/dependency-check-report.json
sonar.dependencyCheck.htmlReportPath=build/reports/dependency-check-report.html

Related

Convert .md file into .pdf using Gradle

I´ve been searching for a way to automatically convert my readme.md file into a .pdf using a gradle task. I know that I can do this by using my prompt console, and it works fine, but I want to know if there is a way of doing the same by creating a gradle task. I´ve found some gitHub projects, and I´ve try some of them, but I always get errors in applying the needed plugins. There is a simple way of doing this, I know that gradle has a huge amount of task types, but I can´t find one for this. Can someone help me?
I´ve trying to use the plugin from https://github.com/fntsoftware/gradle-plugin-markdown2pdf, but when I run the implemented gradle task, I get the error:
Could not get unknown property 'MarkdownToPdfTask' for root project 'cms' of type org.gradle.api.Project
My build gradle from root path:
plugins {
id 'java'
id 'war'
id 'jacoco'
id 'eclipse'
id "fr.putnami.gwt" version "0.4.0"
id "info.solidsoft.pitest" version "1.3.0"
id "de.fntsoftware.gradle.markdown-to-pdf" version "1.1.0"
}
repositories {
mavenCentral()
maven {
url 'https://plugins.gradle.org/m2/'
}
}
dependencies {
testCompile 'junit:junit:4.12'
testCompile 'org.easymock:easymock:2.5.2'
testCompile 'com.google.gwt:gwt-dev:2.8.1'
compile 'net.sourceforge.plantuml:plantuml:8001'
}
task exampleTask1(type: MarkdownToPdfTask){
inputFile = '/PATH/TO/README.md'
outputFile = '/PATH/TO/README.pdf'
}
My build gradle from buildSrc path:
plugins {
id "de.fntsoftware.gradle.markdown-to-pdf" version "1.1.0"
}
repositories {
mavenCentral()
maven {
url 'https://plugins.gradle.org/m2/'
}
}
dependencies {
// compile gradleApi()
compile 'org.codehaus.groovy:groovy:2.4.2'
compile 'commons-io:commons-io:2.4'
compile 'net.sourceforge.plantuml:plantuml:8051'
}
Thank you.
MarkdownToPdfTask is a class, and because it is not in the Gradle namespace (it's from a 3rd party plugin) it needs to be qualified. I can see that the documentation doesn't mention this, but try putting the following at the top of the script:
import de.fntsoftware.gradle.MarkdownToPdfTask
Otherwise, Gradle thinks it is a property.

Gradle shadow plugin packages also all "provided" dependencies which should not be the case

I want to have one fat jar but without the provided dependencies. So I use the following two plugins:
https://github.com/johnrengelman/shadow
https://github.com/nebula-plugins/gradle-extra-configurations-plugin
and have a build.gradle file like this:
apply plugin: 'nebula.provided-base'
apply plugin: 'com.github.johnrengelman.shadow'
archivesBaseName = 'range-cache-drivers'
group = 'com.engine'
version = '0.302-SNAPSHOT'
buildDir = 'target'
sourceCompatibility = 1.8
targetCompatibility = 1.8
dependencies {
provided project(':rangeCache')
// CSV, TSV, Fixe width
compile deps.univocityParsers
// MongoDB
compile deps.mongo
// Cassandra
compile deps.cassandradx
compile deps.cassandraSnappy
compile deps.cassandraLZ4
}
But when I run gradle shadowJar I still have all the rangeCache classes in my fat jar. How can I exclude the provided dependencies from my fat jar?
EDIT 1:
This seems also not to work, the transient dependencies still getting copied into the fat jar.
shadowJar {
dependencies {
exclude(project(':rangeCache'))
}
}
EDIT 2: Based on Stanislav's answer I did the following to get things working properly:
configurations {
shadow
compile.extendsFrom provided
provided.extendsFrom shadow
}
dependencies {
provided project(':rangeCache')
// CSV, TSV, Fixe width
shadow deps.univocityParsers
// MongoDB
shadow deps.mongo
// Cassandra
shadow deps.cassandradx
shadow deps.cassandraSnappy
shadow deps.cassandraLZ4
testCompile deps.junit
}
import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar
task fatJar(type: ShadowJar) {
configurations = [project.configurations.shadow]
from(project.sourceSets.main.output)
}
Take a look at this article about excluding shadow jar dependencies.
Shortly, according to this article, just excluding some dependency via shadowJar's dependencies is not enough for excluding its transitive dependencies, just as you mentioned already. The solution how to do it is to modify runtime configuration, to exclude from it some dependency, like:
configurations {
runtime.exclude %what you need to exclude%
}
I Hope, it could be helpful.

Invalid classpath publish/ export dependency /ouat-contract. Project entries not supported

I am trying create an Gradle multi project similar to this structure
ouat-services
- ouat-contract
- ouat-servicesImpl (web project)
I followed the eclipse example and define my ouat-services settings.gradle as
include "ouat-contract", "ouat-servicesImpl"
In my ouat-servicesImpl build-gradle I define
dependencies {
compile project(':ouat-contract')
}
My problem starts when I try apply war plug-in in ouat-servicesImpl, I receive the following message in eclipse problem view:
Invalid classpath publish/ export dependency /ouat-contract. Project entries not supported
My ouat-services build.gradle
configure(subprojects) {
apply plugin: 'com.github.ben-manes.versions'
apply plugin: 'eclipse'
apply plugin: 'java'
version = '1.0'
sourceCompatibility = 1.8
targetCompatibility = 1.8
def defaultEncoding = 'UTF-8'
[compileJava, compileTestJava]*.options*.encoding = defaultEncoding
repositories {
jcenter()
mavenLocal()
mavenCentral()
}
jar {
manifest.attributes provider: 'Company'
}
}
configure(project(':ouat-servicesImpl')) {
apply plugin: 'checkstyle'
apply plugin: 'eclipse-wtp'
apply plugin: 'findbugs'
apply plugin: 'jacoco'
//apply plugin: 'jetty'
apply plugin: 'pmd'
apply plugin: 'war'
}
buildscript {
repositories {
jcenter()
mavenCentral()
mavenLocal()
}
dependencies {
classpath 'com.github.ben-manes:gradle-versions-plugin:0.10.1'
}
}
My ouat-servicesImpl build gradle was changed to:
dependencies {
compile project(':ouat-contract')
cxfArtifacts.each { artifact ->
compile "org.apache.cxf:$artifact:$cxfVersion"
}
springArtifacts.each { artifact ->
compile "org.springframework:$artifact:$springVersion"
}
testCompile "org.testng:testng:$testNGVersion"
testCompile "org.hamcrest:hamcrest-all:$hamcrestVersion"
testCompile "org.springframework:spring-test:$springVersion"
//WAR PLUGIN
providedCompile "javax.servlet:javax.servlet-api:$servletAPIVersion"
runtime "javax.servlet:jstl:$jstlVersion"
}
Is this an eclipse plug-in problem or I am doing something wrong?
Here's the magic steps I've discovered to make it work without messing with Project settings manually.
Run command: gradle cleanEclipse eclipse
as a result of this command Eclipse forgets that the project was supposed to have a gradle nature.
Add gradle nature back to the project by doing Configure -> Convert to Gradle Project.
as a result of this command the error reappears.
if incompatible plugin java version error appears then just delete .settings directory and refresh.
Run command: gradle cleanEclipseClasspath eclipseClasspath
this final step should get it fixed until the next time.
In my case, this was due to mixing "faceted" and non-faceted projects. The projects with the error had been converted to faceted form, and the project they referenced which it was complaining about had not been. You can configure the project to be faceted via use of the eclipse-wtp plugin, by adding this to your ouat-contract gradle file:
eclipse{
wtp{
facet{}
}
}
This will add facets for Java and a utility module when using the java and war plugins (see the EclipseWTPFacet documentation for more information on the defaults and manually adding facets if you aren't using the war plug-in). The utility module part is the key to avoid the error.
Note that within this block you can also access the facet file directly to perform manual XML manipulation if you need to do other things, like specify a particular Apache Tomcat Runtime or or similar
Once you make this change, you can use Eclipse to do Gradle -> Refresh All on ouat-contract within your workspace - once I did this, the error went away
I've also run into this problem long time ago. It really seems to be the problem related to the Eclipse plugin included in "Gradle IDE Pack" (as it works from the command line without problems).
My setup is probably way more complex than Yours (I'm including modules from one top-level gradle project into another top-level gradle project), but to overcome this specific error
Invalid classpath publish/ export dependency /my-project. Project entries not supported
... i excluded project dependency if some specific gradle property was missing:
if(project.hasProperty("myProjectRefAddedFromIDE")) {
println "NB! Build script started with property 'myProjectRefAddedFromIDE' - expecting that this project in IDE is configured to add the direct reference to my-project"
} else {
compile project(':my-project')
}
And to add the property "myProjectRefAddedFromIDE" only from IDE, i have configured eclipse plugin as follows:
Window -> Preferences -> Gradle -> Arguments -> Program arguments -> Use: ´-PmyProjectRefAddedFromIDE´
Just a warning: this will probably work for you, but there might be some other problem with Your setup, as for simple multi-module project (that doesn't include modules form another multi-module project) I don't have to use this workaround.
This works for me to remove the duplicate jar files from JRE System Library.
Steps Right click on Project and go to Build Path->configure build path->Libraries.
Remove the jars that are not in the classpath or duplicated in Maven dependency.

How to refer or link the Java src with test structure in Gradle

I'm new to gradle currently I'm facing a problem while compiling test classes I'm referring the Java Classes in Test Classes to test program but I couldn't compile. Problem I wouldn't understand to how to link or refer Java src structure with test structure. Could somebody help me how to resolve the issues.
Below I provided the screenshot of Src and Test package structure and compilation problem.
Java Src and Test structure
Compilation Error
build.properties
apply plugin: 'java'
sourceCompatibility = '1.7'
[compileJava, compileTestJava]*.options*.encoding = 'UTF-8'
// NetBeans will automatically add "run" and "debug" tasks relying on the
// "mainClass" property. You may however define the property prior executing
// tasks by passing a "-PmainClass=<QUALIFIED_CLASS_NAME>" argument.
//
// Note however, that you may define your own "run" and "debug" task if you
// prefer. In this case NetBeans will not add these tasks but you may rely on
// your own implementation.
if (!hasProperty('mainClass')) {
ext.mainClass = ''
}
jar {
manifest {
attributes 'Main-Class': 'com.gradle.shopcart.ShopCartApp'
}
}
repositories {
mavenCentral()
// You may define additional repositories, or even remove "mavenCentral()".
// Read more about repositories here:
// http://www.gradle.org/docs/current/userguide/dependency_management.html#sec:repositories
}
dependencies {
// TODO: Add dependencies here ...
// You can read more about how to add dependency here:
// http://www.gradle.org/docs/current/userguide/dependency_management.html#sec:how_to_declare_your_dependencies
testCompile group: 'junit', name: 'junit', version: '4.12'
}
EDIT::
I'm using netbeans, with help of gradle plugin i created this project structure below you can find the screenshot. If I miss anything please correct me.
Please let me know in case of more information.

How to configure a plugin to depend on a specific version of gradle?

I am writing a set of Gradle plugins, but I want to control the specific versions of groovy and gradle that are used.
I don't want the plugins to depend on whatever versions of Gradle/Groovy are installed, like the following would do:
dependencies {
compile localGroovy()
compile gradleApi()
}
Another reason I don't want to use the local method - when you use a proper dependency specification, Gradle then knows about the source code for those libs and the IDE plugins can hookup the source automatically.
Below are the relevant sections of my build script:
allprojects { Project iProject ->
apply plugin: 'idea'
apply plugin: 'maven'
repositories {
jcenter()
}
}
subprojects { Project iProject ->
apply plugin: 'groovy'
dependencies {
compile 'org.codehaus.groovy:groovy-all:2.3.2'
}
}
project(':eclipsei2g') {
group = 'eclipsei2g'
version = '0.0.1-SNAPSHOT'
dependencies {
compile 'org.gradle:gradle-core:2.0'
}
}
project(':g2idea13') {
group = 'g2idea13'
version = '0.0.1-SNAPSHOT'
dependencies {
compile 'org.gradle:gradle-core:2.0'
compile 'org.gradle-plugins:gradle-ide:2.0'
}
}
When I run this I get an error resolving the gradle-ide dependency:
Could not resolve all dependencies for configuration ':g2idea13:compile'.
> Could not find org.gradle:gradle-ide:2.0.
Searched in the following locations:
http://jcenter.bintray.com/org/gradle/gradle-ide/2.0/gradle-ide-2.0.pom
http://jcenter.bintray.com/org/gradle/gradle-ide/2.0/gradle-ide-2.0.jar
Required by:
g2idea13:g2idea13:0.0.1-SNAPSHOT
There doesn't seem to be anything on the jcenter repository since 0.9 for the plugins stuff.
I also tried 'org.gradle:gradle-ide:2.0'.
Is this even how I should be doing this? Is there another way to specify a specific gradle version? Am I just using the wrong repository? I couldn't even get gradle-core to resolve on mavenCentral(). Is there an official Gradle repository somewhere that I should be using?
gradleApi() is the way to go. There isn't currently a public list of dependencies for Gradle plugins.

Resources