Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LocationAwareException when using GradleInspector with Gradle version < 6.8 #9282

Closed
janek64 opened this issue Oct 15, 2024 · 4 comments · Fixed by #9284
Closed

LocationAwareException when using GradleInspector with Gradle version < 6.8 #9282

janek64 opened this issue Oct 15, 2024 · 4 comments · Fixed by #9284
Assignees
Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs

Comments

@janek64
Copy link

janek64 commented Oct 15, 2024

Describe the bug

I am currently experimenting with the analysis of Gradle projects that use different Gradle versions based on the new capability of setting the Java home mentioned in #8249. Currently, I want to analyse projects that use Gradle 6.x - therefore, I am setting the Java home to a JRE 11. With Gradle 6.8, the analysis works as expected. With a lower Gradle version, such as 6.7, the analysis fails with the following exception:

ERROR org.ossreviewtoolkit.analyzer.PackageManager - GradleInspector failed to resolve dependencies for path 'build.gradle': BuildException: Could not fetch model of type 'OrtDependencyTreeModel' using connection to Gradle distribution 'https://services.gradle.org/distributions/gradle-6.7-bin.zip'.
Caused by: LocationAwareException: Failed to notify build listener.
    Caused by: ContextualPlaceholderException: Failed to notify build listener.
        Caused by: NoSuchMethodError: 'org.gradle.internal.management.DependencyResolutionManagementInternal org.gradle.api.internal.SettingsInternal.getDependencyResolutionManagement()'

I quickly inspected he mentioned internal Gradle method that is not found. It seems to be present in Gradle 6.8 (https://github.com/gradle/gradle/blob/v6.8.0/subprojects/core/src/main/java/org/gradle/api/internal/SettingsInternal.java), but not in Gradle 6.7.1 (https://github.com/gradle/gradle/blob/v6.7.1/subprojects/core/src/main/java/org/gradle/api/internal/SettingsInternal.java).

It would be great to be able to analyze projects with these older Gradle versions, as they might still be used for older projects whose dependencies are still maintained,

To Reproduce

Steps to reproduce the behavior:

  1. Download the following sample project: gradle6_7.zip
  2. Replace the Java home variable in the .ort.yml configuration file.
  3. Execute the ORT analysis for the project: ort analyze -i /gradle6_7 -o /gradle6_7
  4. The analysis fails with the described error.
  5. To verify the correct analysis with Gradle 6.8, you can use the following sample project: gradle6_8.zip

Expected behavior

The dependencies of the Gradle project are correctly analysed and listed in the result.

Console / log output

./cli/build/install/ort/bin/ort analyze -i C:\Users\janek.berg\gradle6_7 -o C:\Users\janek.berg\gradle6_7
Picked up JAVA_TOOL_OPTIONS: -Duser.language=en
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
 ______________________________
/        \_______   \__    ___/ The OSS Review Toolkit, version 35.0.1-008.sha.bb336f0,
|    |   | |       _/ |    |    built with JDK 21.0.4+7-LTS, running under Java 21.0.4.
|    |   | |    |   \ |    |    Executing 'analyze' as 'janek.berg' on Windows 11
\________/ |____|___/ |____|    with 8 CPUs and a maximum of 4032 MiB of memory.

Environment variables:
ORT_CONFIG_DIR = C:\Users\janek.berg\.ort\config
ORT_DATA_DIR = C:\Users\janek.berg\.ort
USERPROFILE = C:\Users\janek.berg
OS = Windows_NT
COMSPEC = C:\WINDOWS\system32\cmd.exe

Looking for ORT configuration in the following file:
        C:\Users\janek.berg\.ort\config\config.yml (does not exist)

Looking for analyzer-specific configuration in the following files and directories:
        C:\Users\janek.berg\gradle6_7\.ort.yml
        C:\Users\janek.berg\.ort\config\resolutions.yml (does not exist)
The following 1 package manager(s) are enabled:
        GradleInspector
The following 2 package curation provider(s) are enabled:
        DefaultDir, DefaultFile
Analyzing project path:
        C:\Users\janek.berg\gradle6_7
Found 1 GradleInspector definition file(s) at:
        build.gradle
Found in total 1 definition file(s) from the following 1 package manager(s):
        GradleInspector
14:43:01.560 [DefaultDispatcher-worker-1] ERROR org.ossreviewtoolkit.analyzer.PackageManager - GradleInspector failed to resolve dependencies for path 'build.gradle': BuildException: Could not fetch model of type 'OrtDependencyTreeModel' using connection to Gradle distribution 'https://services.gradle.org/distributions/gradle-6.7-bin.zip'.
Caused by: LocationAwareException: Failed to notify build listener.
    Caused by: ContextualPlaceholderException: Failed to notify build listener.
        Caused by: NoSuchMethodError: 'org.gradle.internal.management.DependencyResolutionManagementInternal org.gradle.api.internal.SettingsInternal.getDependencyResolutionManagement()'
Wrote analyzer result to 'C:\Users\janek.berg\gradle6_7\analyzer-result.yml' (0,00 MiB) in 752.470800ms.
The analysis took 11.393760600s.
Found 1 project(s) and 0 package(s) in total (not counting excluded ones).
Applied 0 curation(s) from 0 of 2 provider(s).
Resolved issues: 0 errors, 0 warnings, 0 hints.
Unresolved issues: 1 error, 0 warnings, 0 hints.
There is 1 unresolved issue with a severity equal to or greater than the WARNING threshold.

Environment

Output of the ort requirements -l commands command:

./cli/build/install/ort/bin/ort requirements -l commands
Picked up JAVA_TOOL_OPTIONS: -Duser.language=en
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
 ______________________________
/        \_______   \__    ___/ The OSS Review Toolkit, version 35.0.1-008.sha.bb336f0,
|    |   | |       _/ |    |    built with JDK 21.0.4+7-LTS, running under Java 21.0.4.
|    |   | |    |   \ |    |    Executing 'requirements' as 'janek.berg' on Windows 11
\________/ |____|___/ |____|    with 8 CPUs and a maximum of 4032 MiB of memory.

Environment variables:
ORT_CONFIG_DIR = C:\Users\janek.berg\.ort\config
ORT_DATA_DIR = C:\Users\janek.berg\.ort
USERPROFILE = C:\Users\janek.berg
OS = Windows_NT
COMSPEC = C:\WINDOWS\system32\cmd.exe

Looking for ORT configuration in the following file:
        C:\Users\janek.berg\.ort\config\config.yml (does not exist)

Scanners:
        - Askalono: Requires 'askalono.exe' in no specific version. Tool not found.
        - BoyterLc: Requires 'lc.exe' in no specific version. Tool not found.
        - Licensee: Requires 'licensee.bat' in no specific version. Tool not found.
        - ScanCode: Requires 'scancode.bat' in version >=3.0.0. Tool not found.

PackageManagers:
        - Bazel: Requires 'bazel' in version >=7.0.0. Tool not found.
        - Bower: Requires 'bower.cmd' in version >=1.8.8. Tool not found.
        - Cargo: Requires 'cargo' in no specific version. Tool not found.
        - CocoaPods: Requires 'pod.bat' in version >=1.11.0. Tool not found.
        - Composer: Requires 'composer.bat' in version >=1.5.0. Tool not found.
        - Conan: Requires 'conan' in version >=1.44.0 and <2.0.0. Tool not found.
        * GoMod: Requires 'go' in version >=1.21.1. Found version 1.23.2.
        * Npm: Requires 'npm.cmd' in version >=6.0.0 and <11.0.0. Found version 10.5.0.
        - NuGetInspector: Requires 'nuget-inspector' in no specific version. Tool not found.
        - Pipenv: Requires 'pipenv' in version >=2018.10.9. Tool not found.
        - Pnpm: Requires 'pnpm.cmd' in version >=5.0.0 and <10.0.0. Tool not found.
        - Poetry: Requires 'poetry' in no specific version. Tool not found.
        - Pub: Requires 'dart.bat' in version >=2.10.0. Tool not found.
        - PythonInspector: Requires 'python-inspector' in version >=0.9.2. Tool not found.
        - Sbt: Requires 'sbt.bat' in no specific version. Tool not found.
        - Stack: Requires 'stack' in version >=2.1.1. Tool not found.
        - SwiftPm: Requires 'swift.exe' in no specific version. Tool not found.
        - Yarn: Requires 'yarn.cmd' in version >=1.3.0 and <1.23.0. Tool not found.

VersionControlSystems:
        * Git: Requires 'git' in version >=2.29.0. Found version 2.47.0.windows.1.
        - GitRepo: Requires 'repo' in no specific version. Tool not found.
        - Mercurial: Requires 'hg' in no specific version. Tool not found.

Prefix legend:
        - The tool was not found in the PATH environment.
        + The tool was found in the PATH environment, but not in the required version.
        * The tool was found in the PATH environment in the required version.

ScanCode license texts not found.

Not all tools requirements were satisfied:
        ! Some tools were not found at **all.**

ort.yml: (in project)

ort:
  analyzer:
    enabledPackageManagers: [GradleInspector]
    packageManagers:
      GradleInspector:
        options:
          javaHome: "/my/jre11/home"

Additional context

-

@janek64 janek64 added bug Issues that are considered to be bugs to triage Issues that need triaging labels Oct 15, 2024
@sschuberth sschuberth self-assigned this Oct 15, 2024
@sschuberth sschuberth added analyzer About the analyzer tool and removed to triage Issues that need triaging labels Oct 15, 2024
sschuberth added a commit that referenced this issue Oct 15, 2024
Do not use that feature before it was added in Gradle 6.8, see [1]. This
is a fixup for 8deb4b3.

Fixes #9282.

[1]: https://docs.gradle.org/6.8/release-notes.html#central-declaration-of-repositories

Signed-off-by: Sebastian Schuberth <[email protected]>
@sschuberth
Copy link
Member

sschuberth commented Oct 15, 2024

At first I was a bit reluctant to add support in the GradleInspector (you could still use the legacy Gradle analyzer) for such old Gradle versions, but turns out this should be easy enough to fix. Please give it a try and report back, @janek64.

@janek64
Copy link
Author

janek64 commented Oct 15, 2024

Thank you for the fast feedback!
I tried analysing the provided sample repository with the latest commit of the main branch (35.0.1-010.sha.47f73b4), but unfortunately, a new error occurs for it:

ERROR org.ossreviewtoolkit.analyzer.PackageManager - GradleInspector failed to resolve dependencies for path 'build.gradle': BuildException: Could not fetch model of type 'OrtDependencyTreeModel' using connection to Gradle distribution 'https://services.gradle.org/distributions/gradle-6.7-bin.zip'.
Caused by: LocationAwareException: Failed to notify build listener.
    Caused by: ContextualPlaceholderException: Failed to notify build listener.
        Caused by: NoSuchMethodError: 'java.util.List kotlin.collections.CollectionsKt.createListBuilder()'

Should I create a new ticket for this issue or would it be better to attempt using the Gradle analyzer?

As a general question: I was assuming that it would be considered "legacy" with the introduction of the GradleInspector because it is not enabled by default anymore. This is the reason why I was attempting to migrate to the inspector. Could you point me to some issue/discussion/documentation on the topic or briefly outline when which of the analyzers should be used?

@sschuberth
Copy link
Member

Should I create a new ticket for this issue or would it be better to attempt using the Gradle analyzer?

I've created an issue about what I believe to be the problem, as I anyway was aware of it potentially becoming a problem.

Could you point me to some issue/discussion/documentation on the topic or briefly outline when which of the analyzers should be used?

We usually discuss such things with the community in our weekly meetings. Other than that, the PR discussion and Git commit history is a good reference.

briefly outline when which of the analyzers should be used?

In general, prefer the GradleInspector by now, and only fall back to the Gradle analyzer if the former does not work for you. If both do not work, probably only the GradleInspector will get fixes going forward.

@janek64
Copy link
Author

janek64 commented Oct 16, 2024

Thank you for the feedback and the hint at the additional resources/information. I will follow the strategy of preferring the GradleInspector and falling back to Gradle on errors!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants