0

我有一个想要用spotbugs测试的 Android (Kotlin) 项目。

此测试将使用gitlab/sastdocker映像在容器内进行。它将检测一个 gradle 项目,然后对该项目执行 spotbugs 测试。

当我运行此图像时

docker run \
  --interactive --tty --rm \
  --volume ${MY_PROJECT}:/code \
  --volume /var/run/docker.sock:/var/run/docker.sock \
  registry.gitlab.com/gitlab-org/security-products/sast:12-4-stable /app/bin/run /code

sast工具总共检测到两个项目,Gradlew并且Gradle项目如日志中所示。

Found Gradlew project in /tmp/app directory
Found Gradle project in /tmp/app/app directory
Found 2 analyzable projects.

Gradlew成功构建,但Gradle项目无法构建。

Gradlew插入

Building Gradlew project at /tmp/app.
Downloading https://services.gradle.org/distributions/gradle-5.6.1-all.zip
Unzipping /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx/gradle-5.6.1-all.zip to /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx
Set executable permissions for: /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx/gradle-5.6.1/bin/gradle

Welcome to Gradle 5.6.1!

Here are the highlights of this release:
 - Incremental Groovy compilation
 - Groovy compile avoidance
 - Test fixtures for Java projects
 - Manage plugin versions via settings script

For more details see https://docs.gradle.org/5.6.1/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)
> Task :app:assemble UP-TO-DATE
> Task :app:lint SKIPPED
> Task :app:compileJava NO-SOURCE
> Task :app:processResources NO-SOURCE
> Task :app:classes UP-TO-DATE

> Task :app:spotbugsMain
Warning at xsl:variable on line 348 column 57 of default.xsl:
  SXWN9001: A variable with no following sibling instructions has no effect
Warning at xsl:variable on line 351 column 57 of default.xsl:
  SXWN9001: A variable with no following sibling instructions has no effect

> Task :app:check
> Task :app:build

BUILD SUCCESSFUL in 1m 49s
1 actionable task: 1 executed
Project built.

Gradle插入

Building Gradle project at /tmp/app/app.

Welcome to Gradle 5.1!

Here are the highlights of this release:
 - Control which dependencies can be retrieved from which repositories
 - Production-ready configuration avoidance APIs

For more details see https://docs.gradle.org/5.1/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)

FAILURE: Build failed with an exception.

* Where:
Build file '/tmp/app/app/build.gradle' line: 6

* What went wrong:
An exception occurred applying plugin request [id: 'com.github.triplet.play', version: '2.5.0']
> Failed to apply plugin [id 'com.github.triplet.play']
   > Gradle Play Publisher's minimum Gradle version is at least Gradle 5.6.1 and yours is Gradle 5.1. Find the latest version at https://github.com/gradle/gradle/releases, then run './gradlew wrapper --gradle-version=$LATEST --distribution-type=ALL'.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 38s
Error: Project couldn't be built: exit status 1

2019/11/18 21:49:23 exit status 1
2019/11/18 21:49:23 Container exited with non zero status code

只是为了提供该com.github.triplet.play工具的一些背景知识,它是一个gradle用于将apk's 发布到 Play 商店的插件。

我没想到Gradle项目会使用 version5.1因为Gradlew项目使用了 version5.6.1并且在gradle/wrapper/gradle-wrapper.properties(项目级别)我已经指定了 version 5.6.1

distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.1-all.zip

build.gradle(项目级)

buildscript {
    ext.kotlinVersion = '1.3.50'

    ext.espressoVersion = "3.2.0"

    ext.ktlintVersion = "9.1.0"

    repositories {
        google()

        jcenter()
    }

    dependencies {
        classpath 'com.android.tools.build:gradle:3.5.2'

        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlinVersion"
    }
}

allprojects {
    apply from: "$rootDir/ktlint.gradle"

    repositories {
        google()

        jcenter()
    }
}

build.gradle(应用级)

plugins {
    id 'com.github.triplet.play' version '2.5.0'
    id "com.github.spotbugs" version "2.0.1"
    id "com.github.hierynomus.license-report" version"0.15.0"
}

apply plugin: 'com.android.application'

apply plugin: 'kotlin-android'

apply plugin: 'kotlin-android-extensions'

apply plugin: "com.github.spotbugs"

android {
    compileSdkVersion 29
    defaultConfig {
        applicationId "<REDACTED>"
        minSdkVersion 21
        targetSdkVersion 29
        versionCode Integer.valueOf(System.env.VERSION_CODE ?: 1)
        versionName "${System.getenv('APPLICATION_VERSION')}-${System.getenv('APPLICATION_BUILD_STAGE')}-${System.env.VERSION_SHA}"
        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
    }
    signingConfigs {
        release {
            storeFile file("${System.getenv('KEYSTORE_FILE_PATH')}")
            storePassword "${System.getenv('SIGNING_KEY_PASSWORD')}"
            keyAlias "${System.getenv('SIGNING_KEY_ALIAS')}"
            keyPassword "${System.getenv('SIGNING_KEY_PASSWORD')}"
        }
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            signingConfig signingConfigs.release
        }

        debug {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
    lintOptions {
        abortOnError false
        tasks.lint.enabled = false
    }
}

dependencies {
    implementation fileTree(dir: 'libs', include: ['*.jar'])
    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlinVersion"
    implementation 'androidx.appcompat:appcompat:1.1.0'
    implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
    implementation "androidx.test.espresso:espresso-idling-resource:$espressoVersion"

    testImplementation 'junit:junit:4.12'

    androidTestImplementation 'androidx.test.ext:junit:1.1.1'
    androidTestImplementation 'androidx.test:rules:1.2.0'
    androidTestImplementation "androidx.test.espresso:espresso-core:$espressoVersion"

    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.7.1'
}

play {
    serviceAccountCredentials = file("${System.getenv('PLAY_STORE_JSON_CONFIG_PATH')}")
    releaseStatus = "${System.getenv('PLAY_RELEASE_STATUS')}"
}

spotbugs {
    toolVersion = '4.0.0-beta4'
    excludeFilter = file("$rootProject.projectDir/spotbugs/excludeFilter.xml")
    reportsDir = file("$project.buildDir/spotbugsReports")
}

tasks.withType(com.github.spotbugs.SpotBugsTask) {
    classes = files("$project.buildDir/intermediates/javac")
    source = fileTree("app/src/main/java")

    reports {
        html.enabled = true
        xml.enabled = false
    }
}

sourceSets {
    // we define `main` sourceSet here, so SpotBugs Gradle Plugin generates `spotbugsMain` task
    main {
        java.srcDirs = []
    }
}

downloadLicenses {
    dependencyConfiguration "compile"
}

Gradle 中是否有配置tmp/app/app(Gradle 项目)以使用版本5.6.1而不是版本5.1

4

1 回答 1

1

<PROJECT_ROOT>\app\build.gradle特定于应用程序模块。

<PROJECT_ROOT>\build.gradle是一个“顶级构建文件”,您可以在其中添加所有子项目/模块共有的配置选项。

如果您在项目中使用另一个模块,作为本地库,您将拥有另一个 build.gradle 文件:<PROJECT_ROOT>\module\build.gradle

例如,在您的顶级文件中,您可以指定以下常用属性

buildscript {
    repositories {
        mavenCentral()
    }

    dependencies {
        classpath 'com.android.tools.build:gradle:1.3.0'
    }
}

ext {
    compileSdkVersion = 23
    buildToolsVersion = "23.0.1"
}

在你的app\build.gradle

apply plugin: 'com.android.application'

repositories {
    mavenCentral()
}

android {
    compileSdkVersion rootProject.ext.compileSdkVersion
    buildToolsVersion rootProject.ext.buildToolsVersion
}
于 2019-11-19T12:47:12.167 回答