我有一个想要用spotbugs测试的 Android (Kotlin) 项目。
此测试将使用gitlab/sastdocker
映像在容器内进行。它将检测一个 gradle 项目,然后对该项目执行 spotbugs 测试。
当我运行此图像时
docker run \
--interactive --tty --rm \
--volume ${MY_PROJECT}:/code \
--volume /var/run/docker.sock:/var/run/docker.sock \
registry.gitlab.com/gitlab-org/security-products/sast:12-4-stable /app/bin/run /code
该sast
工具总共检测到两个项目,Gradlew
并且Gradle
项目如日志中所示。
Found Gradlew project in /tmp/app directory
Found Gradle project in /tmp/app/app directory
Found 2 analyzable projects.
已Gradlew
成功构建,但Gradle
项目无法构建。
Gradlew
插入
Building Gradlew project at /tmp/app.
Downloading https://services.gradle.org/distributions/gradle-5.6.1-all.zip
Unzipping /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx/gradle-5.6.1-all.zip to /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx
Set executable permissions for: /root/.gradle/wrapper/dists/gradle-5.6.1-all/805usxkvhgx6e1wbo8o64g0tx/gradle-5.6.1/bin/gradle
Welcome to Gradle 5.6.1!
Here are the highlights of this release:
- Incremental Groovy compilation
- Groovy compile avoidance
- Test fixtures for Java projects
- Manage plugin versions via settings script
For more details see https://docs.gradle.org/5.6.1/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
> Task :app:assemble UP-TO-DATE
> Task :app:lint SKIPPED
> Task :app:compileJava NO-SOURCE
> Task :app:processResources NO-SOURCE
> Task :app:classes UP-TO-DATE
> Task :app:spotbugsMain
Warning at xsl:variable on line 348 column 57 of default.xsl:
SXWN9001: A variable with no following sibling instructions has no effect
Warning at xsl:variable on line 351 column 57 of default.xsl:
SXWN9001: A variable with no following sibling instructions has no effect
> Task :app:check
> Task :app:build
BUILD SUCCESSFUL in 1m 49s
1 actionable task: 1 executed
Project built.
Gradle
插入
Building Gradle project at /tmp/app/app.
Welcome to Gradle 5.1!
Here are the highlights of this release:
- Control which dependencies can be retrieved from which repositories
- Production-ready configuration avoidance APIs
For more details see https://docs.gradle.org/5.1/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
FAILURE: Build failed with an exception.
* Where:
Build file '/tmp/app/app/build.gradle' line: 6
* What went wrong:
An exception occurred applying plugin request [id: 'com.github.triplet.play', version: '2.5.0']
> Failed to apply plugin [id 'com.github.triplet.play']
> Gradle Play Publisher's minimum Gradle version is at least Gradle 5.6.1 and yours is Gradle 5.1. Find the latest version at https://github.com/gradle/gradle/releases, then run './gradlew wrapper --gradle-version=$LATEST --distribution-type=ALL'.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 38s
Error: Project couldn't be built: exit status 1
2019/11/18 21:49:23 exit status 1
2019/11/18 21:49:23 Container exited with non zero status code
只是为了提供该com.github.triplet.play
工具的一些背景知识,它是一个gradle
用于将apk
's 发布到 Play 商店的插件。
我没想到Gradle
项目会使用 version5.1
因为Gradlew
项目使用了 version5.6.1
并且在gradle/wrapper/gradle-wrapper.properties
(项目级别)我已经指定了 version 5.6.1
。
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.1-all.zip
build.gradle
(项目级)
buildscript {
ext.kotlinVersion = '1.3.50'
ext.espressoVersion = "3.2.0"
ext.ktlintVersion = "9.1.0"
repositories {
google()
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:3.5.2'
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlinVersion"
}
}
allprojects {
apply from: "$rootDir/ktlint.gradle"
repositories {
google()
jcenter()
}
}
build.gradle
(应用级)
plugins {
id 'com.github.triplet.play' version '2.5.0'
id "com.github.spotbugs" version "2.0.1"
id "com.github.hierynomus.license-report" version"0.15.0"
}
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: "com.github.spotbugs"
android {
compileSdkVersion 29
defaultConfig {
applicationId "<REDACTED>"
minSdkVersion 21
targetSdkVersion 29
versionCode Integer.valueOf(System.env.VERSION_CODE ?: 1)
versionName "${System.getenv('APPLICATION_VERSION')}-${System.getenv('APPLICATION_BUILD_STAGE')}-${System.env.VERSION_SHA}"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
signingConfigs {
release {
storeFile file("${System.getenv('KEYSTORE_FILE_PATH')}")
storePassword "${System.getenv('SIGNING_KEY_PASSWORD')}"
keyAlias "${System.getenv('SIGNING_KEY_ALIAS')}"
keyPassword "${System.getenv('SIGNING_KEY_PASSWORD')}"
}
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
lintOptions {
abortOnError false
tasks.lint.enabled = false
}
}
dependencies {
implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlinVersion"
implementation 'androidx.appcompat:appcompat:1.1.0'
implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
implementation "androidx.test.espresso:espresso-idling-resource:$espressoVersion"
testImplementation 'junit:junit:4.12'
androidTestImplementation 'androidx.test.ext:junit:1.1.1'
androidTestImplementation 'androidx.test:rules:1.2.0'
androidTestImplementation "androidx.test.espresso:espresso-core:$espressoVersion"
spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.7.1'
}
play {
serviceAccountCredentials = file("${System.getenv('PLAY_STORE_JSON_CONFIG_PATH')}")
releaseStatus = "${System.getenv('PLAY_RELEASE_STATUS')}"
}
spotbugs {
toolVersion = '4.0.0-beta4'
excludeFilter = file("$rootProject.projectDir/spotbugs/excludeFilter.xml")
reportsDir = file("$project.buildDir/spotbugsReports")
}
tasks.withType(com.github.spotbugs.SpotBugsTask) {
classes = files("$project.buildDir/intermediates/javac")
source = fileTree("app/src/main/java")
reports {
html.enabled = true
xml.enabled = false
}
}
sourceSets {
// we define `main` sourceSet here, so SpotBugs Gradle Plugin generates `spotbugsMain` task
main {
java.srcDirs = []
}
}
downloadLicenses {
dependencyConfiguration "compile"
}
Gradle 中是否有配置tmp/app/app
(Gradle 项目)以使用版本5.6.1
而不是版本5.1