Merge pull request #19135 from smowton/smowton/admin/test-gradle-bom-downloads

Java: add test exercising Gradle download pruning
2025-12-16 16:53:25 +01:00 · 2025-03-31 14:13:30 +01:00
parent 279e9e2d70 d8f7f182a9
commit aaaa7f4582
8 changed files with 127 additions and 0 deletions
--- a/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle
@@ -0,0 +1,18 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This is a general purpose Gradle build.
+ * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples
+ */
+
+apply plugin: 'java-library'
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+  api 'org.apache.commons:commons-math3:3.6.1'
+
+  api 'org.junit.jupiter:junit-jupiter-api:5.12.1'
+}
--- a/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected
@@ -0,0 +1,5 @@
+https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
+https://repo.maven.apache.org/maven2/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
+https://repo.maven.apache.org/maven2/org/junit/jupiter/junit-jupiter-api/5.12.1/junit-jupiter-api-5.12.1.jar
+https://repo.maven.apache.org/maven2/org/junit/platform/junit-platform-commons/1.12.1/junit-platform-commons-1.12.1.jar
+https://repo.maven.apache.org/maven2/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
--- a/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected
@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 5 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-gradle",
+    "name": "Java analysis extracted precise dependency graph information from tool Gradle"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
--- a/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle
@@ -0,0 +1,8 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * The settings file is used to specify which projects to include in your build.
+ * For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation.
+ */
+
+rootProject.name = 'buildless-gradle'
--- a/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected
@@ -0,0 +1,6 @@
+.gradle/8.3/dependencies-accessors/gc.properties
+.gradle/8.3/gc.properties
+.gradle/buildOutputCleanup/cache.properties
+.gradle/vcs-1/gc.properties
+gradle/wrapper/gradle-wrapper.properties
+src/main/java/com/fractestexample/Test.java
--- a/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java
@@ -0,0 +1,9 @@
+package com.fractestexample;
+
+import org.apache.commons.math3.fraction.Fraction;
+
+public class Test {
+
+  public Fraction test(org.junit.jupiter.api.Test t) { return Fraction.ONE; }
+
+}
--- a/java/ql/integration-tests/java/buildless-gradle-boms/test.py
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/test.py
@@ -0,0 +1,7 @@
+def test(codeql, java, gradle_8_3):
+    codeql.database.create(
+        _env={
+            "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true",
+            "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true",
+        }
+    )
--- a/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md
+++ b/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* In `build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings.