play-services-plugins Not all dependencies are included in OssLicensesMenuActivity

Describe the bug Many dependencies are missing in generated third_party_license_metadata. Among missing are:

com.squareup.retrofit2
com.squareup.okhttp3
com.android.support
com.google.maps.android

and many others.

Desktop (please complete the following information):

Gradle version: 4.10.2
Android Studio version: 3.2.1
Plugin name and version: oss-licenses-plugin:0.9.4
play-services-oss-licenses:16.0.1

Nov 19 '18 14:11 mjurkus

Could you post a sample build.gradle file with your dependencies so I can try to reproduce this issue? Thanks!

Nov 19 '18 18:11 zhiqiao

It's a multi-module project.

One thing is that we keep dependencies in separate gradle file and then apply from: 'dependencies.gradle' in application gradle file.

Nov 20 '18 07:11 mjurkus

Huh, thanks for letting us know. This may be an issue with multi-module projects. Let me ask the team to take a look.

Nov 27 '18 20:11 zhiqiao

In reproducing this issue myself, I saw that retrofit2 and okhttp3 were missing from my generated third_party_license_metadata file as well, in a regular one-module project, so I don't think it's related to multi-module projects.

Looking at the source code for the way the OSS licenses Gradle plugin works, the license information is pulled from the dependency's POM file. The POM files for the latest retrofit2 and okhttp3 versions lack licenses information. This explains why these libraries are missing from the metadata file. As far as these libraries go, the plugin is working as intended.

As for the other 2 examples you cited, the Android support library and Google Maps, those worked for me. What implementation / compile directives did you use to pull those dependencies in?

Nov 28 '18 21:11 sperzion

implementation/api depends on the specific module. com.google.maps.android is included as implementation com.android.support dependencies are included as api

Nov 29 '18 07:11 mjurkus

Can you paste what you used, so I can try to reproduce on my end?

Nov 30 '18 02:11 sperzion

These dependencies are in dependencies.gradle

    api "com.android.support:support-fragment:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:appcompat-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:recyclerview-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:cardview-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:gridlayout-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:design:${Versions.SUPPORT_LIBRARY}"

    //See https://developers.google.com/android/guides/setup for latest versions
    implementation "com.google.android.gms:play-services-auth:16.0.1"
    implementation "com.google.android.gms:play-services-base:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-basement:16.1.0"
    implementation "com.google.android.gms:play-services-identity:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-location:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-places:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-maps:${Versions.PLAY_SERVICE}"

dependencies.gradle is applied in /application/build.gradle apply from: 'dependencies.gradle'

Nov 30 '18 07:11 mjurkus

What are the values of Versions.PLAY_SERVICE and Versions.SUPPORT_LIBRARY?

Nov 30 '18 18:11 sperzion

PLAY_SERVICE = 16.0.0 SUPPORT_LIBRARY = 28.0.0

Dec 03 '18 07:12 mjurkus

Did you managed to reproduce or should I create demo project to help with that?

Dec 07 '18 13:12 mjurkus

I haven't gotten around to trying, but certainly a demo project would help.

Dec 07 '18 21:12 sperzion

Created demo project with same configuration and everything works as expected 😕

Dec 10 '18 08:12 mjurkus

To clarify, the issue still presents itself in your main project, but the same config in a demo project does not have the same symptoms?

Dec 10 '18 16:12 zhiqiao

Correct.

Dec 10 '18 19:12 mjurkus

In my environment, this problem happened. I share demo project. https://github.com/koji12000/ossLicensePluginDemo

Removing below from app/build.gradle, this problem doesn't happen. implementation project(':library')

Dec 11 '18 06:12 koji12000

Same issue. I also use Retrofit, OkHttp, Moshi and Picasso from Square as well as koin in my single module app. Retrofit, Okhttp, Moshi and Koin are missing. Picasso is fine.

final RETROFIT_VERSION = '2.5.0'
final OK_HTTP_VERSION = '3.12.0'
final MOSHI_VERSION = '1.8.0'
final KOIN_VERSION = '1.0.1'
    implementation "com.squareup.moshi:moshi:${MOSHI_VERSION}"
    implementation "com.squareup.moshi:moshi-adapters:${MOSHI_VERSION}"
    implementation "com.squareup.moshi:moshi-kotlin:${MOSHI_VERSION}"
    kapt "com.squareup.moshi:moshi-kotlin-codegen:${MOSHI_VERSION}"
    implementation "com.squareup.retrofit2:retrofit:${RETROFIT_VERSION}"
    implementation "com.squareup.retrofit2:converter-moshi:${RETROFIT_VERSION}"
    implementation "com.squareup.retrofit2:adapter-rxjava2:${RETROFIT_VERSION}"
    implementation "com.squareup.okhttp3:logging-interceptor:${OK_HTTP_VERSION}"

    implementation 'com.squareup.picasso:picasso:2.71828'

    implementation "org.koin:koin-android:$KOIN_VERSION"
    implementation "org.koin:koin-androidx-viewmodel:$KOIN_VERSION"

It does not help, when i replace the version variables with the actual version (and put the dependency in single quotes)

Jan 10 '19 10:01 chrjsorg

I, too, am missing a few licenses in a multi-module project. My app module's dependencies only consist of a few implementation project(':feature:xyz') references. Even my own OSS library that I use in this project - which certainly contains a license node in it's POM - is missing from the collection. I even added my library as a direct dependency to the app module and it's still missing.

Jan 21 '19 11:01 svenjacobs

I was able to reproduce on my end with a multi-module project. In debugging, I found that specifying something like implementation project(':library') causes an AmbiguousVariantSelectionException in the OSS licenses plugin.

Based on this post, it seems that the fix for this is using something like this instead: implementation project(path: ':library', configuration: 'default'). This got rid of the error for me, and I found that the dependencies were getting populated into dependencies.json correctly.

However, the licenses for some of the libraries were still missing, including Retrofit2. I dug further and found that Retrofit2's POM file on Maven Central and JCenter don't have the <licenses> tag, which is how this OSS licenses plugin extracts that information.

So, as far as I can tell, this is still working as designed, even for multi-module projects, assuming the default configuration is applied to the dependency specification.

Mar 27 '19 19:03 sperzion

Honest question: Won't this forced configuration: 'default' break automatic debug/release variant propagation?

Mar 28 '19 13:03 Pitel

@Pitel according to this comment, it should work. I suppose if it doesn't, you could still do it the old way. Either way should prevent the AmbiguousVariantSelectionException in the OSS licenses plugin.

Mar 28 '19 15:03 sperzion

I was able to reproduce on my end with a multi-module project. In debugging, I found that specifying something like implementation project(':library') causes an AmbiguousVariantSelectionException in the OSS licenses plugin.

Based on this post, it seems that the fix for this is using something like this instead: implementation project(path: ':library', configuration: 'default'). This got rid of the error for me, and I found that the dependencies were getting populated into dependencies.json correctly.

However, the licenses for some of the libraries were still missing, including Retrofit2. I dug further and found that Retrofit2's POM file on Maven Central and JCenter don't have the <licenses> tag, which is how this OSS licenses plugin extracts that information.

So, as far as I can tell, this is still working as designed, even for multi-module projects, assuming the default configuration is applied to the dependency specification.

@JakeWharton guessed the plugin does not read the parents pom. See this issue: https://github.com/square/retrofit/issues/2473 . This may be also the problem with other libs like dagger.

Apr 03 '19 13:04 elPatricko

Is there some way to manually add missing licenses as a workaround, preferably in the build.gradle file as a configuration for the plugin?

Jul 22 '19 00:07 estrnod

So almost a year now. Is this going to be fixed or should I look for an alternative solution? ;)

Oct 18 '19 12:10 svenjacobs

I think this is resolved with #104

Oct 18 '19 15:10 caller9

@sperzion the suggested workaround is not working as expected. After added all of the dependencies in this style implementation project(path: ':features:appLogging', configuration: 'default')

I get tone of errors like this ERROR: Unable to resolve dependency for ':app@debug/compileClasspath': Failed to transform artifact 'appLogging.aar (project :features:appLogging)' to match attributes {artifactType=jar}.

com.android.tools.build version: 3.5.3
Android Studio version: 3.5.3
Plugin name and version: oss-licenses-plugin:0.10.0
play-services-oss-licenses:17.0.0

Dec 30 '19 05:12 kyurkchyan

any solution available for this issue in multi-module projects?

Jan 10 '20 16:01 lukas1

seems like the approach suggested by @sperzion is discouraged by gradle team:

https://github.com/gradle/gradle/issues/5953#issuecomment-405209713

Jan 13 '20 16:01 lukas1

This plugin https://github.com/jaredsburrows/gradle-license-plugin/ scans parent POMs properly.

(Although it has other problems, it doesn't pick up dependencies of project dependencies when I use it)

Mar 17 '20 16:03 arekolek

play-services-plugins play-services-plugins copied to clipboard

Not all dependencies are included in OssLicensesMenuActivity

play-services-plugins
play-services-plugins copied to clipboard