Not all dependencies are included in OssLicensesMenuActivity

[mjurkus]

Describe the bug Many dependencies are missing in generated third_party_license_metadata. Among missing are:

• com.squareup.retrofit2
• com.squareup.okhttp3
• com.android.support
• com.google.maps.android

and many others.

Desktop (please complete the following information):

• Gradle version: 4.10.2
• Android Studio version: 3.2.1
• Plugin name and version: oss-licenses-plugin:0.9.4
• play-services-oss-licenses:16.0.1

[zhiqiao]

Could you post a sample build.gradle file with your dependencies so I can try to reproduce this issue? Thanks!

[mjurkus]

It's a multi-module project.

One thing is that we keep dependencies in separate gradle file and then apply from: 'dependencies.gradle' in application gradle file.

[zhiqiao]

Huh, thanks for letting us know. This may be an issue with multi-module projects. Let me ask the team to take a look.

[sperzion]

In reproducing this issue myself, I saw that retrofit2 and okhttp3 were missing from my generated third_party_license_metadata file as well, in a regular one-module project, so I don't think it's related to multi-module projects.

Looking at the source code for the way the OSS licenses Gradle plugin works, the license information is pulled from the dependency's POM file. The POM files for the latest retrofit2 and okhttp3 versions lack licenses information. This explains why these libraries are missing from the metadata file. As far as these libraries go, the plugin is working as intended.

As for the other 2 examples you cited, the Android support library and Google Maps, those worked for me. What implementation / compile directives did you use to pull those dependencies in?

[mjurkus]

implementation/api depends on the specific module. com.google.maps.android is included as implementation com.android.support dependencies are included as api

[sperzion]

Can you paste what you used, so I can try to reproduce on my end?

[mjurkus]

These dependencies are in dependencies.gradle

    api "com.android.support:support-fragment:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:appcompat-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:recyclerview-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:cardview-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:gridlayout-v7:${Versions.SUPPORT_LIBRARY}"
    api "com.android.support:design:${Versions.SUPPORT_LIBRARY}"

    //See https://developers.google.com/android/guides/setup for latest versions
    implementation "com.google.android.gms:play-services-auth:16.0.1"
    implementation "com.google.android.gms:play-services-base:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-basement:16.1.0"
    implementation "com.google.android.gms:play-services-identity:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-location:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-places:${Versions.PLAY_SERVICE}"
    implementation "com.google.android.gms:play-services-maps:${Versions.PLAY_SERVICE}"

dependencies.gradle is applied in /application/build.gradle apply from: 'dependencies.gradle'

[sperzion]

What are the values of Versions.PLAY_SERVICE and Versions.SUPPORT_LIBRARY?

[mjurkus]

PLAY_SERVICE = 16.0.0 SUPPORT_LIBRARY = 28.0.0

[mjurkus]

Did you managed to reproduce or should I create demo project to help with that?

[sperzion]

I haven't gotten around to trying, but certainly a demo project would help.

[mjurkus]

Created demo project with same configuration and everything works as expected 😕

[zhiqiao]

To clarify, the issue still presents itself in your main project, but the same config in a demo project does not have the same symptoms?

[mjurkus]

Correct.

[koji12000]

In my environment, this problem happened. I share demo project. https://github.com/koji12000/ossLicensePluginDemo

Removing below from app/build.gradle, this problem doesn't happen. implementation project(':library')

[chrjsorg]

Same issue. I also use Retrofit, OkHttp, Moshi and Picasso from Square as well as koin in my single module app. Retrofit, Okhttp, Moshi and Koin are missing. Picasso is fine.

final RETROFIT_VERSION = '2.5.0'
final OK_HTTP_VERSION = '3.12.0'
final MOSHI_VERSION = '1.8.0'
final KOIN_VERSION = '1.0.1'
    implementation "com.squareup.moshi:moshi:${MOSHI_VERSION}"
    implementation "com.squareup.moshi:moshi-adapters:${MOSHI_VERSION}"
    implementation "com.squareup.moshi:moshi-kotlin:${MOSHI_VERSION}"
    kapt "com.squareup.moshi:moshi-kotlin-codegen:${MOSHI_VERSION}"
    implementation "com.squareup.retrofit2:retrofit:${RETROFIT_VERSION}"
    implementation "com.squareup.retrofit2:converter-moshi:${RETROFIT_VERSION}"
    implementation "com.squareup.retrofit2:adapter-rxjava2:${RETROFIT_VERSION}"
    implementation "com.squareup.okhttp3:logging-interceptor:${OK_HTTP_VERSION}"

    implementation 'com.squareup.picasso:picasso:2.71828'

    implementation "org.koin:koin-android:$KOIN_VERSION"
    implementation "org.koin:koin-androidx-viewmodel:$KOIN_VERSION"

It does not help, when i replace the version variables with the actual version (and put the dependency in single quotes)

[svenjacobs]

I, too, am missing a few licenses in a multi-module project. My app module's dependencies only consist of a few implementation project(':feature:xyz') references. Even my own OSS library that I use in this project - which certainly contains a license node in it's POM - is missing from the collection. I even added my library as a direct dependency to the app module and it's still missing.

[sperzion]

I was able to reproduce on my end with a multi-module project. In debugging, I found that specifying something like implementation project(':library') causes an AmbiguousVariantSelectionException in the OSS licenses plugin.

Based on this post, it seems that the fix for this is using something like this instead: implementation project(path: ':library', configuration: 'default'). This got rid of the error for me, and I found that the dependencies were getting populated into dependencies.json correctly.

However, the licenses for some of the libraries were still missing, including Retrofit2. I dug further and found that Retrofit2's POM file on Maven Central and JCenter don't have the <licenses> tag, which is how this OSS licenses plugin extracts that information.

So, as far as I can tell, this is still working as designed, even for multi-module projects, assuming the default configuration is applied to the dependency specification.

[Pitel]

Honest question: Won't this forced configuration: 'default' break automatic debug/release variant propagation?

[sperzion]

@Pitel according to this comment, it should work. I suppose if it doesn't, you could still do it the old way. Either way should prevent the AmbiguousVariantSelectionException in the OSS licenses plugin.

[elPatricko]

I was able to reproduce on my end with a multi-module project. In debugging, I found that specifying something like implementation project(':library') causes an AmbiguousVariantSelectionException in the OSS licenses plugin.

Based on this post, it seems that the fix for this is using something like this instead: implementation project(path: ':library', configuration: 'default'). This got rid of the error for me, and I found that the dependencies were getting populated into dependencies.json correctly.

However, the licenses for some of the libraries were still missing, including Retrofit2. I dug further and found that Retrofit2's POM file on Maven Central and JCenter don't have the <licenses> tag, which is how this OSS licenses plugin extracts that information.

So, as far as I can tell, this is still working as designed, even for multi-module projects, assuming the default configuration is applied to the dependency specification.

@JakeWharton guessed the plugin does not read the parents pom. See this issue: https://github.com/square/retrofit/issues/2473 . This may be also the problem with other libs like dagger.

[estrnod]

Is there some way to manually add missing licenses as a workaround, preferably in the build.gradle file as a configuration for the plugin?

[svenjacobs]

So almost a year now. Is this going to be fixed or should I look for an alternative solution? ;)

[caller9]

I think this is resolved with #104

[kyurkchyan]

@sperzion the suggested workaround is not working as expected. After added all of the dependencies in this style implementation project(path: ':features:appLogging', configuration: 'default')

I get tone of errors like this ERROR: Unable to resolve dependency for ':app@debug/compileClasspath': Failed to transform artifact 'appLogging.aar (project :features:appLogging)' to match attributes {artifactType=jar}.

• com.android.tools.build version: 3.5.3
• Android Studio version: 3.5.3
• Plugin name and version: oss-licenses-plugin:0.10.0
• play-services-oss-licenses:17.0.0

[lukas1]

any solution available for this issue in multi-module projects?

[lukas1]

seems like the approach suggested by @sperzion is discouraged by gradle team:

https://github.com/gradle/gradle/issues/5953#issuecomment-405209713

[arekolek]

This plugin https://github.com/jaredsburrows/gradle-license-plugin/ scans parent POMs properly.

(Although it has other problems, it doesn't pick up dependencies of project dependencies when I use it)