LicenseFinder icon indicating copy to clipboard operation
LicenseFinder copied to clipboard

Published 20 hours ago verified publisher icon pivotal

LF does not run all package manager 'detectors' in sibling Multi-Project Gradle Setup

Open nkoterba opened this issue 9 years ago • 1 comments

In short, we have a multi-project Gradle Setup:

-- Root
   ---- build.gradle
   +--- A
        ---- build.gradle
   +--- B
        ---- package.json
        ---- bower.json
        ---- build.gradle
   +--- C
        ---- build.gradle

Project A: Business objects/logic Project B: Webapp "frontend" Project C: Webapp "backend"

Our Project C depends on projects A and B.

The Project C build.gradle file references them as dependencies:

dependencies {
    compile(
            project(":root:A")
   )

   runtime(
            project(":root:B")
   )
}

However, when I run license_finder in my Project C directory, I only get the gradle based dependencies from Project B. None of the npm or bower dependencies are listed. If, however, I switch over to my Project B directory, and run license_finder it shows all of the gradle, npm, and bower dependencies for Project B so I know B has npm and bower dependencies and license_finder can find them.

What's even more interesting, is if I try to use the subproject command from Project C, the only output I get is the subprojects' outputs, not also Project B's dependencies:

// In Project C directory
nk-mbp:webserver a$ license_finder report --subprojects=../B
// returns
// Only subproject B dependencies

// while
// Again, in Project C directory
nk-mbp:webserver a$ license_finder report
// returns
// Project A and C dependencies, but ONLY **GRADLE** based Project B dependencies

So a few thoughts/comments...assuming I'm currently in the Project C directory:

  1. If I run license_finder without any switches (e.g. no --recursive or --subprojects) and it's going to bring in gradle dependencies from Project B, shouldn't it also bring in B's other package_manager dependencies (e.g. npm, bower, nuget, etc.)?

  2. If license_finder is run with the --subprojects switch, should it include the current directory's dependencies as the "root" dependency project and then just append any dependencies it finds in the subprojects? Or does it only return what's specifically listed in --subprojects?

In regards to (2) above, the only way I can get all of A, B, and C's dependencies (gradle, npm, and bower), is, from Directory C, running this:

license_finder report --subprojects=./ ../B

nkoterba avatar Aug 03 '15 21:08 nkoterba

Sounds like more fishy behavior from the subprojects functionality. I'll dig in.

flavorjones avatar Dec 31 '15 18:12 flavorjones