diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle new file mode 100644 index 000000000000..c70d65bed806 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle @@ -0,0 +1,18 @@ +/* + * This file was generated by the Gradle 'init' task. + * + * This is a general purpose Gradle build. + * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples + */ + +apply plugin: 'java-library' + +repositories { + mavenCentral() +} + +dependencies { + api 'org.apache.commons:commons-math3:3.6.1' + + api 'org.junit.jupiter:junit-jupiter-api:5.12.1' +} diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected new file mode 100644 index 000000000000..7b336ba62cb6 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected @@ -0,0 +1,5 @@ +https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar +https://repo.maven.apache.org/maven2/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar +https://repo.maven.apache.org/maven2/org/junit/jupiter/junit-jupiter-api/5.12.1/junit-jupiter-api-5.12.1.jar +https://repo.maven.apache.org/maven2/org/junit/platform/junit-platform-commons/1.12.1/junit-platform-commons-1.12.1.jar +https://repo.maven.apache.org/maven2/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected new file mode 100644 index 000000000000..976e0eb08fce --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected @@ -0,0 +1,70 @@ +{ + "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java analysis used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/complete", + "name": "Java analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Reading the dependency graph from build files provided 5 classpath entries", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/depgraph-provided-by-gradle", + "name": "Java analysis extracted precise dependency graph information from tool Gradle" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle new file mode 100644 index 000000000000..227c1aae87a1 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle @@ -0,0 +1,8 @@ +/* + * This file was generated by the Gradle 'init' task. + * + * The settings file is used to specify which projects to include in your build. + * For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation. + */ + +rootProject.name = 'buildless-gradle' diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected new file mode 100644 index 000000000000..82828506b8ae --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected @@ -0,0 +1,6 @@ +.gradle/8.3/dependencies-accessors/gc.properties +.gradle/8.3/gc.properties +.gradle/buildOutputCleanup/cache.properties +.gradle/vcs-1/gc.properties +gradle/wrapper/gradle-wrapper.properties +src/main/java/com/fractestexample/Test.java diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java new file mode 100644 index 000000000000..b8dc610a62e1 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java @@ -0,0 +1,9 @@ +package com.fractestexample; + +import org.apache.commons.math3.fraction.Fraction; + +public class Test { + + public Fraction test(org.junit.jupiter.api.Test t) { return Fraction.ONE; } + +} diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/test.py b/java/ql/integration-tests/java/buildless-gradle-boms/test.py new file mode 100644 index 000000000000..bea3e5f552c0 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/test.py @@ -0,0 +1,7 @@ +def test(codeql, java, gradle_8_3): + codeql.database.create( + _env={ + "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true", + "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true", + } + ) diff --git a/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md b/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md new file mode 100644 index 000000000000..138ff89ff485 --- /dev/null +++ b/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* In `build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings.