From bc7bed42bd131d0338c682af82d4e49cd067d774 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 27 Mar 2025 15:13:35 +0000
Subject: [PATCH 1/2] Java: add test exercising Gradle download pruning

---
 .../java/buildless-gradle-boms/build.gradle   | 18 +++++
 .../buildless-fetches.expected                |  5 ++
 .../diagnostics.expected                      | 70 +++++++++++++++++++
 .../buildless-gradle-boms/settings.gradle     |  8 +++
 .../source_archive.expected                   |  6 ++
 .../main/java/com/fractestexample/Test.java   |  9 +++
 .../java/buildless-gradle-boms/test.py        |  7 ++
 7 files changed, 123 insertions(+)
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/build.gradle
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java
 create mode 100644 java/ql/integration-tests/java/buildless-gradle-boms/test.py

diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle
new file mode 100644
index 000000000000..c70d65bed806
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle
@@ -0,0 +1,18 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This is a general purpose Gradle build.
+ * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples
+ */
+
+apply plugin: 'java-library'
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+  api 'org.apache.commons:commons-math3:3.6.1'
+
+  api 'org.junit.jupiter:junit-jupiter-api:5.12.1'
+}
diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected
new file mode 100644
index 000000000000..7b336ba62cb6
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected
@@ -0,0 +1,5 @@
+https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
+https://repo.maven.apache.org/maven2/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
+https://repo.maven.apache.org/maven2/org/junit/jupiter/junit-jupiter-api/5.12.1/junit-jupiter-api-5.12.1.jar
+https://repo.maven.apache.org/maven2/org/junit/platform/junit-platform-commons/1.12.1/junit-platform-commons-1.12.1.jar
+https://repo.maven.apache.org/maven2/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected
new file mode 100644
index 000000000000..976e0eb08fce
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected
@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 5 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-gradle",
+    "name": "Java analysis extracted precise dependency graph information from tool Gradle"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle
new file mode 100644
index 000000000000..227c1aae87a1
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle
@@ -0,0 +1,8 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * The settings file is used to specify which projects to include in your build.
+ * For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation.
+ */
+
+rootProject.name = 'buildless-gradle'
diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected
new file mode 100644
index 000000000000..82828506b8ae
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected
@@ -0,0 +1,6 @@
+.gradle/8.3/dependencies-accessors/gc.properties
+.gradle/8.3/gc.properties
+.gradle/buildOutputCleanup/cache.properties
+.gradle/vcs-1/gc.properties
+gradle/wrapper/gradle-wrapper.properties
+src/main/java/com/fractestexample/Test.java
diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java
new file mode 100644
index 000000000000..b8dc610a62e1
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java
@@ -0,0 +1,9 @@
+package com.fractestexample;
+
+import org.apache.commons.math3.fraction.Fraction;
+
+public class Test {
+
+  public Fraction test(org.junit.jupiter.api.Test t) { return Fraction.ONE; }
+
+}
diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/test.py b/java/ql/integration-tests/java/buildless-gradle-boms/test.py
new file mode 100644
index 000000000000..bea3e5f552c0
--- /dev/null
+++ b/java/ql/integration-tests/java/buildless-gradle-boms/test.py
@@ -0,0 +1,7 @@
+def test(codeql, java, gradle_8_3):
+    codeql.database.create(
+        _env={
+            "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true",
+            "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true",
+        }
+    )

From d8f7f182a9c1bcb676f63503b2e91b5538b677e6 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 27 Mar 2025 15:17:11 +0000
Subject: [PATCH 2/2] Change note

---
 java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md

diff --git a/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md b/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md
new file mode 100644
index 000000000000..138ff89ff485
--- /dev/null
+++ b/java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* In `build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings.