License Management with Gradle projects is not great
I was trying to get the license management step from your Auto DevOps to work on a project that I'm creating.
My project is a plugin for the Gradle build tool and naturally uses Gradle as its build tool as well: https://gitlab.com/stfs/gradle-dependency-graph-plugin/
It's a very simple project but when I tried getting License Management working (more as an exercise than it being necessary), I noticed a few things that I think could be done better:
-
The Gradle License Management expects you to manually add a plugin to your Gradle build file that the analyzer then calls. This is not by any means clear from any documentation that I've found. It's also a bit inconvenient to have to add this to my project's build script so I'd suggest that you use an "init script" for this. I created a plugin for Gradle dependency scanning to help GitLab get that up and running and I describe this method in this comment #13075 (comment 221310863). It's also documented to some degree in the README of the plugin that I created for that purpose: https://gitlab.com/stfs/gemnasium-gradle-plugin
-
The analyzer uses Gradle 4.10. Most of the time, Gradle projects are built using the "Gradle Wrapper" which is built into the projects themselves. It would be better if the the analyzer detected whether the wrapper script ("gradlew") is present in the root directory of the project and used that rather than using the version of Gradle that is baked into the container (and in some cases not compatible with the version of Gradle actually being used to build the project).
The main reason for this would be (and was in my case) that my project may be incompatible with Gradle 4.10 as I'm using some newer version via the wrapper (in my case I was using version 5.6.2). For example, I have a dependency on a library called "org.spockframework:spock-core:1.3-groovy-2.5" which works fine in Gradle 5.6.2 as it uses Groovy 2.5. However, when the license management step attempts to run, it will fail because Gradle 4.10 uses Groovy 2.4 which would mean that the project should be dependent on "org.spockframework:spock-core:1.3-groovy-2.4".